Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Guardian reporter delayed e-mailing NSA source because crypto is a pain

Sheila Parks sheilaruthparks at
Wed Jun 12 03:15:30 PDT 2013

Why not use "her" instead of "his"?

Using "his" in 2013 is, indeed,  misogyny


At 04:05 AM 6/12/2013, you wrote:
>Let's first have context -- at this time I am a 30 year old 
>journalist. But (to establish my geek bona fides) shortly after I 
>could legally drive, but long before I could vote, I went through 
>the process of becoming a registered Debian Linux developer.
>Then, as is the case now, to achieve that status, one needs to have 
>their GnuPG key (back then PGP) signed by a fellow developer who has 
>verified their identity.
>While I had undergone the process with my PGP key back when I was a 
>high school student, by the time Debian made the switch to GPG (as I 
>recall for ideological reasons surrounding PGP's license) I was at 
>university with far less free time, and learning crypto software or 
>getting your keys exchanged and signed wasn't easy. And so I never 
>made the time to learn the new software until recent events led me 
>to revisit my options.
>I haven't been a regular Linux user since 2001 (switched to Apple) 
>but I've tried available tools for Linux and what's out there for 
>Mac OS, even trying to compile some F/OSS solutions from scratch on 
>Mac OS. And to be honest, despite all the innovations in user 
>interface over the past 12 years, the situation doesn't look to have 
>changed much since 2001.
>Now, I realize that for someone whose very life might depend on 
>strong encryption that works, their incentive to learn even the most 
>arcane and user-unfriendly software could be high enough to overcome 
>any resistance due to either inertia, poor design, or any other 
>conceivable reason why Joe Public wouldn't make everyday use of the stuff.
>These days I'm a journalist, and while my work has rarely taken me 
>into places or subjects where encryption is needed, recent events 
>have inspired me to venture back into the available tools to see if 
>I could make using email with strong cryptography easy enough that I 
>could suggest it to regular sources for everyday use.
>It still sucks. What exists is godawful at worse and cumbersome at best.
>For a cryptosystem to really, and I mean really become widespread 
>enough to make an impact, it needs to be designed and implemented in 
>such a way that a given user who wants to add that level of security 
>to his** email need only install at the very least some manner of 
>plugin to an existing client, or at most switch to an easy to use 
>replacement which has that functionality built in seamlessly. Key 
>exchange would have to be as easy as forming connections on a social 
>network. Heck, a crypto-social network might be the best way to 
>jump-start such a thing.
>But let's be honest here -- I think we all are aware on some level 
>or another that even if one was able to develop and deploy the 
>easiest software imaginable (say, Apple's "iCrypt" that they'd 
>allowed to be vetted, even made key parts open source)  and the most 
>robust algorithms known to man, it's not enough that it be easy to 
>use -- it has to become widely adopted, at least among enough of the 
>population that assuming easy key exchange, it would become a 
>non-event for someone to send or receive an encrypted message. It 
>would have to definitely be widespread enough that, if we also 
>assume pervasive surveillance -- at least on a passive "filtering" 
>level of some kind -- that to see cyphertext being transmitted back 
>and forth would be common enough that it wouldn't raise alarms or 
>attract attention of any sort.
>Let's get real -- assuming surveillance is the new normal, isn't it 
>more likely that cyphertext in the datastream is -- at least as of 
>this day and time -- more likely to attract attention from 
>authorities than say, quality steganography or something like a 
>carefully designed and well executed book code?
>Maybe the idea of pervasive surveillance and any resulting 
>discomfort will raise interest in easy encryption among the general 
>public, but given the state of the current crypto toolbox, I doubt it.
>**for those who are PC-inclined, please note I use "his" alone not 
>out of misogyny but for brevity and clarity.
>On Jun 11, 2013, at 9:56 PM, Kate Krauss 
><<mailto:katie at>katie at> wrote:
>>It's really easy to use these tools if you already know how to do it.
>>Otherwise they are often complicated and unintuitive. For some of 
>>us, they represent an academic field or a fascinating hobby. For 
>>others, they are the keys to survival.  Hubris--and not really 
>>caring whether they work or not for non-geeks--is an obstacle to security.
>>Most activists and journalists don't care how interesting these 
>>tools are, as long as they can get them to work. If they were as 
>>simple and stupid as AOL circa 2000, that would be great.
>>This is the beauty of cryptoparties--people can sit next to you and 
>>talk you through it. Thanks, Asher Wolf. That is often all it 
>>takes. Otherwise, tiny glitches or misunderstandings can put them out of reach.
>>A security workshop my group organized a couple years ago included 
>>lots of geeks ANDS lots of on-the-ground activists (of many 
>>stripes, including technophobes) who were teaching each other with 
>>the help of two excellent, feminist lead teachers who are good 
>>listeners. That also worked well and permanently evangelized 
>>everyone about the importance of activism around this issue.
>>Yet this is also a capacity problem. There is the equivalent of a 
>>fleet of bicycles building online safety tools. And well-paid 
>>armies of spies trying to defeat them.
>>One way to judge the effectiveness of cryptographically (?) sound 
>>tools is not by how cool they are in theory but by how many regular 
>>people can figure out how to use them the first time, without help. 
>>We can test this and rate the tools.
>>Another obvious answer for increasing these tools' legibility is to 
>>convene test groups--perhaps this is already happening?-- of 
>>regular people and non-geek activists to try them out. And watch 
>>those people in action--see what keys they press, see where they 
>>pause. And then iterate. Startups do it, and so can we.
>>There can be no security if the tools don't scale.
>>Katie Krauss
>>AIDS Policy Project
>>On Tue, Jun 11, 2013 at 7:54 PM, Nadim Kobeissi 
>><<mailto:nadim at>nadim at> wrote:
>>This story really solidifies why I believe that we need to make 
>>privacy technologies accessible to journalists, instead of simply 
>>focusing on the other way around.
>>Glenn Greenwald had to substantially delay his communications with 
>>Edward Snowden due to how inaccessible a lot of privacy and 
>>encryption software is to use.
>>Our main and primary goal at Cryptocat has been to focus on making 
>>encrypted communications accessible, easier to use and fun and 
>>attractive. We've always believed that accessibility is a security 
>>feature, and this idea is at the core of our project.
>>Too many emails? Unsubscribe, change to digest, or change password 
>>by emailing moderator at 
>><mailto:companys at>companys at or changing 
>>your settings at 
>>Too many emails? Unsubscribe, change to digest, or change password 
>>by emailing moderator at 
>><mailto:companys at>companys at or changing 
>>your settings at 
>Too many emails? Unsubscribe, change to digest, or change password 
>by emailing moderator at companys at or changing your 
>settings at

Sheila Parks, Ed.D.
Center for Hand-Counted Paper Ballots
Watertown, MA  02472
617 744 6020
sheila at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list