Thread

Techie solutions

Grant Denkinson, 01 Nov 2005 17:12:32

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As far as I am aware, a brute-force breaking of PGP with a
reasonable key length is out of the range of conventional computers
and is likely to remain so. The source code is available for you or
others to see so if you or anyone else has evidence of flaws that
information can be published.

There are programs that encrypt whatever goes onto a particular
area of storage so you don't need to worry about secure deleting.
Programs such as Rubberhose allow
several layers of encryption. You can give a key that will allow
some decryption but not all, the idea being that an attacker can
never prove there is or is not more data on the disk. There will
always be a little encrypted data even when you have used all of
the keys. Measures to protect hard disks are only relevant if you
are targeted that way. If authorities can get your internet
provider to say what you have downloaded, this could be seen as
evidence without needing to get hold of your computer data.

Programs such as PGP can encrypt messages sent by email etc. and
will stop evesdroppers reading them in transit. Services such as
hushmail use it for web-based email.
This doesn't stop traffic analysis: records of who you have been in
contact with. There are ways of remailing messages through several
sites to frustrate this, but I think they are currently little
used, not user-friendly and possibly vulnerable. I'm not up on that
side of the technology right now.

The music industry's attack on free sharing of their copyright
works has led to the development of new generations of distributed
and perhaps anonymous file sharing systems, eg
I'm reading up on them as a possible
technical response to mass surveillance / censorship. There are
also proxy services that promise anonymous web surfing, e.g.
These may be promising but may also be
too few in number and centralised to withstand an attack from a
reasonable size government.

I think technologies that protect against state mass-surveillance
might be more acceptable to the public than protecting individuals
from personal and well resourced attacks on their privacy with
legal backing.

At this stage in the campaign, I'm not looking too heavily into
technical solutions to censorship - just enough to know they exist
and could be developed and help the internet "treat censorship as
damage and route around it" and can let politicians and the public
know that.

Grant
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkNnodQACgkQSzjoXPuqpBf5tACdGfopmISOMoORetndnhBVInxXslsA
nRT7lpx8DoiIvfK8hSClC9M/lPks
=2hvw
-----END PGP SIGNATURE-----