I asked this question over on Hacker News, as well as Quora, but I thought I’d also ask it here…
The UK plans to intercept all electronic communication. They currently don’t plan to snoop on content, but as noted elsewhere connection data is just as invasive.
To me this is both a civil liberties and business risk problem. I view my list of business contacts as confidential information and I don’t trust the government not to leave this information on a train somewhere.
Legal solutions are one thing, but the snoops keep raising their heads, so my feeling is that we need to actually find a way to make this sort of thing technically impossible.
Content encryption is already largely solved, although for email we still need a critical mass of people using PGP or similar.
VPNs just seems to push the problem to another jurisdiction, and if this is an agenda all governments will one day pursue, this will become decreasingly useful.
What can an individual do to protect content and connection data? Onion routing for mail servers? Do technical solutions rely on everyone doing it and so are unlikely to get much traction?
So what are your thoughts? What can we build?
I think the best course would be to push everyone to use strong encryption, perhaps along with some sort of peer to peer email routing network (likely similar to the way Bitcoin works). I think that would be about as close to impossible to crack as anyone could get, and we already have all the tech now.
My concern with this is that it requires a critical mass of people using it before it can become useful, which is why hardly anyone encrypts their email despite the technology being around for decades.
That said, I can see businesses pushing for this technology as government surveillance would be seen as a business risk (gleaned corporate information left on train or sold to competitors)… so maybe that’s the way we can get critical mass.
GPG. Use at least 4096 bit keys and expire them after maybe three months, delete everything as soon as it’s sent or read, and use it for EVERYTHING. They wouldn’t be able to tell what encrypted messages are useful and what aren’t, and would be stuck trying to crack all of them…and since cracking just one would take every computer ever built several thousand years, that will never happen.