Bryce wrote:
The non-cpunks that I talk to frequently say that "no bad guys would bother to read my e-mail". as long as the value of reading your private e-mail is less than the cost of reading it, you can consider yourself safe.
Bad, bad assumption.
So my points are as follows:
2. To the cpunks: the _value_ of invading your privacy is not that high. There are no evil storm troopers whose full time job is to run a man-in-the-middle attack on your PGP public key, or dedicate a cracking farm to decrypting your messages, or using TEMPEST devices on your home computer or whatever. Therefore, simply encrypting your personal e-mail with a 512-bit PGP key, storing your private key on your local multi-user Unix system, and using people's public keys _without_ doing anti-Man-In-The-Middle techniques is more than sufficient to protect your privacy.
Horseshit. Send me all of the email and files from the hard drives of the NSA, CIA, FBI, and the organizations we don't know about, for the last 20 years, and then we'll talk about what evil storm troopers do, or do not, exist. Then we can begin to talk about what really trips up most fugitives/criminals/freedom-fighters--the mundane. J.Edgar Hoover didn't rise from the grave to entrap the UnaBomber with high-tech devices and an army of spooks. His own family turned him in. Four guys broke into a Vancouver bank a few years ago, spent the weekend cracking the vault and safety deposit boxes, and made a clean getaway, except one of their suitcases broke open on the trip out of town, spilling the goodies for everyone to see. They sat in jail until Monday morning, when the banks opened, and the cops could figure out who they robbed.
Now, if you use your e-mail to transmit really _valuable_ data, then that is a different story.
I submit that everyone has _really_valuable_data_, no matter what value others put on it. I would guess that there are no shortage of people who would rather have their company's data compromised, than have their spouse find their secret love-letters. The key is to be as meticulous as possible in your security precautions, because those things you have little knowledge of or control over may well be more dangerous to you than those that you don't. Case in point. I spent twenty years of my life making sure that I had extra 'butts' on me at all times, so that I would not have to face my greatest fear--going to jail without a suffiecient supply of nicotine. The one time I slipped up was when I was on 'safe' ground, in my hometown, crossing a border I had crossed every day for the last few weeks with no trouble. Then I got hauled in for a 'bad check' that was a result of a clerical error. I actually had the cancelled check in my motorhome, but the facts didn't matter--I was headed for the slam with almost no butts. An understanding Sheriff's deputy with a couple extra packs probably saved me from the death penalty for killing cops to escape and go get more butts. When you decide that you've got nothing to worry about, because the 'bad guys' aren't after you, then the 'good guys' will get you. Your wife will hire a teenage hacker to look for the secret love letters that don't exist, and turn up unrelated info that the kid will use to get a sweetheart deal when the Feds break down 'his' door. Your employer's audit of the books will point to you being a thief, and in the process of proving you innocent, will turn up evidence of your office affair, giving your spouse grounds for divorce. The people who get fucked aren't the people who 'deserved' it. They aren't the people who 'took crazy chances'. They aren't the people who 'had the most to hide'. They are the people who got fucked. The bottom line is, if you have something to hide, then hide it, and hide it well. You can be faster than a speeding bullet and leap tall buildings in a single bound, but somewhere out there is a bum going through a dumpster, and he just found a funny, glowing, green rock. -- Toto "The Xenix Chainsaw Massacre" http://bureau42.base.org/public/xenix/xenbody.html