Hello everyone, you have likely all heard about the scandal regard the NSA listening in on calls of various heads of states, particularly that of the German Chancellor Angela Merkel's phone. What ever your opinion might be regarding the issue of bugging phones of friendly partner nations politician and whether you may consider it as "normal and everyone does it" or "unheard of", there seems to be another dimension to the scandal that I think might be of interest to this list. Although I don't think there are yet enough information publicly available to say what actually happened and what phones exactly were effected, but all indications appear to point to that it wasn't the Chancellors highly secured official government phone, but a private party phone that she uses all the time. Again, I am not aware of details yet of how that phone was secured, but media reports appear to suggest it might have been a standard smartphone using entirely unsecured plain phone lines and text messaging. So despite the German government spending 10s of millions of Euros to develop and purchase highly secure phones, it appears many of the ministers aren't actually using them. Indeed, the German secretary of commerce (Philip Roesler) was supposedly quoted as saying "Everyone knows that we are using our private phones, despite it being illegal" [my own translation from an indirect quote in German]. The media have so far mostly given as explanations for this astounding ignorance towards the risks of data security amongst politicians to be due to the "complicated and tedious procedures" involved in using cryptographically secured communications channels. The media are writing about how terribly complicated and inconvenient using secure phones are and I have read claims that e.g. the security features add latency of up to 1s or more and one has to "learn how to speak correctly to overcome such high latencies". Furthermore, because secure phones are so expensive (several 1000s of Euro's per phone), "no one" has them and because obviously both communications partners need them, secure phones are "close to useless". None of these claims and news articles are likely to help get more people to secure their electronic communication. Unfortunately, I haven't seen the main stream media ever talk about some of the great software out there like that of the guardian project, and that e.g. using CSipSimple or Jitsi via ostel to get an encrypted phone call is actually really pretty simple. Or how TextSecure or ChatSecure allow to use encrypted messaging with very little additional overhead. Do people know if there are efforts underway to try and counter this general impression of "cryptography is too hard and cumbersome to use"? And try and convince the media to report more positively about the available tools to secure ones communication? Are there other ways to influence public opinion that cryptography isn't that difficult to use and it is worthwhile doing? And that thanks to various opensource projects there are various high quality, standards compliant / inter-operable solutions available at no extra cost? Kai _______________________________________________ Guardian-dev mailing list Post: Guardian-dev@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: Guardian-dev-unsubscribe@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen%40leitl.org You are subscribed as: eugen@leitl.org