[guardian-dev] Perception of cryptography being to complicated to use...

Kai Krueger kakrueger at gmail.com
Sun Oct 27 23:38:54 PDT 2013 

Hello everyone,

you have likely all heard about the scandal regard the NSA listening in
on calls of various heads of states, particularly that of the German
Chancellor Angela Merkel's phone.

What ever your opinion might be regarding the issue of bugging phones of
friendly partner nations politician and whether you may consider it as
"normal and everyone does it" or "unheard of", there seems to be another
dimension to the scandal that I think might be of interest to this list.

Although I don't think there are yet enough information publicly
available to say what actually happened and what phones exactly were
effected, but all indications appear to point to that it wasn't the
Chancellors highly secured official government phone, but a private
party phone that she uses all the time. Again, I am not aware of details
yet of how that phone was secured, but media reports appear to suggest
it might have been a standard smartphone using entirely unsecured plain
phone lines and text messaging.

So despite the German government spending 10s of millions of Euros to
develop and purchase highly secure phones, it appears many of the
ministers aren't actually using them. Indeed, the German secretary of
commerce (Philip Roesler) was supposedly quoted as saying "Everyone
knows that we are using our private phones, despite it being illegal"
[my own translation from an indirect quote in German].

The media have so far mostly given as explanations for this astounding
ignorance towards the risks of data security amongst politicians to be
due to the "complicated and tedious procedures" involved in using
cryptographically secured communications channels.

The media are writing about how terribly complicated and inconvenient
using secure phones are and I have read claims that e.g. the security
features add latency of up to 1s or more and one has to "learn how to
speak correctly to overcome such high latencies". Furthermore, because
secure phones are so expensive (several 1000s of Euro's per phone), "no
one" has them and because obviously both communications partners need
them, secure phones are "close to useless".

None of these claims and news articles are likely to help get more
people to secure their electronic communication.

Unfortunately, I haven't seen the main stream media ever talk about some
of the  great software out there like that of the guardian project, and
that e.g. using CSipSimple or Jitsi via ostel to get an encrypted phone
call is actually really pretty simple. Or how TextSecure or ChatSecure
allow to use encrypted messaging with very little additional overhead.

Do people know if there are efforts underway to try and counter this
general impression of "cryptography is too hard and cumbersome to use"?
And try and convince the media to report more positively about the
available tools to secure ones communication?

Are there other ways to influence public opinion that cryptography isn't
that difficult to use and it is worthwhile doing? And that thanks to
various opensource projects there are various high quality, standards
compliant / inter-operable  solutions available at no extra cost?

Kai



_______________________________________________
Guardian-dev mailing list

Post: Guardian-dev at lists.mayfirst.org
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev

To Unsubscribe
        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
        Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen%40leitl.org

You are subscribed as: eugen at leitl.org

More information about the cypherpunks mailing list