[FORGED] Re: UK To Ban Crypto In Devices, Email And More

[Joseph Gentle]

On Sun, Nov 8, 2015 at 1:10 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> Joseph Gentle <me at josephg.com> writes:
>
>>Industry grade crypto has existed for years, but things like PGP being simply
>>*inconvenient* has resulted in it having virtually no adoption. The big threat
>>to pervasive surveillance isn't pgp, its companies like apple and whatsapp
>>bringing that technology to the masses.
>
> That's a good point actually.  In my enormous to-read pile I've got "Why
> Johnny Still Can't Encrypt", and that's from fifteen years after the original
> paper on PGP's unusability was published.  It's scary to think that companies
> like Apple have done more to protect us from intrusive government surveillance
> than nearly a quarter century of PGP has, because they've made it usable by
> the masses.
>
> Peter.


Exactly.

Snowden: “Encryption works. Properly implemented strong crypto systems
are one of the few things that you can rely on.". And yet even most
email on this list isn't encrypted.

The cat and mouse game of security is fun and technically challenging.
But if you want to actually stop global attackers like the NSA, the
problem isn't that we don't have good enough crypto. Its that barely
anybody in our community also knows how to make pleasant, usable
software. We need more software like Signal (TextSecure). Not because
of its rad ratcheting OTR, but because I can get my partners to use it
without having to spend an hour explaining asymmetric key cryptography
first.

-J