Welcome

What's New

About This Site

About Me

Motorbikes

Unofficial Ixion FAQ

Computers

Programming

My London

Neverwinter Nights Books

Recipes

Antispam Proxy

Other Stuff

Links

Contact

Email Encryption

-- why I think it's important that emails to/from me should be encrypted. For those who are terminally lazy, rushed or illiterate, there's a one-sentence summary at the bottom of this page. And just in case you came here by mistake when looking for my PGP public key, well that's available via this link.

First of all, it's not because I think that either myself, or whoever is sending me email, is likely to be transmitting anything illegal. It's probably not even going to be anything particularly sensitive.

A couple of years ago, information started to reach the public domain of something that sounded like a science-fiction "Big Brother" scenario: a secret Government-sponsored espionage system able to silently and automatically tap in to all of the world's major communications systems: telephone, the internet, mobile telephone networks, the lot. What's more the supercomputers scanning all of this huge amount of data used advanced heuristic algorithms to try to filter out all but those messages the operators consider worth investigating.

This isn't fiction however; this is Echelon, and there is some basic information about it on the BBC News Online site here. What's more, not only is Echelon being used to listen in to the conversations of "criminals and terrorists" but evidence was growing to show that the US was using Echelon to gain information about European and Asian companies and then passing those details on to their American rivals -- industrial espionage backed by the US Government against those considered to be its allies, in other words.

The European Union was sufficiently worried about this to launch its own enquiry, even though at the time Echelon officially didn't exist. The final report into this enquiry was published in July 2001 (document A5-2064/2001) and concludes that:

"a global system for intercepting communications exists, operating by means of cooperation proportionate to their capabilities among the USA, the UK, Canada, Australia and New Zealand under the UKUSA Agreement, is no longer in doubt. It may be assumed, in view of the evidence and the consistent pattern of statements from a very wide range of individuals and organisations, including American sources, that the system or parts of it were, at least for some time, code-named ECHELON. What is important is that its purpose is to intercept private and commercial communications, and not military communications."

Why does this affect me?

OK, fair enough, the American Government has been using its technological know-how to spy on foreign companies and steal their secret information. That's very naughty but I'm just an individual. Why should I bother encrypting my emails?

The point is that if a system such as Echelon can be (and has been) used for one illegal purpose, it can be used for others. Even if you think your emails aren't important, by sending them through the internet unencrypted you are not only doing the equivalent of writing on a postcard but you're also leaving a photocopy of that postcard on a secret government spy system forever. Neither you, me, nor anyone else can say who or why that information might be accessed in the future.

OK, but I don't care if the government reads my mail

Maybe your email is perfectly innocent, and you really don't care what use it's put to, now or in the future. You should still encrypt it! The reason is quite simple: if the only emails which are encrypted are those which contain sensitive information then the spy computers can easily identify them and use their processing power to try to break the encryption. It's like a pop star or politician trying to be anonymous on the streets yet surrounding themselves with bodyguards and minders -- the very presence of the security can alert you to the possibility of something important.

However if all emails are encrypted then the spy services' job becomes much harder. They don't know which mails to use their vast but still limited processing power on, and could find that they've wasted hours of time simply to find out what time you're going down the pub. Detecting the sensitive company data then becomes much more like looking for a needle in a haystack.

At the end of the day I believe this is a simple issue of the right to privacy: a basic human right to which we are all entitled. It also has major commercial implications: industrial espionage is illegal when companies carry it out, but if a secret governmental computer system is doing the spying then who's to say what they're recording and why?

So what are you trying to say?

In a nutshell, I will send all email encrypted whenever I have the recipients' public keys, and I would prefer to receive encrypted mail. Simple really!

EFF Spinning Ribbon Logo

Creative Commons License

This work is licensed under a Creative Commons License