Using encryption? You're suspicious

Yesterday more details on the NSA’s secret and illegal monitoring activities were revealed. (Yes, the NSA revealed some things themselves, but as far as I can tell, that was only a conciliatory effort and didn’t actually reveal more details – just more talk.)

Remember my recent series of blog posts, where I claimed that privacy in today’s world is impossible without trustworthy hardware/software, privacy is impossible unless it’s default, and privacy is essentially unachievable because of the scope of the problem, and the way we’ve built our society and technologies?

I also said that those who use privacy, which is non-default, are making themselves targets for surveillance:

But if you and I use this technology right now to encrypt our communications, we’ll actually make ourselves more interesting targets. That’s partially because we’d be among the few people doing so. Have you ever noticed that nothing draws attention like whispering in a public place? I don’t know what proportion of ordinary email between everyday people is encrypted, but if pressed, I’d guess it’s fewer than one email in 50,000.** That’s an extraordinarily strong signal to authorities looking for needles in the haystack of Internet activity**. I wouldn’t be surprised if the NSA has large-scale brute-force encryption-cracking clusters dedicated to forcibly decrypting the few encrypted emails that wend their way around the Internet.

Yesterday, yet another ugly NSA slideshow was made public. Take a look at slide 15:


Look at the following slides, too: they discuss decrypting people’s encrypted activities to inspect. Refer to the closing sentence of my quoted paragraph above. Read the full article, linked at the top of this blog post. The amount and specificity of surveillance being performed is stunning.

Am I psychic? No, this stuff is pretty obvious. As I said previously, it’s inevitable. Nothing is going to stop these agencies from doing this stuff. If it’s resisted strongly enough, they’ll just knuckle down and do it more and more secretly. They won’t stop doing it; they will just try to stop being caught in the act.

I'm Baron Schwartz, the founder and CEO of VividCortex. I am the author of High Performance MySQL and lots of open-source software for performance analysis, monitoring, and system administration. I contribute to various database communities such as Oracle, PostgreSQL, Redis and MongoDB. More about me.