> P.S.1. Having an occasion now, I just want to say to you, Robert, a > big and sincere "Thank You!" for your articles on this mailing list.
Uff da meg. "Articles." If my posts have reached that level of wordcount, then I definitely need to work on making them shorter. :) > The impulse for writing my first post in this thread was frustration > about a "technological" treatment that privacy often receives, and > about a lobby that tries to tell everybody to encrypt everything, I don't doubt the existence of this part of the community, but I don't share in their views. In fact, I think those views are genuinely harmful to the advance of privacy and confidentiality. My position is simple: I want people to understand the realities of electronic communication, the risks they're facing, what technologies and methods exist to mitigate these risks, and the prices of these technologies and methods. Few people are responsive to a would-be nanny telling them what they should be doing. My doctor tells me that my cholesterol is on the high side and I should rethink my meat intake: I sometimes think about him as I'm eating a hamburger. Same thing with privacy advocates who tell people what they should be doing. I think the best that can be done is to give people information, and let them draw their own conclusions. This, unfortunately, means that most of your post is -- it's not irrelevant or ill-considered or anything else like that. It's just that we're coming at it from such divergent perspectives there's not much I can really say about it. My position is simple: provide information and let people make their own calls. What people should do, or what we as a community should be advocating, is really not my lookout. > For this writing, I have read all the other articles mentioned in > someone's earlier post. Thank you -- seriously. As I said above, I think that information and education is the best thing we can do. That applies to ourselves as well. :) > It might sound paradoxical, but openness is what protects us in our > lives. I generally agree with you here. If you haven't read David Brin's _The Transparent Society_, I think perhaps you'd enjoy it: it covers a lot of these subjects (and many more) in detail. I don't agree with Brin, but he definitely has ideas worth considering. Personally, I side more with those who believe that a proper balance between privacy and transparency is what protects us. The problem here is that my interest in transparency may conflict with your interest in privacy -- making it an extraordinarily difficult interaction of interests to balance. Schneier's _Liars and Outliers_ discusses this in more detail: again, you might enjoy it. > Do we really have evidence people can't encrypt? Although anecdotes are not the same as data: My first year of teaching I was assigned to a freshman (university first-years, for those outside the United States) Computer Literacy course. On the first day of class I asked thirty-five freshmen if anyone had brought a computer to class. Three hands went up. I then asked if anyone brought a cell phone to class. Thirty-five hands went up. I asked one student at random, "So why isn't a cell phone a computer?" His answer was, "Because it can only surf the Web. You can't write a term paper on it or anything like that." When I asked for a show of hands for who agreed with that statement, probably two-thirds of the class agreed with it. In my experience -- which is absolutely *not* the same as peer-reviewed research, don't mistake me -- most people don't even know what a computer is, except in a very superficial "it's a box with a keyboard and a monitor attached" sense. So, yes, given the truly dismal state of computer literacy today, I think it's reasonable to conclude most people can't encrypt. Close to the end of that semester I taught the students about S/MIME (not OpenPGP -- S/MIME is much better supported by email clients). The majority were able to get S/MIME certs and install it in their email clients, but it did take four hours of classroom lecture to get them to understand what encryption was, what a signature was, and so on. > Can you imagine a responsible person exchanging sensitive > information, while not being certain what he does is safe? Happens all the time. Today I had to give my Social Security Number to a government agency over the telephone: I had no way of verifying the person I was talking to really was a government employee. For all I know he was working with a Chechen organized crime syndicate. But, after reflecting on the risks, I decided to accept the risk and go on. So, yeah, I can imagine it quite easily. The problem isn't the lack of certainty that what we're doing is safe: the problem is the incorrect certainty that we are safe, that what we're doing can never come back to bite us. > As I said, for me to be able to use encryption means more than > knowing which buttons to click. Sure, but in their defense, they weren't interested in seeing which users were capable of walking on their own -- they were interested in seeing which users were capable of standing on their own. Have to learn to stand before we learn to walk, learn to walk before we learn to run, and all that. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
