[pp.int.general] FRA Warning

[Per von Zweigbergk]

31 dec 2008 kl. 09.04 skrev Christian Hufgard:

>> Well, just until /Lex Orwell/ gets revoked, for relevant mails -if  
>> any-
>> we may use GnuPG. Regards,
>
> Any ideas how to encrypt mails sent to a mailinglist? :)


Really, encryption like GnuPG isn't really relevant here. What FRA is  
most interested in, is to build "sociograms" -- diagrams detailing who  
is communicating with whom. When using a system like GnuPG, the sender  
and receiver of the e-mail (and even the subject line) is visible.  
GnuPG does absolutely nothing for the possible lurkers on this e-mail  
list who wish to stay out of the Pirate Party's sociogram.

What's worse, something like GnuPG can actually make verifying the  
sender of the e-mail easier, because it is cryptographically signed --  
there's no plausible way to deny sending the message. Also, the  
compromise of a single private key can expose a large history of sent  
and received e-mails if the attacker has gathered the cryptotext. No,  
something like GnuPG is definitely not useful in our case.

What GnuPG is useful for, however, is to communicate moderately secret  
information where it is absolutely not important to be anonymous in  
the transaction. It is a useful tool to protect against sensitive  
information to get caught in a packet sniffer, or to stop your e-mail  
administrator snooping around in your e-mail. It is not a bulletproof  
solution to evade state surveillance. For that, you need to create a  
pseudonym and use something like Tor. (GnuPG is a useful tool here to  
ensure that your pseudonym isn't hi-jacked, if this is your goal.)

-- 
Per von Zweigbergk

VARNING: E-post till och från Sverige, eller som passerar servrar i  
Sverige, avlyssnas av Försvarets Radioanstalt, FRA.
WARNING: E-mail to and from Sweden, or via servers in Sweden, is  
intercepted by the Swedish National Defense Radio Establishment.