On the fiftieth anniversary of the I Have a Dream speech I heard a couple of interviews with Clarence Jones, a close associate of Martin Luther King who had helped Dr. King write the speech. In a blog post about Clarence Jones’ book Behind the Dream I reflected on an observation that Jones made about Dr. King’s memory. It was Jones who conveyed the Letter from Birmingham Jail to the world. He was struck by the fact that the letter was full of literary quotations that Dr. King, having no reference materials at hand, recalled from memory. Jones wrote:
What amazed me was that there was absolutely no reference material for Martin to draw upon. There he was [in the Birmingham jail] pulling quote after quote from thin air. The Bible, yes, as might be expected from a Baptist minister, but also British prime minister William Gladstone, Mahatma Gandhi, William Shakespeare, and St. Augustine.
To which I added in my post:
It’s interesting to note that the quotes Clarence Jones seems to recall being in the letter aren’t all there. I don’t find Gladstone, Gandhi, or Shakespeare. I do find, along with St. Augustine, Socrates, Thomas Aquinas, Paul Tillich, Abraham Lincoln, Thomas Jefferson, T.S. Eliot and others.
I revisited that blog post today because I heard something new in one of those recent interviews with Jones. He was sure at the time that the FBI was recording all the phone conferences in which King, Jones, and others planned the march on Washington. He was later proved right, and eventually he acquired the transcripts. From the NPR story:
All these years later, Jones is actually grateful for those wiretaps. Thanks to the FBI, he has a vast — and accurate — archive of the time.
“If I have a fuzzy memory or hazy memory, I look at it, and there’s a verbatim transcript of the conversations about a certain event, a certain person or a certain problem we were discussing,” Jones says.
The jokes practically write themselves nowadays:
@pryderide: Lost all my iPhone contacts. No backup. Anyone got the number to #NSA…? #surveillance #privacy #Snowden
@tefanauss: Introducing nsync – A command-line tool for NSA’s free backup services
@conservJ: Wondering when the email & social media sites are going to change the wording of “lost password” to “Ask the NSA”.
But seriously. Now that we know about the cloud that works against us, where’s the cloud that works for us? It exists, but it’s always been marginal and is now in great peril.
I’ve long advocated for translucent or zero-knowledge systems that manage our data without being able to read it or surrender it.
It used to be apathy that mainly blocked adoption of these systems. Nobody saw why they mattered. Now that we do, they’re suddenly on the ropes. Lavabit. Silent Circle. Will SpiderOak be next?
I’m not into outlining, therefore I’m not a user of Fargo. But if I were I’d jump on the new encryption feature. Do it even if you don’t think you’re storing any secrets you need to protect. Do it just to prove that you can do it, and to challenge those who would deny that.
4 thoughts on “Why encrypt? Because (for now) we can.”
Great post as always, Jon!
Any “because we can” encryption advice should also include choosing full-disk encryption when installing fresh Linux; this is now the default choice when installing e.g. Linux Mint 15 (“Olivia”).
Other excellent advice on protecting oneself can be had via the EFF’s Surveillance Self Defense Project.
I don’t think you can trust any service with a closed-source client (like SpiderOak) to be zero-knowledge. Even if such a service was zero-knowledge at some point (you have to take their word for it), any client update may include a secret back-channel providing the key to unlock all the data already stored with them. It does not seem prudent to assume that every service will shut down like Lavabit, and not just succumb to external pressure to compromise the service.
Excellent point Jan.
It is even worse than that – the operating system you use may actually be spying on you (the US government could, for example, force Microsoft to place a keystroke capture&report tool as a part of an update. Similarly with LastPass where all works in your browser, a sneaky forced change could be pushed to bring home the master key to all your secrets.
For software, use of open source OSes and programs can help in that they lack the uniformity of commercial OSes and programs – the diversity help protecting against comprehensive capture by a single entity.
For commercial services, an approach/architecture where control is distributed internationally across jurisdictions may help fight government misuse since, for example, a company with an internally open source development where production deployment requires cooperation between, say, a Chinese, a Russian, an Indian, an Icelander and an American will be hard to force by means of an NSL which can only affect one national at most.
It is, of course, yet another one example of where geeky people are at an advantage over regular folks. While the geeks have some means of protection (with their limits), the regular folks are helpless.