The Heat Came 'Round and Busted Me For Smilin' On A Cloudy Day
← February 14, 2017 →
There's a cryptographically signed version, too.
There is a war coming on general-purpose computing. It starts with, of course, forcing child pornographers to provide evidence against themselves and fighting terrorism. We have progressed into demanding a scientist’s telephone and passwords at the border, demanding access to citizens’ social media, and using log files from a person’s implanted medically-necessary heart monitor to indict them. It creeps in as Hollywood and the RIAA search for ways to make your web browser obey them, rather than obey you.
General purpose computing is essential for freedom of thought, freedom of speech, and freedom of association. Only if you can trust your computer—only if your computer obeys you alone—is it a reliable means of resistance. Compromised electronics can be used as means of surveillance, blackmail, identity theft, and other terrible compromises. Strong cybersecurity and the ability to freely encrypt is essential. Moreover, as electronics become further integrated into human identity, their compromise amounts not just to the compromise of the unchangeable biometric data that might be used to unlock your phone, but to the compromise of the self. Indeed, I already anthropomorphize my computer as… me. I browse the web. I check my email. I post on Facebook. The computer is a transparent medium for the projection of my will and identity.
There is some concern that strong encryption poses a challenge for law enforcement, and that therefore we need some kind of compromise. You hear complaints about “going dark”. You hear police departments and the FBI make suggestions that we come up with alternative encryption standards that can be broken with a warrant. You know who never makes these suggestions? The NSA. NIST. The experts. The mathematicians who study, design, and attempt to break cryptosystems all agree that any possible government mandate for access simply provides a route for hostile attack. If you roll your eyes when people deny climate change, remember that searching for political compromises around encryption is literally math denialism, and the foundations of mathematics are substantially stronger than those of climate scienceI'm not trying to undermine climate science with this comparison. . Moreover, there’s the gun control analogy: if strong encryption is criminalized, then only criminals will have the protection of strong encryption.
So what can be done? We can adopt widespread encryption across the internet. We can make security-conscious design decisions. We can adopt free software whenever possible and recognize that its motivating principles are aligned with social justice. We can use encrypted communications channels by default even when we don’t need security, to help obscure those who do. I donate to the Electronic Frontier Foundation, the Free Software Foundation, and the Internet Archive. We must adopt the mindset that even though we might have nothing to hide, we value our privacy. We can insist that our politicians embrace cybersecurity rather than attempt to fundamentally undermine it. We can value our metadata.
Public key cryptography is a method by which you can encrypt a message with a public key, but that same key cannot be used to decrypt it—for that you need the private key. This is an excellent tool for establishing a secure channel across an unsecure channel. The private key can be used to encrypt a message that can be decoded with the public key, providing a cryptographically secure signature. This is signed with my public key, and the cryptographic signature is at the bottom.
My PGP public key, which I generated in 2013, recently expired. In the four years that passed since it was first generated, nobody ever needed it. Nevertheless, here is my new one:
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - https://gpgtools.org
- -----END PGP PUBLIC KEY BLOCK-----
It has fingerprint 7171 57C8 50B6 0C96 FB21 C9EA 7C82 C5B5 4672 A784. The private key is… just kidding. You can verify it on any of the public key servers—I default to the MIT key server.
The current situation is a nightmare come true. We must value and defend our civil liberties. We must put our foot down, or imagine a boot stamping on a human face – forever.
← February 14, 2017 →