I tip my (red) hat to you, Netcraft. This is an absolutely excellent article that I recommend everybody to read. Great suff.
Millions of websites and billions of people rely on SSL to protect the transmission of sensitive information such as passwords, credit card details, and personal information with the expectation that encryption guarantees privacy. However, recently leaked documents appear to reveal that the NSA, the United States National Security Agency, logs very high volumes of internet traffic and retains captured encrypted communication for later cryptanalysis.
The reason that governments might consider going to great lengths to log and store high volumes of encrypted traffic is that if the SSL private key to the encrypted traffic later becomes available — perhaps through court order, social engineering, successful attack against the website, or through cryptanalysis — all of the affected site’s historical traffic may then be decrypted at once.
There is a defence against this, known as perfect forward secrecy (PFS). When PFS is used, the compromise of an SSL site’s private key does not necessarily reveal the secrets of past private communication; connections to SSL sites which use PFS have a per-session key which is not revealed if the long-term private key is compromised. The security of PFS depends on both parties discarding the shared secret after the transaction is complete (or after a reasonable period to allow for session resumption).
The owner of Lavabit tells us that he’s stopped using email and if we knew what he knew, we’d stop too. There is no way to do Groklaw without email. Therein lies the conundrum.
My personal decision is to get off of the Internet to the degree it’s possible. I’m just an ordinary person. But I really know, after all my research and some serious thinking things through, that I can’t stay online personally without losing my humanness, now that I know that ensuring privacy online is impossible. I find myself unable to write. I’ve always been a private person. That’s why I never wanted to be a celebrity and why I fought hard to maintain both my privacy and yours.
So the question would be… Is it excessive? Yes, it is to my taste. Is she wrong about it? Hell no. She’s taking action, which is something that very few people have done so far, and for that I tip my hat to her.
Would I do the same? No. There are ways of keeping communications private. Needless to say, they aren’t the mainstream tools or services, but they exist nevertheless. Hence, I feel it’d much more useful to put the energy into improving and promoting these safe communication methods rather than giving up.
Anyway, you should be definitely delighted the country running the clandestine mass surveillance program has a Nobel Peace Prize awarded president who furiously fight for the civil rights day in day out. Just try to imagine how fucked the situation would be if it was otherwise.