May 25, 2017

Why King George III Can Encrypt

[This is a guest post by Wenley Tong, Sebastian Gold, Samuel Gichohi, Mihai Roman, and Jonathan Frankle, undergraduates in the Privacy Technologies seminar that I offered for the second time in Spring 2014. They did an excellent class project on the usability of email encryption.]

PGP and similar email encryption standards have existed since the early 1990s, yet even in the age of NSA surveillance and ubiquitous data-privacy concerns, we continue to send email in plain text.  Researchers have attributed this apparent gaping hole in our security infrastructure to a deceivingly simple source: usability.  Email encryption, although cryptographically straightforward, appears too complicated for laypeople to understand.  In our project, we aimed to understand why this problem has eluded researchers for well over a decade and expand the design space of possible solutions to this and similar challenges at the intersection of security and usability.

[Read more…]

Groklaw Shuts Down, Citing NSA Eavesdropping

The legendary technology law blog Groklaw is shutting down. Groklaw’s founder and operator, Pamela “PJ” Jones, wrote that in light of current eavesdropping, email is no longer secure. She went on to say:

There is no way to do Groklaw without email. Therein lies the conundrum.
[…]
What to do? I’ve spent the last couple of weeks trying to figure it out. And the conclusion I’ve reached is that there is no way to continue doing Groklaw, not long term, which is incredibly sad. But it’s good to be realistic. And the simple truth is, no matter how good the motives might be for collecting and screening everything we say to one another, and no matter how “clean” we all are ourselves from the standpoint of the screeners, I don’t know how to function in such an atmosphere. I don’t know how to do Groklaw like this.

I can’t help thinking that there might be more here than meets the eye.
[Read more…]

Joisy on my mind

Like everyone interested in the mechanics of elections, I’ve been fascinated by the New Jersey efforts to allow voters to request and submit ballots via email. In this posting, I’d like to address four brief points that I don’t think have received much attention – the first two policy, and the last two technical.

First, the New Jersey directives have been inconsistent in how they’ve treated the requirement for returning paper copies of ballots submitted by email. For good reasons, New Jersey law requires that hardcopies be submitted to the local elections office, to be postmarked not later than election day. But some of the releases from the Lieutenant Governor’s office have mentioned this requirement, and others have been silent. In particular, the final release, put out mid-afternoon on Election Day, says nothing about the topic, when it extended the deadline for returning the email copy to the end of Friday. I expect that the majority of email ballots will not have corresponding hardcopies returned, which should (if the law is followed) result in the email copies being discarded.
[Read more…]