Every Email in UK to be monitored

**CookMySock** · 17th October 2008, 10:22

Originally Posted by Cajun

but then that goes along with this (http://www.linuxworld.com.au/index.php/id;897277082)

Just destroy the key. Bin it. Toast. No key! Nada! Nein! Niet! Non! Fubared! Fuggered. Can't decrypt with no key - impossible. Never mind that spare one (encrypted also!) you archived elsewhere.

The bottom line is, its dead easy to fuck the gubbernmint or anyone else using encryption and a little enginuity. I take courses for this sort of thing.

Steve

**GaZBur** · 17th October 2008, 10:36

Originally Posted by Trouser

Encrypting is about as weak as wraping your message in clear celophane so no one can see it.

There is nothing 'they' cant decrypt.

Not at all - there is not enough processing power in the world to decrypt some cyphers depending on key size.

http://en.wikipedia.org/wiki/OpenPGP#OpenPGP

PGP is freeware and I teach a lab where we use it, however I always warn students that as we live in NZ south island ALL electronic transmissions that cross the Cook straight link are monitored by the NSA, yes that includes your phone calls. So I discourage the use of it outside a controlled network as if you travel through America and particularly if you are of an ethnicity that is not favored by the old USA you may be asked why you are sending encrypted mail! They wont know what you have written only that you have encypted it. In USA encryption software is considered legally a munition, yeah like guns and bombs.
Don't use encryption unless you need it, all emails are like postcards that can be read from any server they pass through, NOTHING you do on the internet can't be traced - given time and money of course.

**Hinny** · 17th October 2008, 10:38

I met a guy who used to have a job reading text messages. Can't remember if it was for Telecom or Vodafone.
I thought that was a strange occupation.

**phaedrus** · 17th October 2008, 10:50

Originally Posted by GaZBur

Not at all - there is not enough processing power in the world to decrypt some cyphers depending on key size.

http://en.wikipedia.org/wiki/OpenPGP#OpenPGP

Don't use encryption unless you need it, all emails are like postcards that can be read from any server they pass through, NOTHING you do on the internet can't be traced - given time and money of course.

umm, wouldn't it be better to encrypt ALL email traffic? that way the ones that need it don't stand out as interesting.

**Mr Merde** · 17th October 2008, 10:56

Originally Posted by Trouser

Encrypting is about as weak as wraping your message in clear celophane so no one can see it.

There is nothing 'they' cant decrypt.

Which is why Zimerman was tried and convicted of exporting military grade encryption product (his own product PGP). His encryption could be broken but if you used the highest level it would take a bank of super computers something like 40 years to decrypt

http://www.philzimmermann.com/EN/background/index.html

**CookMySock** · 17th October 2008, 11:00

Originally Posted by phaedrus

umm, wouldn't it be better to encrypt ALL email traffic? that way the ones that need it don't stand out as interesting.

You should encrypt all business emails regardless. It's none of anyone elses business what you say to a business associate.

You're right though - if everyone encrypts, its impossible to tell the goodies from the baddies.

$ echo "This is encrypted text" | gpg -e --armor -r steve@somehostname..co.nz
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.6 (GNU/Linux)

hQEOA/JJKX2Id04OEAP9Hchrhwp3OZsZHdcKTqHy7LqhN8BSXi3U/9+LCZPo/lZw
1h5V2XZeOiXki/WlKKnVNHHxR+qS6EMLIE8vnwb0PHnzQNqcuwXJ0LgpQHYba8a/
fowIBF7OYkpUA248Eix1pP33BvzU9N4rMH6uWFwJqLeTgirN6/4rJXNF9C8/GnkD
/izBMafy/5BBH5nbUwyZPogERtgfRPCXWzDfPtb31rFbeGEBFE8SRGyr6Vo 8cq4V
0k5DTnN9UjdNOgFIKKf/kk+eqhiS24BV0tw3L7X0PHFLczIXgIiLFXhcS9+KA4an
J3hgnZySei7+PuoysFrObQuc5oxbUomQkxhiMlc4g6sK0lEBhT hQbV12Sq7Usl7Z
26XdeZZ00Slgg+sWkHT5YW85vvGTYDhfOM/MM2xVsf3AqGaX+0Peq9Yvn97ERpv3
7igNq2JmM4/5SbOsRvsuUzfRBLc=
=8sYm
-----END PGP MESSAGE-----

Steve

**Hitcher** · 17th October 2008, 11:55

This UK Bill is a pointless waste of time and taxpayers' money.

An average TXT conversation goes something like:

A: Hey
B: Wassup
A: Nuthing
B: Wear r u
A: Out
B: OK
A: Later
B: Chur

And there are probably millions of such shared each day in the UK alone.

I am sure that Terry Wrist and his mates can find ways of communicating with each other that will flummox completely any measures the gummint may seek to employ. Chat rooms is one example. Gmail and Google Documents is another. How are they going to monitor email servers hosted outside the UK? What about Skype? What about good old-fashioned letters? What about open channel wireless Internet? Pre-pay cellphones, the list goes on.

It's bullshit.

**Mr Merde** · 17th October 2008, 12:26

Originally Posted by Hitcher

This UK Bill is a pointless waste of time and taxpayers' money.

An average TXT conversation goes something like:

A: Hey
B: Wassup
A: Nuthing
B: Wear r u
A: Out
B: OK
A: Later
B: Chur

And there are probably millions of such shared each day in the UK alone.

I am sure that Terry Wrist and his mates can find ways of communicating with each other that will flummox completely any measures the gummint may seek to employ. Chat rooms is one example. Gmail and Google Documents is another. How are they going to monitor email servers hosted outside the UK? What about Skype? What about good old-fashioned letters? What about open channel wireless Internet? Pre-pay cellphones, the list goes on.

It's bullshit.

But this is "THE Nanny State" we are talking about. WHere you are unable to go anywhere in any city without being under watch from CCTV.

Where any individualism is discouraged.

Where anyone from parts outside are welcomed with open arms as long as it isnt Aussie, NZ or Canada.

Where you are monitored from cradle to grave in case you are politically incorrect at any time or "shock, horror" a free thinker.

**CookMySock** · 17th October 2008, 12:34

Originally Posted by Hitcher

Chat rooms is one example. Gmail and Google Documents is another. How are they going to monitor email servers hosted outside the UK? What about Skype? What about good old-fashioned letters? What about open channel wireless Internet? Pre-pay cellphones, the list goes on.

Thats not "security", thats "obfuscating" it. All you are doing is talking about it behind the bike sheds, hoping no one is listening - someone will overhear or intercept it and talk.

If its meant to be private then you must encrypt, or else you are vulnerable.

Steve

**Winston001** · 17th October 2008, 12:43

Originally Posted by Hitcher

This UK Bill is a pointless waste of time and taxpayers' money.

An average TXT conversation goes something like:

A: Hey
B: Wassup
A: Nuthing
B: Wear r u
A: Out
B: OK
A: Later
B: Chur

And there are probably millions of such shared each day in the UK alone.

I am sure that Terry Wrist and his mates can find ways of communicating with each other that will flummox completely any measures the gummint may seek to employ. Chat rooms is one example. Gmail and Google Documents is another. How are they going to monitor email servers hosted outside the UK? What about Skype? What about good old-fashioned letters? What about open channel wireless Internet? Pre-pay cellphones, the list goes on.

It's bullshit.

Mmmm....and for the first time, I'm beginning to feel uncomfortable about the right of the State to intercept private information. Its becoming too broad. The argument goes that if you are doing nothing wrong, you have nothing to worry about.

But what if you simply want privacy? And who decides that your messages/conversations might be indicative of criminal intent? The threshold for Big Brother to tap any of us on the shoulder is lowered.

I agree Hitcher that filtering all the chatrooms, phone calls etc takes an enormous amount of computer power - but it's not impossible. Especially when the new generation of quantum computers arrive.

There will still be ways around it but that assumes all criminals/terrorists/badasses are clever. They simply ain't.

**Gremlin** · 17th October 2008, 13:15

Being in IT, I'm more interested in just how they are going to keep things, pick up the mail during transit etc.

We run a couple of dedicated servers purely for email on behalf of our clients, which does filtering etc. 80-90% comfortably of it is spam, and the rest fills gigs of notepad format files (ie, it takes a lot to get that size) a month, and we're no stitch on xtra/orcon/ihug etc. Mind you, we also keep logs and data for years, so it increases the requirements.

We can already see some emails never really traversing much of the world, as they send through us, process by us, and reach target through us

We're like a mini world

**davereid** · 17th October 2008, 15:21

Originally Posted by phaedrus

umm, wouldn't it be better to encrypt ALL email traffic? that way the ones that need it don't stand out as interesting.

Yeah, good idea... even if the government did grab a copy of every email... even if it only cost them $2 and 30 seconds to decrypt it, they would soon give up.

It actually surprises me that PGP is simply not built in, and automatic, in your email program.

To be at its best, PGP needs a reliable third party to check your public key against, thus proving you are indeed who you say you are.

But for simple "1st communications" it could be automated with a random PGP key generated automatically by your pc.

ie..
- I write you a plain text email and press send.
- My email program DOESNT send the email ... it justs sends a request to you for your public key
- You don't have to read my request - your email program reads the request and forwards the public key
- My email program then sends the encrypted message

It would also end spam ... as spammers would need a valid return address to get your public key.

Real "secure" and third party verified PGP keys could be sent for later messages after you have determined you wish to stay in contact with the sender.

**phaedrus** · 17th October 2008, 17:56