With the ongoing brouhaha surrounding the NSA’s surveillance of everyone, everywhere, I’ve got a few friends who are getting excited about figuring out how to secure their email. I kind of want to tell them that their questions, which boil down to, “How can I send secure email,” are, in the words of Mr. Norrell, “Wrong questions.” Sure, you can use a program like GPG to encrypt your messages. But you couldn’t be bothered to use it before now; why will you use it now?
Anything that goes over the public Internet could be intercepted and looked at by Bad Guys. That’s always been true. The trust that meant we didn’t use HTTPS for most things was founded on this idea that “the government” wasn’t going to sniff everything unless someone went to a judge and convinced the judge that you were doing something nefarious. Or at least that there was some compelling reason to violate your right to privacy and security in your person and property. What the NSA has demonstrated is that the U.S. government, at least, doesn’t give a shit about that civil liberty. Going for a technical fix – making your email communications really secure and private – isn’t doing anything to address that breach of trust. You may have secure email (but I bet you won’t, or not for long) but the government is still cast in the role of “Bad Guy.”