Security Is Not a Compiler Flag

With the ongoing brouhaha surrounding the NSA’s surveillance of everyone, everywhere, I’ve got a few friends who are getting excited about figuring out how to secure their email. I kind of want to tell them that their questions, which boil down to, “How can I send secure email,” are, in the words of Mr. Norrell, “Wrong questions.” Sure, you can use a program like GPG to encrypt your messages. But you couldn’t be bothered to use it before now; why will you use it now?

Anything that goes over the public Internet could be intercepted and looked at by Bad Guys. That’s always been true. The trust that meant we didn’t use HTTPS for most things was founded on this idea that “the government” wasn’t going to sniff everything unless someone went to a judge and convinced the judge that you were doing something nefarious. Or at least that there was some compelling reason to violate your right to privacy and security in your person and property. What the NSA has demonstrated is that the U.S. government, at least, doesn’t give a shit about that civil liberty. Going for a technical fix – making your email communications really secure and private – isn’t doing anything to address that breach of trust. You may have secure email (but I bet you won’t, or not for long) but the government is still cast in the role of “Bad Guy.”

The right question is, “How can we trust the government, any government, not to be a Bad Guy?” GPG isn’t going to fix that, and neither is Javascript encryption of your webmail. Yes, if you actually care about the secrecy of your messages, you should encrypt them. But beyond that, you should be telling your government to get back to doing the right thing, which is protecting your civil liberties, not violating them. For me, the real question, the one beyond email privacy, is, “What other rights do you think you have but which the government doesn’t agree?” Like, for instance, your right to free speech, a speedy trial, right to counsel, trial by jury, freedom from quartering soldiers, or right to due process. You aren’t going to get the answer to that question from Javascript. You’re going to get that answer by pinning your representative down and insisting that your government do what it’s supposed to do and stop doing what it’s not supposed to do.

Talk to your representatives. Support organizations that advocate for your rights. Like, for instance, the EFF and the ACLU.

Published by pirateguillermo

I play the bagpipes. I program computers. I support my family in their various endeavors, and I enjoy my wonderful life.

One thought on “Security Is Not a Compiler Flag

Leave a ReplyCancel reply