Details on a New PGP Vulnerability - Schneier on Security by Bruce Schneier (schneier.com)

Why is anyone using encrypted e-mail anymore, anyway? Reliably and easily encrypting e-mail is an insurmountably hard problem for reasons having nothing to do with today's announcement. If you need to communicate securely, use Signal. If having Signal on your phone will arouse suspicion, use WhatsApp.

Interesting that Bruce things email encryption is a lost cause. For reasons that are mostly about ease of use.

Image CC0 via Unsplash
Trump’s Android phone has been repealed and replaced (BGR)

Just over one year ago, president Don Trump called upon all Americans to boycott Apple until the company agreed to help investigators unlock an iPhone tied to the tragedy in San Bernardino.

[exif id="21122"]

Apparently, POTUS has changed his mind. Trump’s director of social media and senior advisor Dan Scavino Jr. in a tweet in March of 2017.

I guess only elected officials are allowed to have the full rights afforded by the United State constitution.

Why am I bringing this up? Because device encryption is back in the news. From a post on threatpost:

Government and law enforcement officials may soon reignite the debate over encryption after the FBI today revealed that the dead suspect in Sunday’s Texas church shooting was using an encrypted cellphone.

FBI special agent Christopher Comb did not reveal what type of phone alleged shooter Devin Kelley was using, only that it was sent to the FBI research center in Quantico, Va.

This debate is getting tiring. When will the government realize that society can't have it both ways? If we have locks that can be easily opened by law enforcement but unexploitable by criminals. We can't have absolute security without totalitarianism. We can't have freedom without privacy.

I feel these are the same sort of people who, if it was technically possible, would build a device to rip your thoughts out of your head. Just in case. Who knows, you might be thinking of committing a crime. Wouldn't society be safer if we could just have everyone submit to a thorough mental pre-screening every day?

MacBook with lid partially closed

Encryption protects our data. It protects our data when it's sitting on our computers and in data centers, and it protects it when it's being transmitted around the Internet. It protects our conversations, whether video, voice, or text. It protects our privacy. It protects our anonymity. And sometimes, it protects our lives.

This protection is important for everyone. It's easy to see how encryption protects journalists, human rights defenders, and political activists in authoritarian countries. But encryption protects the rest of us as well. It protects our data from criminals. It protects it from competitors, neighbors, and family members. It protects it from malicious attackers, and it protects it from accidents.

Encryption works best if it's ubiquitous and automatic. The two forms of encryption you use most often -- https URLs on your browser, and the handset-to-tower link for your cell phone calls -- work so well because you don't even know they're there.

Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting.Bruce Schneier