Deep down inside me is a paranoid freak. I know, this may come as a big surprise to many of you, but there it is. Being in technology, I know how insecure and un-private our lives and communication are. *I* could snoop on the emails or phone calls of the average American, and by no means do I consider myself even all that knowledgeable about it. And if I can do it, you’d better believe that the government, or the identity theives (which I think is much more likely) can do it.
The average American doesn’t think about the fact that nearly everything they do on the Internet, and ALL of what they say on the phone goes out into the world in the clear, un-encrypted.
So how bad a thing is that? Well, if you never say or write anything you wouldn’t say or write in a crowded bus terminal, it’s not bad at all. But wouldn’t it be nice to be able to securly swap emails with your insurance agent? Or your mortgage banker? Wouldn’t it be nice to be able to talk on the phone with your brother about how to deal with your parents estate, and not have to worry about someone tapping your line?
More and more people are moving away from POTS toward VoIP. The government wants to keep VoIP out from under the regular phone tapping laws, so they can tap them legally any time they want. And who decides what a "phone" is at that point? Is using the voice stuff in AOL instant messenger a "phone"? Is it subject to tapping laws?
So, my thoughts for email are that we already have perfectly capable encryption stuff available. gpg works well on all common platforms, and PGP works well in mac/win and is compatable with gpg. All we need to do is make it so companies start using it, and make it BRBE for people to use. It’s pretty close to that easy with Thunderbird right now.
As for the phone stuff, encrypted POTS stuff is a pain. You need extra hardware, and no-one wants that. But encrypted VoIP should be relatively easy, since it’s all in the software. Say for instance that Vonage and Linksys were free from any legal fetters, how hard would it be to create a public key for every customer, and put it on their box? Then anytime one Vonage customer calls another, *poof*, it’s encrypted.
Now, we all know that that would only prevent the Bad Guys from tapping, since the government would simply go right out and get a court order. And how hard could it be for the Bad Guys to fake that?
So what then? I submit, dear reader, that at some point someone is going to make a plugin for something like Skype, or perhaps even a completely new VoIP application that does good encryption, with keys created and passed around by The People, similar to gpg keys. This makes it a far more distributed system, one which the Guvmint can’t get a court order to tap without the end user knowing about it.
This kind of thing is going to be invented and used by the Bad Guys long before it’s available to the skrink-wrap public. Probably before it’s even common in the open source geek world.
One part of me thinks "It’ll never happen, it’s too much work for not enough benefit". Another part of thinks that there are enough privacy freaks in the world that it can’t NOT happen at some point.