The more you know

I just watched a 45-minute ACLU video on how to assert your rights during police encounters. It reviewed the 4th, 5th, and 6th amendments, complete with reenactments and alternate re-reenactments. It was fairly cheesy production-wise, but an important message in my opinion.

One thing that bothered me though, is that in most of the scenarios presented, the targets of police attention actually did appear to be guilty of some crime. The white kids driving to the concert did have pot in the car, for example. They had everything to lose by consenting to a search. And so the video could have been titled “How to get away with doing illegal stuff.”

This is unfortunate, because one could easily come away from watching this video with the all-too-common sentiment “if I'm not doing anything wrong, then I have nothing to fear.” What is much more interesting to me is persuading people that it's vital that we assert our rights even when we're not doing anything wrong.

Lately I've been trying to promote signed and encrypted email again, among less technical friends. And I routinely encounter the similar sentiment, “My email is just not that personal or interesting.”

I first used email in 1991, and first learned about strong cryptography (PGP) in about 1992. I was thrilled, and I immediately dashed off encrypted messages to my good friends Alice and Bob. If you had told me then that in 15 years, people would still be sending plain text messages out in the open where anyone could read or alter them, I'd have thought you were nuts.

Oh sure, it's fairly common for computer nerds to have PGP or GPG keys, but in most cases they're not routinely used for email; it's just too inconvenient. (They are routinely used in some quarters for signing code; c.f. Debian.) But isn't it strange that my bank would send me an email with a URL where I can read my latest statement? Why not send the statement directly through the email? Answer: because we have reasonably good, wide-spread encryption standards for the web, but still not for email.

So I tried to look into what wide-spread standards do exist for email, because it certainly isn't PGP/GPG. I haven't quite straightened out all the acronyms yet, but it seems like the X509/PKCS7 is fairly common. Thawte offers free personal certificates, so I got myself one. I even met with a network of enthusiasts to get notarized (at a Starbucks on the upper west side). This just means that – in exchange for showing my passport to a couple of strangers – I can now put my real name in my certs, rather than just my email address.

All this stuff is supported fairly well in Apple Mail and the Keychain Assistant. My partner and I now routinely exchange encrypted messages. And now I've started signing messages I send to others, to see how their systems deal with it. The results to date are not encouraging.

Anyway, our esteemed president can take credit for my resurgent interest in the bill of rights. One day last month I got so pissed off by some executive transgression or another (sad that I don't even remember which one) that I joined three organizations on the same day: the ACLU, the Electronic Frontier Foundation, and Americans United for the Separation of Church and State. Do I hear an ‘Amen’?

Oh yeah, the president has even made me appreciate the 2nd amendment more, which I interpret as being primarily about the ability (and responsibility) of the citizenry to overthrow a tyrannical government. ;) But YMMV, as IANACS.*

*CS = Constitutional Scholar

©20022015 Christopher League