[Discuss] email privacy/security

[kentborg at borg.org (Kent Borg)]

On 08/05/2013 02:49 PM, Richard Pieri wrote:
> What harm? The NSA has an effectively unlimited budget. 

For what values of "effectively"?  Even the NSA needs to get money 
appropriated.  Make them put extra zeros on the end and it matters.

> If your foes include lesser organizations then maybe you are correct. 
> It depends on what resources they have to bring to bear.

The mass snooping effectively is the "lessor organization" you refer 
to.  There is a world of difference between putting a lot of talent on a 
difficult target (think cold war, with one or two real enemies) vs. 
aiming at hundreds of millions of targets...up to billions. Yes, there 
are billions of us, and they want it all, even the communications of 
multitudes of poor people in unhappy lands.  They are trying to snoop on 
everything.  Little roadblocks matter, if the snoops' responses to the 
roadblocks don't scale really easily, little roadblocks make all the 
difference.

What does it take to grab all the e-mail running in the clear through 
ISP X?  A good data link to Utah (or wherever), and not that much 
hardware at key choke points  Conversely, what does it take to do MitM 
attacks on all the e-mail running through ISP X?  (And where will you 
fit all that equipment in ISP X's server room? And where will you get 
the power?  Or do you do it remotely, say, in Utah, with latency and 
reliability problems undermining ISP X's cooperation?  And how many 
server warehouses would it take no matter where they put it?)

These are unchecked bureaucrats. How competent could they be?  How easy 
a task have they had so far?  A little monkey wrenching could completely 
change their cost curve--if widely adopted.

-kb