Last edited Sun Aug 11, 2013, 11:42 AM - Edit history (3)
with statements about the naivity or ignorance of the poster, why not elaborate on the mechanisms you think could easily be exploited to get around it? I'm a programmer and have written encryption code myself. Granted, I'm not a security expert but I have a fairly good understanding of the technology. Don't assume you're talking to people with no technical knowledge. Enlighten me
Bearing in mind, too, that the issue here is mass surveillance involving automatic detection of keywords in large volumes of mail. Arduous processes involving social engineering, et al, are not viable to achieve this even for an organisation with the resources of the NSA.
I'm well aware, for instance, that hackers can target individual computers with keyloggers, et al, or use malware to propagate same, but its relatively easy to guard against simple malware propagation. I can't see that being turned into some kind of reliable, production-line process. I'm not sure how these companies are encrypting mail but since its the provider that's doing it, not end users, I assume the security basics are in place.
Single and detectable hacking instances are not evidence that the process can be industrialized the way the NSA has done in the USA using a combination of technology and privileged access. I know its common cause in the hacking community that anything can be hacked (despite some notable examples of systems that have never been hacked in the face of considerable effort), but having friends who's jobs involved actively responding to breaches at ISPs, I also know that its only a temporary condition for companies that employ skilled staff to actively detect and respond to such breaches. Many former hackers and very good ones at that are employed in the industry.
Being able to breach a system once is not the same as being able to easily sustain an undetected breach for long or even moderate periods of time.
= new reply since forum marked as read