[cookiecaper]

Another excellent argument to use encryption. It seems every couple of weeks there is another high-profile incident where a lot of trouble would have been saved if people had taken the time to set up Enigmail.

I would also love to see some advances in client-side steganography that could be usable as easily as GPG. Probably the closest thing we have now is TrueCrypt hidden volumes but that doesn't really work for email.

[bri3d]

Keeping encrypted data in the US is increasingly futile - see http://arstechnica.com/tech-policy/news/2012/01/judge-fifth-... .

Steganography is a good idea, though.

(edited: corrected stenography -> steganography per too-aggressive spellchecker usage)

[cookiecaper]

It is not a settled question whether you can be forced to decrypt or not; some judges have considered encrypted drives protected and others have not. And the UK has compelled individuals to decrypt as well.

The fact remains that you are much better off encrypting in the first place even if you are eventually forced to decrypt. You can challenge the order to decrypt, you can add more time to the investigation and give your lawyers more time to put together a strategy for whatever angle they consider most prudent, you can prevent surreptitious listening that may arouse interest in your activity in the first place, and so on.

Even if you ultimately are forced to comply with an order to decrypt, which again is by no means guaranteed, you still do yourself a lot of favors by encrypting from the get go. And we haven't even mentioned protection from non-governmental entities like script kiddies, competitors, or tabloids.

[DanBC]

> Stenography is a good idea, though.

Steganography is provably secure but requires a lot of cover data and careful implementation.

Steganography is less useful for most purposes than most people want.

[cookiecaper]

Unfortunately this is the case now. I am hoping that someone invents something that makes steganography more usable. "----BEGIN PGP MESSAGE----" is a little obvious for my taste, though of course encryption is much better than nothing.

[cwp]

I think you mean steganography. "Stenography" is writing down what someone is saying.

[cookiecaper]

Indeed, I should have paid more attention to my spell checker which does not recognize "steganography". Thanks.

[bri3d]

Thank you! Corrected.

[fl3tch]

Encryption is not so foolproof. A judge in Colorado has ordered a women to decrypt her laptop. The authorities will find ways to plug the loopholes that technology creates. If they can't break mathematics, they can break your will.

[Zirro]

Do you have a source on this? Isn't there such a thing as "you have the right to remain silent" in court as well?

[nikcub]

or just don't host in the USA, since apparently now you can be forced to decrypt. I wouldn't trust the UK, EU, Singapore, South Korea, Australia, New Zealand etc. either - which rules out most countries that have decent peering and colocation infrastructure.

Can anybody suggest a country/host that is cheap, fast and outside of the reach or co-operation of a US federal investigation?

[cookiecaper]

I don't think so. If you're really concerned about communication staying irretrievable by hostile players you will have to use some alternate channels and take care to ensure that you don't leave tracks on the devices that would get confiscated. I wouldn't just plop something in Costa Rica and expect it to be OK.

[trotsky]

You'd want to look at where the spammers and malware pushers host or are located, mostly china, russia and a few eastern european countries. Of course you're trading one set of problems for another: depending on the location you'll likely lack most IP protection, be subject to constant surveillance, extortion and organized crime.