Originally Posted by Triple_Se7en
...... and the government has the ability to read all of your correspondence electronically, any time they desire. Their means is beyond comprehending sophistication. They can ever hear you vocally, using a small cordless device that fits in a shirt pocket, from a block away.
It's not paranoia. I don't think they're out to get me, whoever "they" might be. I do know what their capabilities are. Like I said, this isn't all about government. I have no illusions what a state level actor can accomplish when sufficiently motivated. The government is only a small part of the issue. It's also not about having a shady past. A search engine doesn't need more from me than my IP and search term so they can respond to a search query. An email provider should be concerned with nothing except that what they are processing conforms to RFC 2822 and other similar standards. When a company looks for "more" and that "more" doesn't benefit me, they will find that this request for "more" will be blocked or the answer will be obfuscated.
From the government perspective, if they want to devote the monumental resources to being able to decrypt a GPG encrypted business email, or a GPG encrypted expense claim or GST return I have stored on the cloud, all to see something they already have in their custody, more power to them. However, that's my point. It's really not about them. This isn't political, and it shouldn't be, and isn't supposed to be here, on BITOG.
Cloud storage, for instance, is useful. Whoever is providing that service, however, does not need to see what I have there. They don't need to see my GST returns or the payroll numbers for my staff. In fact, it's not paranoia, but it is my responsibility, enshrined in law, to ensure that those things are secured. There's much talk about paranoia here. However, if I back up my employees' pay stubs and deduction information online in an unencrypted fashion and I ever get caught, I'll be dealing with the government for not safely storing that information and I will be subject to sanction. Accordingly, my backups are secured in a way that is legally accepted in Canada (and approved within Canada's Department of National Security and Defence's internal policy for
Protected "B" material. I very regularly back up all business "data" to a USB stick and somewhere on the cloud. These are encrypted. If I lose my USB stick, whoever finds it is going to see a bunch of gibberish they cannot open and a few songs they are free to listen to. Whoever plays on the cloud, be it an employee of the cloud organization or some hacker, again, all they'll find is a bunch of gibberish they cannot open. I have to have that information so secured, because that's not only common sense, but is a legal requirement.
Do recall, as I've posted before, that I used to do technical security consulting for the federal government. I am very familiar with what they can accomplish and am intimately familiar with what a business or a government agency or department is required to do to safeguard the information in their custody. Luckily, or unluckily, depending upon one's perspective, I have to think about information security on a daily basis. My interest in the topic isn't paranoia; I understand how it can seem that way. I simply take it seriously because it can be fairly difficult to do correctly and I have seen way too many security breaches simply because people have no idea what they're doing. The days of simply slapping a padlock on a filing cabinet and thus being Protected "B" compliant are long over.