I’ve obviously been asleep for a while. I didn’t notice the Communications Data Billand the resulting fallout.
Anyway, it’s now been brought to my attention. I’ve no interest in helping the government to read all my email. I’m therefore starting a new policy of encrypting as much outgoing mail as I can, and encouraging senders to encrypt mail to me. The objective is to annoy GCHQ and other trawlers.
I’ve therefore created a new OpenPGP key, whose fingerprint is
57E9 10A7 BE4B 9349 EDB3 A281 31CD 2A1F A96A 23BE
I recommend that you start using it right away — it can’t be worse than sending cleartext. I don’t propose to keep this key particularly safe. It doesn’t have a passphrase. The idea is that it’s nontrivial for GCHQ (or anyone else) to break into my computers in order to read my mail; if they have to do it for everyone, the whole idea will fail.
In the interests of plausible deniability, I also recommend that you not sign messages you send. OpenPGP does sign-then-encrypt, which means that, were I compromised, I could later prove that you sent particular messages. My own catcrypt(1) program (part of the Catacomb distribution) provides sender-authenticity while preserving plausible deniability (and uses stronger crypto), but the key management for catcrypt(1) is awful and there’s no good mailer support, so don’t do that yet.
That’s all for now.