Email monitoring in the U.S. possible or likely?

[krml]

This is what I have been preaching for a while now when people ask about encryption on this site.

 

The U.S. intelligence community helped to create most of the algorithms that exist. Look at PGP now, at one time you could download it and remain anonymous. NOT ANYMORE!!! You have to register to use it. This all came about because of 9-11. The government was worried that terrorists would use it to send command instructions to their cells in the U.S. or around the world that could harm U.S. interests.

 

Now all they have to do is subpeona PGP to get what they need to crack the cipher code for any individual.

 

I made this statement in another post not too long ago. Granted they have to go through a lot to justify reading your emails but it can be done.

[keekwai]

krml said: "The U.S. intelligence community helped to create most of the algorithms that exist"

 

So what? Creating an algorithm doesn't by default give one the ability to decrypt the data encrypted using that algorithm. A key or keys is necessary to implement the encryption, the strength (or weakness) of that key would determine the ability to crack the encryption.

 

krml said: "Now all they have to do is subpeona PGP to get what they need to crack the cipher code for any individual"

 

Once again you've lost me. It is considered virtually impossible to crack the standard PGP algorithms. Maybe you're once again referring to a backdoor in the program. The following is from PGP:

 

PGP Corporation uses cryptography to control access to messages and data. Users of cryptographic software need to have confidence in their software. This confidence does not include merely refer to software quality control, but also to the possibility that deliberate flaws have been introduced to allow governments or other parties to read encrypted data. PGP software contains no backdoors. It is constructed with the full cryptographic strength of the algorithms it implements. No third party?whether it is a national government or other agency?can tamper with PGP software. The software PGP Corporation signs and distributes has been created with integrity.

 

How do I know PGP products are secure?

The best way to know a product is secure is to look at the source code. Although source code is considered a trade secret, PGP Corporation knows that making it available is the best way for customers to validate the integrity of PGP products. Therefore, PGP Corporation publishes its product source code and recommends customers never purchase a security product from a vendor that does not make its source code publicly available. PGP Corporation is the only commercial security vendor to publish product source code.

 

How does this work?

Any qualified individual can request a copy of PGP source code, look at the code itself, verify the product has integrity, compile the code, and compare it to the commercial product. PGP souce code is downloaded more than 3,000 times per month for peer review. No backdoor or hidden access has ever been found.

 

PGP Additional Decryption Key (ADK) Technology

Backdoors should not be confused with patented PGP Additional Decryption Key (ADK) technology. ADK technology allows an organization to use a corporate key in conjunction with users? individual private keys, providing access to encrypted data (according to security policy) even if a user key is lost or unavailable. A configurable feature of PGP Universal, the ADK is used in conjunction with PGP Corporation?s patented Key Splitting. Key Splitting allows the corporate ADK to be divided into a number of ?key shares? and distributed to multiple corporate officials, so no one individual can gain access to encrypted data.

 

http://www.pgp.com/company/trusted_pgp_products.html

[drogon]

Here is a short answer.

 

First I do not think your friend has to be paranoid except if one of his "oponent" has good knowledge in hacking.

 

This easiest way to find what your friend is writting is to enter his computer.

Once entered for the first time the hacker has to use backdoor access-trojans or simply keyloggers to know everything your friend does with his computer.

 

An average hacker is able to use some spying programs that evade most of the spyware cleaners/antivirus

 

I personnaly know a good hacker, he is able to introduce himself in almost every computer possible (provided the computer is linked to the web) so let's say that your friend computer uses a 128bit encryption system then it is very easy for an average hacker to penetrate your computer.

 

Intercepting his email (even if there is an encryption) is far less easy

(and I do not think the university has access to the echelon system)

 

If your friend wants to be cautious, he has to use a proxy server, get a good antivirus and spyware blocker, use mozilla or another web browser (not IE) and never open attachments coming with unkown emails.