The thing is, GPG is not bollocks. Barring a major unforeseen discovery, RSA cryptography will easily stand up to five years' retention.

If you're worried, use a long keylength. I've been using 4096-bit keys for over a year now and there's no noticeable performance hit for regular comms on my computer. On my phone, 4096 is noticeably slower than 2048, but it still works fine (probably about a 5-10 sec operation to decrypt an ordinary email, and I have a comparatively "old" phone).

More to the point though, is that forcing the NSA to work on a specific message is computational power that they can't use to oppress the populace at large.

I know PJ is quite private (and probably rightfully so after the private investigators that were sicced on here during the SCO trials), but I was still shocked to read about this. Imagine if the New York Times and Washington Post had shut down in the 1940s, 50s, 60s when phone wiretapping was completely legal for the government to do.

Not only did they not shut down, but they didn't even have encryption to use back then. The people are far better armed today to be able to protect their communications.

> More to the point though, is that forcing the NSA to work on a specific message is computational power that they can't use to oppress the populace at large.

This, precisely.

Too many people throw up their hands because it's impossible to be 100% surveillance proof. But you don't need to be. If we can make surveillance orders of magnitude more expensive, we win.

Yet you're using gmail and voluntarily surrendering at least part of your correspondence to Google's prying eyes.

And there's nothing necessarily wrong with doing so. It should further be noted that anything you upload to a Google server is automatically packaged and delivered to the NSA by Google directly, so don't send anything to Gmail that you wouldn't want the NSA to access.

Forget the NSA, why should we give our information over to Google? I don't trust the NSA the least bit, but I trust Google even less.

What.

A FISA warrant doesn't magically render RSA invalid. If all your comms are encrypted, they can get whatever warrants they want, and they still won't be able to read your information unless you surrender your passphrase and key.

obligatory XKCD: http://xkcd.com/538/

That's what happens with extraordinary rendition, not FISA warrants.

They can, and do, force you to divulge your key.

I understand that they can, and sometimes may, force you to divulge your key, but it's not a consistent thing in the United States. There are judgments that require the divulgence, and judgments that claim such forced divulgence is precluded by the Fifth Amendment.

In any case, you buy yourself a very large amount of time if you don't just leave all your communiques out for them to read in plaintext. If you're encrypted, you have a lot of due process to exhaust before they ultimatley MAY order you to divulge the key. They have to go through your lawyer. He can file motions and appeals. The accused may incidentally forget the password. There are a lot of options. With plaintext, there are no options; there is only the government with all your content, and you with no control over anything.

See this here, with reference to the conflicting case law in the U.S.: https://en.wikipedia.org/wiki/Key_disclosure_law#United_Stat...

The point is really that they could just change their mind. It's already obvious that the gov't will go to great lengths to violate privacy and what we assumed were constitutional protections, so why would they respect your 5th amendment right and not just demand keys in the future?