Let me know when you’re done laughing. It's OK...I can wait. So, this was a thought that occurred to me one night as I was fighting through some rather nasty heartburn. Whenever I’m in that state I can’t help but to think of politics. It is a spectator sport for me. Recently, we have seen that ‘sport’ starting to bleed over into the stands. Email is one aspect that always jumps out at me.
We saw recently that the White House and US State Department were affected by a breach of their email system. We also witnessed a case where Hillary Clinton, who is currently running for President, had been running official email via her server on a cable modem in her house. I am fairly certain that was anything other than proper.
We elect officials to office then cry foul when they run amok. So, isn’t incumbent upon ourselves to take a long took at the people we have put in office in our respective countries? Remember that these are the people that are passing the laws that govern our use of security and privacy related technologies online.
In Canada, where I reside, I decided to start digging in to which members of Parliament have public PGP keys. First up I brought up the website with all of the members listed on it. A quick search really provided me with little solace. This was a dead end as none of them had keys listed. Ah well, I had to at least give it a try.
My next stop was over on the PGP server for MIT. There I ran a search for the email addresses for all the members of Parliament simply by using the “@parl.gc.ca” part of the email address as a string. I was hoping for at least a 10% of the sitting parliamentarians to have a public key. I was floored to discover that exactly TWO former members had keys published and not a single sitting member.
In the USA I had better luck searching for official email addresses with public keys available. But, when I say ‘better luck’ my tongue was firm planted in cheek. There was only a few addresses and as near as I could tell there was nothing that was current besides that of the President. When I searched for PGP keys related to the Clinton’s personal domain address I found only one for “mister”.
OK, maybe I would have better luck in the UK? I ran into a bit of a wrinkle there. I had limited luck as there wasn’t currently a sitting government when I started running checks. The elections were held on May 7th and I will be sure to revisit at that a later date.
When I repeated the same search for Australian law makers I discovered that no sitting member has a pub key shared with the email address ‘@aph.gov.au’. I may be mistaken as to this regard as they may use a different email address then that.
I found all of this a bit troubling. Of course this is no guarantee that some legislators don’t already have PGP and just haven’t published their public keys. Yeah, as soon as I typed that I thought that was pretty thin myself. I would hope that being our chosen representatives in our respective countries that they would lead by example. When I look at initiatives like Let’s Encrypt I wonder if the officials are of a mind to support it. My suspicion is leaning to the contrary.
So many laws that govern how we interact and use security and privacy tools are framed by legislators. They share all manner of information between them but, how many are actually doing so in a secure fashion? Sure, it’s like trying to get our parents to use encryption after years of using a typewriter but, my folks don’t have the ability to pass laws. Something to consider.