CryptoParty teaches how to evade online spies

On a recent Saturday morning in an otherwise deserted office building in Roseville, two dozen software developers gathered for a crash course on roaming the Internet incognito.

The class in encrypted communication was courtesy of CryptoParty Minnesota, a branch of a global movement that aims to keep people safe from spying by governments, corporations, stalkers or anyone else who wants to read your e-mails or see where you're browsing.

No one should trust conventional Web browsers and text messaging to protect them, the class was told.

"If you're not encrypting your communications, there's a potential for several entities to have it forever," Christopher Burg, one of CryptoParty's members, told attendees at the Roseville event. "It could come back and bite you."

For the CryptoParty advocates, private communications allow freedom of expression and democracy to flourish around the world. Yet in the aftermath of the attacks in Paris, politicians and intelligence officials in Washington say the government should have a way to sneak around encrypted communications, so that terrorists cannot plan their evil deeds without detection.

Speaking to an intelligence conference in Washington, D.C., last month, CIA Director John Brennan complained about the "technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover" terrorist plots.

Politicians from both parties have called for legislation that provides a back door for intelligence agencies into encrypted communications.

Those calls have come in the face of little or no evidence tying the Paris attacks to terrorists' use of encryption apps. Major technology companies have risen in defense of encryption.

Meanwhile, the CryptoParty has found increasing enthusiasm for its seminars, Burg said. The group is "completely apolitical," he said. The party refers to fun, not politics, although your idea of a good time has to include the mechanics of setting up private and public keys for PGP e-mail encryption.

Fortunately, the programmers who showed up for the Nov. 21 seminar speak this language every day. The concepts are actually pretty simple: A web browser that allows you to visit any site without the risk of a third party tracing it back to your computer. E-mail that looks like gibberish to anyone not intended to see it. In analog terms, it's putting a letter in an envelope instead of sending a postcard.

The three CryptoParty presenters were Burg, 32, a Twin Cities software developer and Second Amendment supporter whose blog is called "A Geek With Guns." The two others are cannabis activists Cassie Traun, 26, an IT professional who "never really trusted the government," and Kurtis Hanna, 30, an unsuccessful candidate for Minneapolis mayor and state Legislature who said he became interested in the issue after the revelations of NSA spying.

They make the case that encryption is not about a mask for bad guys. It's about battered women communicating without their abusers knowing about it. It's about political dissidents abroad and in the United States avoiding persecution. Or it's about something as simple as lovers exchanging intimate photos of each other, without fear that anyone else will see them.

NSA whistleblower Edward Snowden told the Guardian last year that actually happened at the agency, where intercepted nude photos were shared among workers.

"You can't really have an intimate communication with someone else if there's multiple other people in the room listening to you," Hanna said.

Where people stand on the issue of surveillance usually depends on who scares them more: terrorists or the state. In the aftermath of the Paris attacks, the federal government has, in essence, asked for a master key to the Internet.

"If they have the option of breaking all cryptography, there's nothing really standing in their way for doing another mass surveillance technology," Burg said.

Even if the government doesn't misuse that power, there's another argument against giving it to them, Burg said. Someone else could penetrate the government's weak defense against hackers, steal the master key and wreak havoc upon the world.

Now that would be scary.

Contact James Eli Shiffer at james.shiffer@startribune.com or 612-673-4116.