My name is Meik Michalke
and I work for the
Cultural Commons Collecting Society.
The C3S was founded
to establish a new collecting society
for musical works.
The basic idea is that musicians entrust
the collecting society with the copyright to their musical works
who then acts as a fiduciary
who collects royalties
based on a tarif system.
This type of collecting society
exist all over the world.
In Germany, GEMA is
the only collecting society
who manages this type of copyright
and our goal is to provide an alternative.
The C3S doesn't view itself
as somehow challenging the GEMA.
Instead, we want to offer a choice
for musicians
who doesn't feel at home in GEMA.
And there are some who feel this way.
And, in this regard, we aren't taking anything away from GEMA.
The C3S uses GPG
for email encryption.
We have a whole bunch
of different mailing lists,
which we use for organizational purposes.
We have to organize ourselves over the Internet,
because our team
consists of volunteers
who live all over Germany.
And then it makes sense
that we organize ourselves via email.
Our first problem was, of course, obvious:
when you try to build up such a large enterprise
that is really an alternative
for an existing collecting society,
then you need to be certain
that when a person in this team
tells someone else on this team something or other
that this message really
came from the first person
and not from someone else
who is pretending to be this person.
The second problem is
that we have a very big technical infrastructure---
different servers,
different social media channels
that the C3S uses,
and then we sometimes have to,
for example, send login information
or update it
and when you want to do that securely
over the Internet
then that can only be done with encryption
which is why we also use GPG for these types of things.
We don't have an explicit adversary
that we are consciously protecting ourselves against
it is rather a type of
insurance for us.
Ignoring the whole NSA thing---
and that you know
that emails are collected
and automatically scanned, etc., etc.
ignoring that---
it is clear to us that email
that have something that might be even remotely sensitive
simply have to be encrypted.
In general.
So, if I could
I would encrypt every single one of my private emails.
That doesn't work in practice
because not every person
who I communicate with
also uses encryption.
But a lot---and increasingly more.
And I think
that one doesn't need
an explicit adversary
or something like that
to convince yourself
that a mail
belongs in an envelope.
That is something which goes without saying.
We don't assume
that the GEMA is spying on us,
but why take the risk?
That is, when it is possible with very little effort
---yes, there is some work---
but when it is possible with very little effort
to be certain
that even when an email
lands in the wrong hands
that that person can't actually read the content
why would you not encrypt?
So, I just don't understand
how other organizations
accept that risk.
The C3S uses GPG
to check the integrity and the authenticity of messages,
because when an organization like us,
an organization that communicates over the Internet,
that has to rely on the authenticity
of a request to do something,
that that request really came
from the person
in the from field,
then you need
a technical solution,
because you can't simply do everything
that arrives in your inbox
as otherwise your enterprise won't survive for very long.
I really think
that the whole signature thing---
that is, authentication---
is much too much in the background
in the whole debate.
Sure, at the moment, it revolves
---also, thank God, propelled by the whole Snowden revelations---
around analyzing the content
and that this information
---the information in the content---
could be sensitive,
but, ignoring that,
even if there isn't anyone who
explicitly wants you data,
the question of whether an inquiry or a request
that is received by email
really came from the person
who allegedly sent it
is, I think, in everyday life
much more relevant.
And that was, honestly, the way
which I could convince the others on our team
to learn how to use GPG.
What I did is
---before we started encrypting everything---
I sent a mail to one of our mailing lists
and simply set the from field
to one of the other team members.
The message didn't contain anything important---
it was just an email
that I sent to this list
and it basically just said "hallo."
And this other person
saw this email
and shortly thereafter sent an email
"oh, my email account has been hacked
"I've changed all of my passwords,
"I need to check
"whether anything else happened."
Then I said
"No, your email account
"was not hacked.
"You don't need to hack an email account
"to forge the sender.
"Every email program can do that.
"That is really easy".
And this simple example
made everyone aware
how really easy it is
to pretend to be someone else.
And it is there that I see the greater danger.
For more infomation >> Juan Fran Sierra vs Claudio Sona: spunta una nuova prova - Duration: 2:48. 
For more infomation >> Audi A1 1.4 TFSI PRO LINE S [S-Line] Navi, Xenon, H Leer, PDC, ECC, LMV - Duration: 0:54. 
For more infomation >> Audi A3 1.4 TFSI PRO LINE S -S-TRONIC AUT, Nw model, Navi, Xenon Led, H.leer - Duration: 0:59. 
No comments:
Post a Comment