So let's start with a quick history lesson - in June 2013 Mr Edward Snowden, former NSA consultant, shocked the world with revelations of mass surveillance being carried out on pretty much the entire world by the NSA and various other Five Eyes intelligence agencies.

To people like me, privacy advocates who have been campaigning against the surveillance state for years, this came as no surprise - neither did news that secret courts were ordering companies to hand over vast arrays of data about completely innocent people. The online dragnet of communications is and should be seen as one of the most serious abuses of privacy rights ever.

So now, given that information, it should be a no brainer to most intelligent people that the powers that be are actively using all channels (legal and well, illegal) available to suck up our communications in their persistent effort to know what we are all doing, when and why.

Now for the less known information. Certificate Authorities are the weakest link in the digital security chain. They have the power to issue special master keys (for want of better phrase) which allows a third party to pretend to be someone they are not. In essence, this means if compelled by a secret court order, a certificate authority can provide special certificates to any intelligence agency or other law enforcement body, which will allow them to masquerade as someone else (your bank, Facebook, Google - anyone who uses that certificate authority for their SSL certificates). This enables undetectable "Man in the Middle" attacks used to intercept your communications with that intended service - this is really bad, I cannot stress how bad this is. To make it worse, these secret orders pretty much always come with a gag attached to them, so the certificate authority cannot tell anyone they have been ordered to issue these special certificates.

Given that information, it should be as clear as day to any group remotely knowledgeable about online security (such as EFF, CDT and Mozilla, who are behind the Let's Encrypt project) that creating a new Super Certificate Authority is the equivalent of painting a huge red target onto the backs of all the people who use it.

Let's not mix our words here, it will become a target - that much is completely indisputable, it would be utterly naive to believe the US Government will not target this new CA with court orders. What's more, given the historical evidence, there is a strong chance that such orders will be for "super master keys" allowing them to pretend to be whomever they like and it will be done under the guise of National Security because of course a CA which provides free certificates for everyone is (in the eyes of law enforcement) a hotbed for criminals and terrorists - why on earth would a terrorist pay Verisign for an SSL certificate, leaving a paper trail, if they can obtain an anonymous certificate for free from Let's Encrypt?

It is an insane strategy by all parties involved - it removes all confidence in TLS certificates as far as I am concerned and I will absolutely not be using the service and have to strongly recommend others refrain from doing so as well.

But what makes me particularly angry is Mozilla - there was an attempt several years ago to create an Open Certificate Authority for free SSL certificates (called conveniently OpenCA) and one of the major reasons they failed is because Mozilla and Microsoft would not add support in Firefox and Internet Explorer. But now, because privacy is fashionable, Mozilla suddenly announce with other Google funded groups (EFF and CDT) that they are doing this wonderful new thing for security and privacy - a thing which is not new, is not even their idea and quite frankly is idiotic in the current legal environment.

I am a privacy guy,my life's work is about privacy and I am not funded by Big Data because I have some integrity - and whereas I would love to see everyone encrypting their communications - this is not the way to do it.

We need to find another way, we need to remove the weak link in the chain, we need remove Certificate Authorities completely if we are to gain any serious trust and confidence in encrypted communications - because until we do, certificate based encryption is worthless, it is a red herring, a lie; and the sooner the rest of the world wakes up and realises this, the sooner we will change to truly secure solutions.