February 13th, 2017 | Tin Foil Hat Time | No Comments Yet
I wear clothes and you probably also do, because privacy is important. While on the topic I also have curtains on my windows and keep my car locked. These are the typical initial arguments for encryption, and for the most part they are valid. Our interest in privacy is important and our right to privacy is important to our country as we citizens are living our lives in an online world where hackers and identity thieves are everywhere. But not everyone is happy about encryption.
Obviously encrypted data is hard to track and trace, making encrypted communication difficult to intercept. But some bad people may also have bad plans on their computers and encryption keeps that data locked out of the hands of law enforcement. But the ultimate question we need to ask ourselves goes back to that same wonderful balance of security and freedom. Freedom by its own nature includes risk, and eliminating risk through security means an erosion of freedom. The more of our freedom, in this case to our data, that is open for anyone to see, the more security we may have. But is that what we all want? That is a fabulous question! And I am not sure I have an answer.
This is not an all encompassing history which is fascinating but too long to recount here. Encryption dates back to at least 1900 BC on some hieroglyphics that were probably more for amusement than anything else, but 1500 BC saw encryption to hide a glaze recipe for pots made on that era. The Greek and Roman empires were probably the first to use encryption in military communications, and those were generally simple ciphers secured in part by the fact the message bearers were often illiterate. In the modern era encryption was used heavily in World War II, but in the peace time encryption was standardized due to the advent of banking communications and the Internet.
When the personal computer was becoming mainstream some people were interested in encryption but as the burgeoning global market was slowly forming there were laws against exporting encryption tools to other countries. The US government was concerned about encryption technology falling into the hands of foreign nations. Around this time, Netscape developed the first SSL technology for safely transmitting encrypted data over the internet, and Phil Zimmerman was developing PGP for encrypted data. The United States had laws against exporting any cryptosystem larger than 40 bits, the Netscape browser SSL was significantly reduced to 40bit encryption. In the 1990s to aid in the growth of eCommerce the rules were changed that allowed stronger encryption so Zimmerman released PGP, but endured governmental scrutiny because legislation was being considered that required a government back door into all domestic encryption software. In the last few years we have seen an increase in attacks on encryption again.
It seems that recent years have seen an increase in cases being used to challenge public encryption. 2015 saw three separate terrorist attacks, all of which were cited as reasons to break encryption. But the reality is, all of these terrorists we had enough information to stop the criminals. Like the Boston bombers, they were already being watched, they were already known terrorists, but in the words of some, we are drag-netting too much information to gather meaningful data.
In these cases, these are very bad people who need to be stopped. But we also do not need to hold these cases up to say we must do away with encryption. Looking at the Silk Road deepweb store, that site was behind a lot of encryption and the owner is still in jail right now. Good old fashion police work took them down. Such good police work can stop attacks, it can stop criminals, it can stop bad people from doing bad things.
In the recent weeks, I have seen more articles once again trying to erode public opinion about encryption. The first was from The Consumerist was basically an FBI lawyer saying that thanks to encryption, stupid criminals are getting protected by default. The article was another account of the San Bernardino shooting, but the layer had this to say:
We’re not trying to undermine encryption. We’re not trying to create a backdoor. We don’t want a golden key. We don’t want any of that. We want something that is safe and effective.
The problem with this quote? You can’t have it both ways! You either weaken encryption or you don’t!
Another article was from Ars Technica about a man who is in jail now because he will not decrypt his hard drive. Of course, the man is accused of possession of illegal pornography, but the state cannot prove it without unlocking the drive. Of course if a person wants to support encryption, it feels you may be supporting a predator, and who wants to be on that side? But the reality is, if any of these cases: Terrorists, shooters, predators, online drug stores – allows the excuse to break private encryption, the precedent is set and private encryption tumbles. That will be a sad day. Just because I might choose to encrypt data does not mean that data is illegal! I have my banking operating system and passwords encrypted in case someone were to break into my house and steal the computer, it gives me another layer of online protection. If I do not encrypt my network drives and a hacker gets past my router, he may steal family photos, letters, documents, and other personal data. If you do not believe in protecting your personal data, please leave me your full details, passwords, credit card numbers, etc below in the comments!