Back Doors?

Of course we can’t eliminate the possibility of an elaborate government disinformation plot, but stories like this seem to indicate that encrypted data security is alive and well.  Here’s the meat:

For more than a year, the government has been unable to view drive Z.

A government computer forensics expert testified that it is “nearly impossible” to access the files without the password, the judge wrote. “There are no ‘back doors’ or secret entrances to access the files,” he wrote. “The only way to get access without the password is to use an automated system which repeatedly guesses passwords. According to the government, the process to unlock drive Z could take years . . . “

I’ve been an advocate of encrypting as much personal Internet traffic as possible since I learned about the technologies over a decade ago.  The defendant in this case used PGP, it has strengths (such as the ability to encrypt different types of content) but for most people I feel that S/MIME is a better tool for encryption of email because it is so transparent to the end user, more easy to use, and already installed on most computers.

People ask me “how secure is this?” and my answer has always been to explain that no encryption is unbreakable – it just takes time.  When you use the strong RSA encryption used by PGP and S/MIME, you buy a lot of time – in this case, over a year.  I generally tell them to consider the level of secrecy of their information compared to the level of sophistication of the prying eyes.

I started using encryption because I didn’t want my IT colleges to casually read my emails (which are sometimes stored as simple text files on the email server).  Email is like a postcard – anyone, at any time, with access to a postcard can read the entire contents – even potentially change the meaning of the message.  So employing encryption prevents tampering and eavesdropping.

So is some hacker or IT person going to waste a year decrypting some inane email to your mother?  They might, but if they did they might think twice about whether or not it was worth it to encrypt other emails.  On the other hand, the governments of the western world might be able to team up and crack a file containing plans for a terrorist attack in minutes or hours, but judging by this case, they’re not willing to leverage that sort of potential for a kiddie porn case. 

The net result is that reasonably good people using strong encryption probably face zero risk of a brute force attack on their data – and since it’s fairly easy to set up and use, why not take advantage of such wonderful odds?  If the court upholds the ruling that a person can’t be compelled to hand over the password, the argument in favor of routine encryption of personal data becomes even stronger. 

EPIC had this to say:

“The consequence of this decision being upheld is that the government would have to find other methods to get this information,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center. “But that’s as it should be. That’s what the Fifth Amendment is intended to protect.”

Of course, the enemies of liberty fret that drug dealers and pedophiles will use the technologies to avoid prosecution:

Mark D. Rasch, a privacy and technology expert with FTI Consulting and a former federal prosecutor, said the ruling was “dangerous” for law enforcement. “If it stands, it means that if you encrypt your documents, the government cannot force you to decrypt them,” he said. “So you’re going to see drug dealers and pedophiles encrypting their documents, secure in the knowledge that the police can’t get at them.”

Yet again a government shill laments the restriction of government application of force to intrude on personal liberties.  He uses the extreme cases, focuses on the negative, and fails to mention the benefits of widespread encryption and civil liberties benefits to the law abiding.

Bear in mind that encrypted emails and other items that are accessible with two keys are risky because either sender or recipient could expose the contents to prying eyes – or even forward it along unencrypted.

For those interested in taking advantage of encryption, here are a few resources:

S/MIME Secure Email Tutorial
Secure Instant Messaging with Skype
Encrypting Data in Windows XP Professional

Leave a Reply