Tuesday, November 17, 2015

Encrypted Terrorism?

The news media is all a buzz about encrypted communications in the wake of the Paris terrorist attacks.  I've seen multiple segments on it, and have heard about "going dark" on NPR on my ride home yesterday.  Most news outlets (sans the New York Times) have been careful to note that the jury is still out on whether or not the Paris terrorists actually used any encrypted communications to plan and/or execute their attacks.  However, they breathlessly listen to law enforcement or intelligence agency wonks on how they MUST have used encrypted communications in these attacks because the French and US intelligence agencies didn't hear a whisper about the attacks before they happened.

First, let's acknowledge that encryption is nothing new.  PGP encryption was first published in 1991 by Phil Zimmerman.  Sure, it was a bit cumbersome to use, what with all those encryption keys and digital certificates.  But if you wanted to communicate securely without the government being able to listen in, you have been able to do that for the past 25 years.

Leaving the history aside, let's consider two scenarios.  The first is that the terrorists have finally embraced this 25 year old technology to be able to communicate in a way that the law enforcement/intelligency agencies (LE/IA) types are now saying they are doing.  The second scenario is that the LE/IA wonks fell down on the job and mucked this one up good.  Now, considering the two scenarios, which do you think is more likely?

But that isn't my main point here.  The bottom line is that either way, THEY DID THIS TO THEMSELVES.  Either they were grossly incompetent, which proves my point above sufficiently, or they created the situation with encryption themselves!

Let's assume that the terrorists are using encryption, or at the very least, will use it going forward given how "scared" our LE/IA wonks are of it.  Why is encryption so easy to use now?

Well, once upon a time, it was easy to listen in on secure communications.  The feds required telecoms to help them do it.  They co-located listening devices in all the switching centers the telcos had.  They required the telcos to make modifications to their equipment so it would be easier to let the government listen in.  When emails and IM came on the scene, the LE/IA types required the same thing of Internet Service Providers (ISP).  Then they did the same thing, or at least tried to, with the cell phone service providers, AND the cell phone manufacturers.

They asked for, and got, kangaroo courts (I'm looking at you, FISA) where secret search warrants were issued to all of these players.  And they had to spend more and more of their time servicing these warrants, which allowed the LE/IA types to suck up all kinds of data and metadata on who was communicating with who, and where possible, what they were saying.  The CIA invented CARNIVORE and other software that would allow LE/IA to search huge databases of information instantly. 

As the stories about these things broke, via Wikileaks and the various "traitors" who divulged the types of information being collected, people started demanding more and more secure communications.  Worse, computer and cell phone companies began making their products encrypted as well, and even worse than that, they took themselves out of the business of having to service these warrants and such by not keeping the keys to their customer's data.  It made sense... these companies were increasingly having to comply with more and more onerous demands of the LE/IA establishment, they could get out of it by not being physically able to do their bidding.  This would allow them to "stick to their knitting" rather become an arm of the LE/IA cabal.

So now these whiny LE/IA types are all over the news, complaining that this "evil" encryption thingy is stopping them from preventing TERRORISM.  It's all a ploy to get the government back into the business of your cell phone manufacturer, your cell phone service provider, your computer, which you pay for with YOUR money.  Their target is your fear, they want you to want what they want, which is unfettered access to your private communications. 

Don't fall for it.

3 comments:

  1. Hmm... I don't see an 'https' in front of your URL. I guess I'll just wrap my monitor with tin foil and call it good. ;-)

    ReplyDelete
  2. @Tim: Posted in the clear so the terrorists can read it too!

    ReplyDelete
  3. Interesting isn't it that I wrote this BEFORE the whole DOJ/Apple thing! Who's better than me?

    ReplyDelete