Finally, the government props up ailing encryption industry

Remember the great promise of encryption? Finally we could all be safe and secure in our communications thanks to the magic of very large prime number pairs. There were several very successful IPO’s (Verisign and Entrust for example) and dozens of startups funded by eager VCs. But th

en reality set in. There are not a bunch of malevolent snoops spying on our every email, IM, and phone conversation. I was on a panel at some security conference waaaay back in the 90’s and a prominent privacy advocate said

“honestly, if it was easy to read people’s email we would see (OJ Simpson prosecuting attorney) Marcia Clark’s email posted all over the Internet.”

And that is true. Most ISP’s *can* read your email but frankly they have better things to do and the volume is so high it gets expensive to do.

So encryption as an industry hit the wall of market reality. There really is not that much need (market demand) to protect your every day communication or the files on your computer. Certainly not enough to warrant the hassles of encryption which include more compute time and having to store or remember all those keys. The US government has created a bunch of regulations, including HIPPA, Sarbanes-Oxley, and GLB that stop just short of requiring encryption. California passed SB 1386  which requires companies to disclose when unencrypted personal information is lost or exposed. This has created a swell in demand for systems that can encrypt files of social security numbers and credit card numbers.

But encryption will never become common practice until there is a real and present danger that every email, IM and telephone conversation you hold can be snooped upon by an automated system and retrieved at the whim of an attacker.

Recent revelations  about the collusion between ATT, a US backbone provider (and rapidly becoming the telephone megalith of old thanks to the absorption of SBC and BellSouth), and the NSA (US Spy agency) indicate that this time has arrived. Evidently ATT has “secret rooms” in its major network exchange points that host hopped up network equipment capable of sniffing traffic at pretty high speeds. In other words, Marcia Clark’s email would be intercepted today. For an interesting discussion of the technology used see this blog. 

Obviously this could have a devastating impact on people’s trust of the Internet. But for sure it will lead to a rise in people using encryption. Lawyers should be actively investing in ways to protect their communication with their clients. And today, April 17th 2006, is a good day to consider encrypting any communication with your tax preparer. I applaud the Electronic Frontier Foundation for bringing civil suit against ATT for their involvement with the NSA. Government tapping of the Internet is a grave danger to privacy and freedom.

I also predict that ATT will not earn the following accolade next year. From a February 28th 2006 Press Release:

Fortune magazine today named AT&T Inc. (NYSE: T) as the World's Most Admired Telecommunications Company.