Finally, the government props up ailing encryption industry
Summary: Remember the great promise of encryption? Finally we could all be safe and secure in our communications thanks to the magic of very large prime number pairs.
Remember the great promise of encryption? Finally we could all be safe and secure in our communications thanks to the magic of very large prime number pairs. There were several very successful IPO’s (Verisign and Entrust for example) and dozens of startups funded by eager VCs. But th
en reality set in. There are not a bunch of malevolent snoops spying on our every email, IM, and phone conversation. I was on a panel at some security conference waaaay back in the 90’s and a prominent privacy advocate said
“honestly, if it was easy to read people’s email we would see (OJ Simpson prosecuting attorney) Marcia Clark’s email posted all over the Internet.”
And that is true. Most ISP’s *can* read your email but frankly they have better things to do and the volume is so high it gets expensive to do.
So encryption as an industry hit the wall of market reality. There really is not that much need (market demand) to protect your every day communication or the files on your computer. Certainly not enough to warrant the hassles of encryption which include more compute time and having to store or remember all those keys. The US government has created a bunch of regulations, including HIPPA, Sarbanes-Oxley, and GLB that stop just short of requiring encryption. California passed SB 1386 which requires companies to disclose when unencrypted personal information is lost or exposed. This has created a swell in demand for systems that can encrypt files of social security numbers and credit card numbers.
But encryption will never become common practice until there is a real and present danger that every email, IM and telephone conversation you hold can be snooped upon by an automated system and retrieved at the whim of an attacker.
Recent revelations about the collusion between ATT, a US backbone provider (and rapidly becoming the telephone megalith of old thanks to the absorption of SBC and BellSouth), and the NSA (US Spy agency) indicate that this time has arrived. Evidently ATT has “secret rooms” in its major network exchange points that host hopped up network equipment capable of sniffing traffic at pretty high speeds. In other words, Marcia Clark’s email would be intercepted today. For an interesting discussion of the technology used see this blog.
Obviously this could have a devastating impact on people’s trust of the Internet. But for sure it will lead to a rise in people using encryption. Lawyers should be actively investing in ways to protect their communication with their clients. And today, April 17th 2006, is a good day to consider encrypting any communication with your tax preparer. I applaud the Electronic Frontier Foundation for bringing civil suit against ATT for their involvement with the NSA. Government tapping of the Internet is a grave danger to privacy and freedom.
I also predict that ATT will not earn the following accolade next year. From a February 28th 2006 Press Release:
Fortune magazine today named AT&T Inc. (NYSE: T) as the World's Most Admired Telecommunications Company.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Government != "malevolent attacker"
OK, I can buy this. But then this agreeable statement gets used for a poor argument:
[i]"Recent revelations about the collusion between ATT, a US backbone provider (and rapidly becoming the telephone megalith of old thanks to the absorption of SBC and BellSouth), and the NSA (US Spy agency) indicate that this time has arrived."[/i]
I must be missing something here. Mr. Stiennon seems to conflate AT&T's network monitoring on behalf of the government with a malevolent attacker. Unless he is suggesting that the government should not be able to intercept and eavesdrop on Internet communications, the two ideas have nothing in common.
I am quite against government snooping and eavesdropping. But if you think for one moment that the government should be able to tap phones but not tap the Internet, you are crazy. The two are the same. When provided the proper authority from a judge, government agencies may tap my phone, open my mail, and (thanks to the USA PATRIOT Act) look at my library records and search my residence without my knowledge. But somehow my email, IMs, web browser, etc. should be different? Explain to me how. Please.
Again, I don't like the idea of government eavesdropping, Internet or otherwise. But to think that the Internet deserves a special exemption is naive at best. If you don't like it, then you need to also argue against telephone taps, mail monitoring, the entire USA PATRIOT Act, FISA, the Rico Laws, and many other laws related to "old school" communications snooping in law enforcement.
J.Ja
OK
Unfortunately, sometimes, it does. (NT)
Sometimes the government acts without authority ..
Point taken
Of course it's arrived...
In the future, the pipes will be encrypted
Why wait?
Protection Need From Current American Terrorist Government
Think about it. The only people or group of people who have access to the telecommunication cables, the technology to perform such privacy invasion and are publicly known to have done so was the US government and its agencies such as the NSA, CIA, FBI and the private corporations which aide and abed this sinister government. Almost all the people in Afghanistan and Iraq are poor, do not have access to that type of US technology through many years of trade restrictions/embargos and are not trained to use this technology for the most part. The infrastructure is not even in place to use or exploit these technologies by any person in the said mentioned countries or in North America. If you believe in Osama then you will then believe he lives in a cave. Every cave I have ever visited did not have any power or internet outlets in them not even in the most tech savvy nations on the planet.
Wake up people. Once most people use a technology which foils BIG Brother (aka US Government et al), there will be some story about how a ?terrorist cell? exploited this technology for their supposed evil ends and therefore Congress must abolish it and of core the bent over congressmen and women will do just that.
There is only one way to protect privacy and that is demand through LAW government restrictions, oversight and separate governmental institutions. Period! Short of this it will be the store of the dog chasing his tail and guess which end the people will be.
definite stats to support damage from lack of encryption