Finally, the government props up ailing encryption industry

Finally, the government props up ailing encryption industry

Summary: Remember the great promise of encryption? Finally we could all be safe and secure in our communications thanks to the magic of very large prime number pairs.

SHARE:
TOPICS: Security
10

Remember the great promise of encryption? Finally we could all be safe and secure in our communications thanks to the magic of very large prime number pairs. There were several very successful IPO’s (Verisign and Entrust for example) and dozens of startups funded by eager VCs. But thkidspy.jpgen reality set in. There are not a bunch of malevolent snoops spying on our every email, IM, and phone conversation. I was on a panel at some security conference waaaay back in the 90’s and a prominent privacy advocate said

“honestly, if it was easy to read people’s email we would see (OJ Simpson prosecuting attorney) Marcia Clark’s email posted all over the Internet.”

And that is true. Most ISP’s *can* read your email but frankly they have better things to do and the volume is so high it gets expensive to do.

So encryption as an industry hit the wall of market reality. There really is not that much need (market demand) to protect your every day communication or the files on your computer. Certainly not enough to warrant the hassles of encryption which include more compute time and having to store or remember all those keys. The US government has created a bunch of regulations, including HIPPA, Sarbanes-Oxley, and GLB that stop just short of requiring encryption. California passed SB 1386  which requires companies to disclose when unencrypted personal information is lost or exposed. This has created a swell in demand for systems that can encrypt files of social security numbers and credit card numbers.

But encryption will never become common practice until there is a real and present danger that every email, IM and telephone conversation you hold can be snooped upon by an automated system and retrieved at the whim of an attacker.

Recent revelations  about the collusion between ATT, a US backbone provider (and rapidly becoming the telephone megalith of old thanks to the absorption of SBC and BellSouth), and the NSA (US Spy agency) indicate that this time has arrived. Evidently ATT has “secret rooms” in its major network exchange points that host hopped up network equipment capable of sniffing traffic at pretty high speeds. In other words, Marcia Clark’s email would be intercepted today. For an interesting discussion of the technology used see this blog

Obviously this could have a devastating impact on people’s trust of the Internet. But for sure it will lead to a rise in people using encryption. Lawyers should be actively investing in ways to protect their communication with their clients. And today, April 17th 2006, is a good day to consider encrypting any communication with your tax preparer. I applaud the Electronic Frontier Foundation for bringing civil suit against ATT for their involvement with the NSA. Government tapping of the Internet is a grave danger to privacy and freedom.

I also predict that ATT will not earn the following accolade next year. From a February 28th 2006 Press Release:

Fortune magazine today named AT&T Inc. (NYSE: T) as the World's Most Admired Telecommunications Company.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • Government != "malevolent attacker"

    [i]"But encryption will never become common practice until there is a real and present danger that every email, IM and telephone conversation you hold can be snooped upon by an automated system and retrieved at the whim of an attacker."[/i]

    OK, I can buy this. But then this agreeable statement gets used for a poor argument:

    [i]"Recent revelations about the collusion between ATT, a US backbone provider (and rapidly becoming the telephone megalith of old thanks to the absorption of SBC and BellSouth), and the NSA (US Spy agency) indicate that this time has arrived."[/i]

    I must be missing something here. Mr. Stiennon seems to conflate AT&T's network monitoring on behalf of the government with a malevolent attacker. Unless he is suggesting that the government should not be able to intercept and eavesdrop on Internet communications, the two ideas have nothing in common.

    I am quite against government snooping and eavesdropping. But if you think for one moment that the government should be able to tap phones but not tap the Internet, you are crazy. The two are the same. When provided the proper authority from a judge, government agencies may tap my phone, open my mail, and (thanks to the USA PATRIOT Act) look at my library records and search my residence without my knowledge. But somehow my email, IMs, web browser, etc. should be different? Explain to me how. Please.

    Again, I don't like the idea of government eavesdropping, Internet or otherwise. But to think that the Internet deserves a special exemption is naive at best. If you don't like it, then you need to also argue against telephone taps, mail monitoring, the entire USA PATRIOT Act, FISA, the Rico Laws, and many other laws related to "old school" communications snooping in law enforcement.

    J.Ja
    Justin James
    • OK

      I will.
      RStiennon
    • Unfortunately, sometimes, it does. (NT)

      - No Text -
      JonathonDoe
    • Sometimes the government acts without authority ..

      The recent revelations that the government has been monitoring some domestic-foreign conversations without warrants and hints by the Attorney-General that they have the same "authority" to monitor purely domestic communications clearly show that our private communications need protection from our own government.
      B. Short
    • Point taken

      but in this day and age of warrentless surveilance one cannot simply assume that government surveilance is benevolent. That, and if you provide an access point for the government, however honorable their actions, that access point will inevitably be available to others as well, often without benevolent intent.
      JDThompson
  • Of course it's arrived...

    The government is the one that wants to do it...
    BitTwiddler
  • In the future, the pipes will be encrypted

    So your email/files won't have to. The WiMAX Steamroller with its MESHing technology SHOULD add encryption - so everything traveling over the airwaves would be secure. This would stop the government from snooping - which of course would lead to Congress making it illegal . . .
    Roger Ramjet
    • Why wait?

      Encrypt your pipes today. Use e.g. "secure IMAP" to access your mail remotely, encrypted, obfuscating proxies (e.g. "tor" http://tor.eff.org) for your web browsing, encrypted VPNs for remote access to data and applications, encrypted filesystems for local storage, etc. All this is available and working TODAY.
      JDThompson
  • Protection Need From Current American Terrorist Government

    The US government is the true terrorists in that they are invoking terror in the hearts and minds of their population for the purpose of maintaining the current elitists in power. The current elitists control the banks, government, media, telecommunications, major hardware/software corporations and the drug trade (wrestled form Mafia control since the 60?s). Laws have been set in place to enslave the US society through the false crisis of ?Islamic Fundamentalist Terrorist? not that any one American has ever met one, herd of one or will ever in their life time come across such a person since he in fact does not exist. I have come across many Islamic people in American society and business and although some of them maybe fundamentalists in their religion beliefs this does not make them any more a terrorist than a fundamentalist Christian. Most are working class people struggling for a better future for their family as all immigrants have done. So they do not pray to a Jew who stood against an oppressive Roman governmental regime and their Jewish coconspirators and instead pray to Mohammed that basically represents the same thing in the Arab world. Again that does not make an Arab person a terrorist.

    Think about it. The only people or group of people who have access to the telecommunication cables, the technology to perform such privacy invasion and are publicly known to have done so was the US government and its agencies such as the NSA, CIA, FBI and the private corporations which aide and abed this sinister government. Almost all the people in Afghanistan and Iraq are poor, do not have access to that type of US technology through many years of trade restrictions/embargos and are not trained to use this technology for the most part. The infrastructure is not even in place to use or exploit these technologies by any person in the said mentioned countries or in North America. If you believe in Osama then you will then believe he lives in a cave. Every cave I have ever visited did not have any power or internet outlets in them not even in the most tech savvy nations on the planet.

    Wake up people. Once most people use a technology which foils BIG Brother (aka US Government et al), there will be some story about how a ?terrorist cell? exploited this technology for their supposed evil ends and therefore Congress must abolish it and of core the bent over congressmen and women will do just that.

    There is only one way to protect privacy and that is demand through LAW government restrictions, oversight and separate governmental institutions. Period! Short of this it will be the store of the dog chasing his tail and guess which end the people will be.
    ciociario
  • definite stats to support damage from lack of encryption

    What about the tens upon millions of dollars in lost revenue due to identity theft from unprotected elctronic data reported every year? Doesn't that count? Plus, 23 states now have data security requirements for businesses, so whether you think you are in danger or not, you may have to comply with encryption protocols regardless of your suspicions. Read more stats on security breaches: http://www.essentialsecurity.com/educationalfacts.htm
    schwana