Thursday, December 17, 2015

Unbreakable Encryption Poses Big Problems for Law Enforcement

The story line maybe true but that is about it. CTI's founders have been dealing with this problem from it's beginnings and before. Back when the first PC's hit the market, encryption was an issue. First it was, and I believe still is on the restricted armament list. In other words you had to get NSA's approval to sell encryption programs overseas. A client would come to CTI and ask if we would get NSA approval for overseas sales. These were little firms, the big ones went directly to NSA, as did even the medium sized firms. At first it was not a problem, even CTI would run and A block on encryption program, which shows the randomness or strength of an encryption program. It is basically a page of A's that are then encrypted by what ever program was being used, most were pretty easy to see that they could be broken, many by the way still are. But as the smaller firms and huge firms from over seas, as well as many smaller firms from overseas got better at encryption, the NSA had a problem, now some pretty great encryption was on the free market, made by folks over seas that could not be controlled by NSA. It only got worse thru the years, till where we are now. it is still a restriction to sell some of our encryption overseas, but it is the other way around now, we do not want our encryption programs in the hands of the bad guys. Our, in fact the worlds economy runs on things like Fed Wire, which is the majority of large bank transactions, and no one wants that encryption broken. But even parts of that encryption was developed by Foreign Nationals working in the US. So the fear and problems continue, my last look at Government Encryption in the raw as they say, was in the early 80's, and that was beyond belief and I am sure that is child's play now days. But, back to the encryption problem of today, the US could pass laws, but it is like banning guns, encryption is made all over the world, and you just can not stop it. Another problem is if you force an American firm, that probably has foreign stock holders, or even majority owned by gray stock holders, they will never make another sale overseas if NSA is known to have the ability to decrypt. Not to mention no one will use those programs they will just continue to develop their own. Virtually every Government and big Firm in the world can do this. Many encrypt things and then run a known encryption over that, so Governments think they may have a shot at breaking it, until they really have to, which by the way, there is so much traffic out there in the data stream, it is tough. For a while Intel agencies used the fact that if an encrypted piece of traffic came by, that someone was trying to hide something, and knew what to target. Now days everyone from PR firms to elicit affairs use encryption. Still encryption packages can often be tracked by the type of package signature it uses. So we may not know what is being said at the moment, but we do know who is talking to who, or we did till the meta data restriction came up. Just from my point of view, NSA can break anything, the question is time, if an event is going off then time is most important. Still if we know from where to who or where, we can act. We can go back to dumpster diving to get either the printed encrypted data, which is readable, to attacking the computer or phone, which is just a small computer and reading it off the screen as they do. Yes there is traffic where the message delete's itself after the reader reads it, but that is just deleted at the readers end, NSA still has the data, and one second with the persons phone or nearby access to it, they can bring it back up. I have to admit the meta data can make some of this much faster, which may save lives, but NSA can do it with raw data as well. By the way the stuff you are keeping from our Government in this Meta Data is still available to the vendors like Tmobile and the rest, who can sell it to who ever they wish, so you have not made yourselves any safer. But what you have done is the T mobile folks can warn clients and customers that court orders have been issued for data. Now you have given the possible bad guys the knowledge of an investigation ongoing against them. T mobile is in a constant race for customers and keeping customers, if you don't trust your government think about those Telcom companies, that have huge foreign customers as well as stock holders. Yeah the US citizens really had our press and politicians looking out for us on that one. Making another law to put short cuts in encryption is just stupid, the same hackers that attack us all the time can make a new encryption algorithm in less than a day, or take out the short cut in seconds.
from CTI Consulting

No comments:

Post a Comment