Encryption and You!

Let’s talk about encryption.

Right now, there’s a number of governmental agencies that are lobbying Congress to push forward the idea that they need full access to communication data when ever it is asked for. To protect the interests of the United States, find criminals, terrorists (foreign and domestic), and other no-good people. Or just people who are up to no good.

There’s a level that I can agree with. I’m okay with some meta data (phone number to phone number and duration, specifically for overseas calls), but not so okay with the recording/listening of those conversations.  But that’s just talking about old school telephony.

Now we live in an age where a rotary phone is nearly extinct, and to call someone, you take a small device from your pocket, touch it a few times, and are instantly connected to another person.  Cell phones, smartphones, and even Voice-over-IP (VoIP) phones are the major way we communicate now.  Some of these methods also encrypt the communication line between parties, and some plainly encrypt the entire device.

Computers, tablets, and smartphones all now ship with some way to encrypt and secure the data of the device.  Computers have had Trust Platform Modules (TPM) for a few years now, though we’ve had encryption software like TrueCrypt (and it’s new forks) for many more years, and Android and iOS have had encryption available since Gingerbread 2.3.4 and iOS 4, respectively.

The agencies want access to that encrypted data when ever they want.  They’re not mentioning search warrants in their discussions, by the way, which just sets off some alarms.  While I understand what they’re asking for, they are also asking for the keys to the kingdom.  They want the device, service, and software providers to turn over encryption keys when ever they ask, bypassing the search warrant process in an effort to extradite the prosecution of crimes.

A court just ordered that a pair of financial investors , who are being accused of insider trading, cannot be ordered to provide passwords to their phones because of their encryption, so therefore the Fifth Amendment is being upheld in this case (right to protection from compelled self-incrimination). [Article on Ars]

As a matter of personal opinion, I have no reason to encrypt any of my devices.  But the “I have nothing to hide” statement is only for those who don’t care enough about their personal data.  I don’t encrypt to hide anything from the United States government.  I encrypt to put a measure of difficulty for someone who steals my phone, my laptop, or my computer.  I encrypt my backups, my online storage data, and make passwords as long and as complicated as the systems allow.  This is to protect me and my family.

Therefore, here is my proposal: If the agencies of the United States government want full, backdoor access to our encrypted data (which is still a bad idea), we want the Digital Millennium Copyright Act (DMCA) revoked.  Simply, if they want tech companies to reverse-engineer the existing encryption technology, that would be breaking the laws from the DMCA, and thus self-incriminating.  If we can’t tinker with our own devices, neither should the government.

Posted in Uncategorized.