Please Share

Saturday, April 23, 2016

Should all locks have keys? Phones, Castles, Encryption, and You.

It has been a very long time since I've posted anything to the blog, I guess once you get out of the habit it's really tough to get back to it. However this is one of those times where I felt particularly compelled to share something. "Grey" over at has put together a great video discussing the difference between physical and digital locks... or encryption. It's 5 minutes worthy of your attention. There is a difference between the rules that govern our physical properties and those that govern our digital ones, or at least there had been. A debate is on, most notably in the U.S., that has some law makers asking for the golden key to your, and everybody else's data. in nearly all cases.
The proposed Burr-Feinstein Encryption Bill requires that all companies providing any kind communications or data service be able to give information to the government in an ''intelligible format.'' If the company made the data unintelligible, it must provide ''technical assistance'' to undo it. In case there is any question about the aim, the bill defines intelligible as ''decrypted, deciphered, decoded, demodulated, or deobfuscated to its original form.'' 

Being a Canadian citizen I was appalled to learn, but not really surprised, of the recent disclosure in a Quebec court case that the RCMP had Blackberry's global encryption key since 2010 giving them access to all communications between consumer Blackberry devices. The RCMP have effectively implemented a "man in the middle" attack, with Blackberry's consent, on all non Government or Enterprise Blackberry communication and fought hard to keep this information from becoming public.

Blackberry Executive Chairman and CEO John Chen responded with this blog post full of vague catch phrases like "do what is right for the citizenry" and "comply with reasonable lawful access requests". To this I ask is it reasonable to provide access to the communications of millions of users to target the communications of a few? Who makes Blackberry or it's CEO the arbiter of what is "right for the citizenry"?

If you haven't already you should assume that your communications are accessible unless you've taken care, beyond what you are told by your service provider, in protecting it. Governments globally are using the naivety of the general public and scaremongering tactics to influence our acceptance of their excessive use of powers and are seeking the power to circumvent our security in the name of what is "right for the citizenry". One of the few methods of ensuring some measure of privacy is encryption and granting Governments the keys to this kingdom is extremely dangerous.   

Please also have a quick read of this Electronic Frontier Foundation document on "the crypto wars".