Disclosures from Edward Snowden about NSA surveillance has
had an interesting yet perhaps unsurprising consequence on the world of
technology. As the general public learns
increasingly more about the capabilities of the US intelligence community,
individuals from all walks of life have begun seeking methods to safeguard
their online privacy. And while the
government would argue that only those with
something to hide should be concerned, this has not stemmed the tide of encryption for everyone.
When Edward Snowden attempted to set up an encrypted
communication channel with journalist Glenn Greenwald, not even a 12-minute
tutorial video that Snowden made helped Greenwald understand how to use
PGP. To help overcome the steep
learning curve associated with cryptogrpahy,
Nadim Kobeissi has developed an
encryption program called miniLock which will be released later this year in
beta version at the HOPE hacker conference in New York. The program has been designed as “a free and
open-source browser plugin designed to let even Luddites encrypt and decrypt
files with practically uncrackable cryptographic protection in seconds”
(Greenberg, 2014). Utilizing public-key
encryption, miniLock can be used to encrypt a variety of files from pictures on
a thumb drive to documents uploaded to Dropbox or Google Drive. According to Kobeissi, the usual complexity
of employing public and private encryption keys has been simplified to provide
a user-friendly privacy solution. A more
technical explanation of the cryptography behind this software is being saved
for the beta release at the HOPE conference later this month.
In addition to providing law-abiding citizens with a privacy
tool, the development of miniLock and programs like it has also lead to an
increase in the number of nefarious uses.
According to an annual report released by the US court system this year,
the number of criminals employing encryption has steadily increased throughout
the last ten years (Greenberg, 2014).
Even
though the use of encryption by criminals represents a very small number
(0.25%), the more interesting statistic is that law enforcement was defeated by
strong encryption 9 times in 2013. This
represents over a 100% increase since 2012 (4 times) and before 2012, the
number was 0 (Greenberg, 2014).
So what’s a law enforcement or intelligence agency supposed
to do? In a recent UK case, a computer
science student named Christopher Wilson was jailed for six months for failing
to disclose his encryption passwords to authorities (Leyden, 2014). As a security professional, I can see both
sides of the argument. If no other
evidence exists implicating an individual in a crime should they be compelled
to give up their digital privacy? And on
the flipside of that coin, just how many more criminal cases will be stymied in
2014 by increasingly easy to use yet secure encryption solutions?
References
Greenberg,
A. (2014). Rising use of encryption foiled the cops a record 9 times in 2013. Wired. Retrieved from
http://www.wired.com/2014/07/rising-use-of-encryption-foiled-the-cops-a-record-9-times-in-2013/
Greenberg,
A. (2014). The ultra-simple app that lets anyone encrypt anything. Wired. Retrieved from
http://www.wired.com/2014/07/minilock-simple-encryption/
Leyden,
J. (2014). Computing student jailed after failing to land over crypto keys. The Register. Retrieved from
http://www.theregister.co.uk/2014/07/08/christopher_wilson_students_refusal
_to_give_up_crypto_keys_jail_sentence_ripa/
