Privacy

Should we be outraged that Apple is making virtually unbreakable encryption a default option on iPhones?  I'm not seeing it.  Allahpundit argues that law enforcement should be able to get into your phone with a warrant.  I'm content to let people expose themselves to penalties for contempt if they refuse to unlock an encrypted phone and a warrant holds up on appeal.  Also, it's a little hard to take seriously claims that an encryption technique will stay unbreakable for long.


4 comments:

E Hines said...

I'm certainly on the side of encryption. The government's interest in a man's communications is in the man's communications, not in a third party provider of a communications medium.

If the government were serious, it would beef, also, about all the easy-to-use facilities for encrypting our email. I've heard nary a peep on that one. 'Course, the sellers of those encryption facilities aren't rubbing the government's face in the capability.

Full stop.

Eric Hines

Grim said...

It's hard for me to believe that encryption will stay unbreakable for one minute. I assume Apple is making this big fuss in public while passing the keys to the NSA in private. That's just how I'd do it, if I wanted to fool terrorists into thinking their data was unbreakable and secure.

E Hines said...

It depends on the encryption algorithm being used. SSH and RSA, for instance, simply use a provided facility; the keys are user generated. As I understand it, that's what Apple and Google are doing--they're providing the encryption algorithm, and the user must supply the key(s).

Of course, both of those particular algorithms were compromised (actually, later found to have been flawed all along, in the nature of bugs) some years ago, but there are both fixes for these, and other algorithms that are quite good.

And a lot depends on what's being encrypted. If I only need my com protected for a few days, even SSH or RSA are adequate. If my data need protection for years, then I need a stronger algorithm.

And a good key. A minimum length key, anymore, runs at least 32 randomly generated characters, and 48 or 64 are better. Even the premise touted by too many IT types that a passphrase or some sentence is sufficient for generating a key is...suboptimal.

Eric Hines

Ymar Sakar said...

It's hard for me to believe that encryption will stay unbreakable for one minute. I assume Apple is making this big fuss in public while passing the keys to the NSA in private. That's just how I'd do it, if I wanted to fool terrorists into thinking their data was unbreakable and secure.

That's correct, any encryption can be broken via computational cycles. It just takes some time.

Not as easy as the government accessing the encrypted data using the keys used to encrypt it and decrypt it, of course. Which annoys a lot of parallel evidence methods. You have little time to conduct a parallel evidence trace from information given to you by US regime spy agencies, if you are to fabricate a justification for why you knew X, Y, and Z about American perp B after spending an enormous time decrypting the data.

That's just how I'd do it, if I wanted to fool terrorists into thinking their data was unbreakable and secure.

But that's not right either, since Google and Yahoo already gave the keys to the US gov years ago, and nobody said anything about it now or before. Whatever extra money Apple would receive, isn't worth defying the Regime in the long term.

The government already cracked down and annihilated some companies doing email encryption service. The ones that refused to hand over their keys, but the ones that did, stayed in business and nothing happened to them.