Tag Archives: encryption

Internet Architecture Board: Encrypt Everything!!

In a direct response to the reported “pervasive surveillance” that is being carried out, the Internet Architecture Board (IAB) said in a statement that protocol designers, developers, and operators should make encryption the norm. Not only should encryption be “deployed throughout the protocol stack”, given that “not a single place within the stack where all kinds of communication can be protected”, but that new protocols should be designed with confidential operation by default.

They go on to say:

Encryption should be authenticated where possible, but even protocols providing confidentiality without authentication are useful in the face of pervasive surveillance.

Their aim of the changes are to “help restore the trust users must have in the Internet”.

Whilst I think this is a good idea and should improve security, it does pose questions for network and security administrators. It will make their jobs a lot harder if everything they see across the network is encrypted. The IAB seem to recognize this and are willing to work cooperatively to provide a solution that will hopefully benefit all.

I also find it encouraging that they are trying to get those developers who don’t even necessarily deal with user information to also use encryption so that they don’t reveal anything that might point to user information. Whilst I am glad the IAB has put this out and they recognize that it will take time, I wonder if it is feasible.

iPhone encryption: Law enforcement request Apple’s help

The Apple iPhone (4S and 5) appears to be so good that it has stumped law enforcement agencies. The ATF have apparently requested the assistance of the group in Cupertino to get past the encryption as they can’t. There’s one small catch…Apple put you on a waiting list! That’s right, according to the CNET article Apple are so deluged by the amount of requests that there is a 7 week wait and that’s if you’re lucky! One request reportedly took 4 months to complete.

This opens up the wider issue of privacy and in the case of America, 4th Amendment rights. Personally what I would like to find out is why and how Apple Inc can manage to decrypt your data and make it available to officers. Did they build a backdoor into their encryption? If this is the case then surely they will lose a lot of trust within the technology community? If that’s not the case and they managed to work around it then how secure is our data in the first place?

By now you probably are already aware that I will side with the privacy advocates. It’s simply not a question of “well I have nothing to hide so why do I care”. The underlying point is why should I have to justify my actions unless there is valid cause? If law enforcement suspect me of a crime then go ahead and use the proper legal avenues to bring about any action. Our founding principles both in the UK and the US is innocent until proven guilty. That principle has managed to work well for hundreds of years, I don’t see why that would change now.