Encryption was reported for 15 wiretaps in 2012 and for 7 wiretaps conducted during previous years. In four of these wiretaps, officials were unable to decipher the plain text of the messages. This is the first time that jurisdictions have reported that encryption prevented officials from obtaining the plain text of the communications since the AO [Office of the United States Courts] began collecting encryption data in 2001.
This seems quite amazing to me on two counts: first, so few possible bad guys use encryption. I suppose that makes sense in a way: they really don’t expect to be wiretapped. And to be fair, some may not be bad guys at all, just people talking to possible bad guys. And second, of 22 encrypted wiretaps, only four could not be broken.
Now, the report doesn’t say what types of wiretaps these encrypted ones were. The report covers wire, oral and electronic communication. So the communications could have been telephone conversations or perhaps email. The details are unclear.
We talk in In Learning Tree Course 468, System and Network Security about encrypting email messages and course participants exchange encrypted data. It’s nothing new.
For years government agencies and private individuals have used various techniques to encrypt voice communications. Some have been quite basic and some have been quite sophisticated. A new set of tools for mobile phone users has emerged that may prove interesting. Silent Circle has created a suite of applications for individuals, companies and government to protect themselves from spying. The goal is to protect oneself and one’s company from the bad guys, of course, not to protect criminal enterprises. The news has been full of corporate and government espionage recently and these types tools are one way to help prevent that. I think this is just the beginning of a large market.
The people at Silent Circle have a pretty sensible list of what their tools can and cannot do. (I have never used their tools and I don’t endorse them in any way. I’m merely using them as an illustration.) The point is that encryption, no matter how good, is not a panacea – a point we make in Course 468.
I talked in an earlier article about end to end encryption compared to encrypting on a server. It is important for confidential business and government communication to be encrypted. It is equally important for that encryption to be strong enough that adversaries cannot break it. But that encryption can be so strong that law enforcement cannot break it either. The only way to circumvent that would be with some sort of backdoor.
Are backdoors for law enforcement needed? Are they good or bad? Share with us in the comments below. This is an important issue that needs to be discussed.