Encryption and Deception
The spotlight on encryption after the terror attack on Paris has not helped the security community in securing online identity and data. Governments have swooped down on the need to have backdoor on secure communications such that they cannot be used by terrorists or criminals. But herein lies the fallacy or misconception that such measures will help us secure ourselves from these very criminals. Spy agencies have been engaged in cyber warfare where they are masters of deception.
A lot of media hype hype has been created about encrypted services and how they could be used by criminals and terrorists. One such service has been recently become very popular crossing the billion messages mark. And this service became famous or infamous (bad publicity is also welcome nowadays as it helps sell stuff) after a much bracketed terrorist group was claimed to have used it. And guess what? This was purportedly used by those who downed the Russian passenger jet as well claimed to have carried out the terror attack in Paris this month. And guess what? The service is completely hackable. The security researcher has shown how messages sent by this ultra secure messenger can be recovered even after is has supposedly been deleted permanently. And the response from the service has been that its encryption is hack proof except when a hacker has administrative control of a device running the app. Now how many times have we heard of mobile devices getting rooted or spy agencies being able to control people’s smartphones.
So how difficult it is for spy agencies to get administration control or even hackers for that matter. So what do we make out of this? It is quite simple. These services are there so they will be used by those who need to be caught. It is a clear case of deception to fool us into using these ultra secure services. That is a noble thing with respect to criminals and terrorists but what about those who are fighting for human rights? Who risk their limb and life to fight for other people, in exposing corruption, in ensuring everyone of us can live a decent and free life!
A recent article by the Wall Street Journal details more on this deception. There is no such thing as hack-proof encryption or or secure services. Except where the service is not in the control of one person or organization and truly distributed in its functioning. And the code open source to be scrutinized by the world. Everything else can be manipulated and deceptive. Specially the service that makes use of proprietary and secretive encryption technology.
Source: Encryption and Deception Source: Google Image Search