Thursday, November 24, 2016

Encryption in a Trump presidency

I keep seeing articles about how now that Trump has been elected encryption apps are on the rise and people talking about how to encrypt your stuff more and more. This just makes me laugh. Now to clarify, I am not a Trump supporter or a Clinton supporter. I went third party because I'm sick of the either or option we keep getting. I also wanted to vote for a candidate that fit my thoughts the best, and that wasn't in one of the main parties. So why does this make me laugh? Let's look back on history. Even during the Obama administration the government was listening in. Snowden proved that. So what is the difference between a Democrat listening in on your conversations and a Republican?

So here's the real scenario. Your conversations are being monitored. Not just by the government, but malicious people who may or may not be aligned with anyone in particular. The bottom line is that if you're worried about people listening in on your conversations now, you should have been worried since the invention of communication devices. It is far more than a government thing.

I also want to touch on the battle of encryption. We always talk about Internet encryption, however let's look at another area where encryption has been discussed. Amateur radio, or Ham radios. Look up amateur radio encryption and you can see a complicated argument going on. To summarize what little I actually know about it (so correct me if I get details wrong), there's no real encryption of messages allowed if they obscure your communication unless publicly documented. Or basically, you can encrypt so long as anyone can decrypt it through some means. This should sound a lot like the government wanting back doors into online encryption. In the case of radios, it's the FCC who would be tapping in. In these arguments, there are lots of people against and for it. Perhaps we need to really look around us and see the contrast in opinions for encryption simply divided by medium of choice.

My opinion is that regardless of medium, people should be allowed to encrypt whatever, whenever and however they want and not be required to turn over any information of how to decrypt unless they so choose. If I pass a paper note to someone in a special code only myself and the other person know, it should be treated the same as passing along information online. Regardless of medium, it is a matter of the information traveling.  If I decide to send plain text online and have the message purely in code words that only myself and the sender understand, would that still be covered under encryption? Potentially.

Now if you wonder why I support encryption, it is not in any way because of government. It is because of people. People can be malicious. Here are situations where encryption is not only preferred, but in today's world a necessity.

Remote administration. Being a tech, I am conscious of whether I use telnet or ssh. Even using a VPN should be encrypted. In remote administration, sensitive information is constantly being moved around. I don't want someone who manages to listen in to see how I log in to the router or even configure it.

Transferring of files and storage. Suppose my doctor emails me blood test results. Well, because of HIPPA, it needs to be secure in many ways. Now the email is on my hard drive. Very sensitive information about me. If I keep it, I want it protected in any way possible. The government can know all they want about that, it's malicious people I don't want seeing it.

Business transactions. This can include credit card information or stuff that if taken can be used for insider trading (which is illegal). I want to keep people from stealing my identity or making money with an illegal advantage.

There are many more special cases that you can list off, but the point is there is a lot of sensitive information being shuffled around and whether you want the government to get in or not we should all be able to agree that we should do what we can to protect ourselves from malicious people in the world.

Now let's say the government comes knocking and they want access to your encrypted phone because they are gathering evidence and you may or may not be responsible. Well, if it's not subpoenaed then you have the right to keep anything from them, especially if it's self incriminating. This is because in America we have the whole innocent until proven guilty thing. I also would like to say a tech company should have the right to with-hold information for decrypting a phone for the reasons of if they give it away then all their phones are vulnerable in future cases and nothing stops the government from needing that permission to get in in the first place. This would be like if the government got every key maker to make a master key and give them a copy to get into your house, car and every locked room and container in your home. It's just wrong. Locked in my house are personal files and munitions. They are locked for a reason, not legality but because stay out of my stuff.

The only law I would support in encryption would be a way for the government to subpoena password information from a person. It's the same as getting a warrant to go into a house and them refusing to let you in. You can change a lock later if you're that worried but if there is that much reason to get the information legally then only that individual should be compromised, not an entire user base.

Back to the main point, does Trump being president effect the encryption fight in any way or give reason to encrypt your information? No more than any other administration. The reasons to fight for encryption remain the same. He may pick the policy makers and may pass laws but they've been listening in for a while now. So get your head out of the sand and actually do something about it and stop fear mongering about which person got elected and how that effects it in any way, because the fight will remain the same. Take a real good look at the world around you.

So here's to hoping people will actually get up and make a change. It saddens me to think it takes fear to motivate people to actually care about something but I'm all for making the world a better place. So let's keep our private lives private, let's keep our security, and let's not be afraid but instead fight for what we want.

So all those in countries where the fight is being lost or already lost... I hope you won't be a model for us. Hopefully when we win this debate, others will follow suit and it will be the norm to just allow encryption and stop asking companies to unlock stuff for them or to give them access to information they don't need to stick their noses in.

Tag Cloud

.NET (1) A+ (2) addon (6) Android (4) anonymous functions (5) application (10) arduino (1) artificial intelligence (2) bash (4) c (7) camera (1) certifications (4) cobol (1) comptia (4) computing (2) css (2) customize (16) encryption (2) error (19) exploit (17) ftp (3) funny (2) gadget (3) games (2) Gtk (1) GUI (5) hardware (7) haskell (15) help (8) HTML (6) irc (2) java (5) javascript (21) Linux (20) Mac (5) malware (2) math (8) network (9) objects (2) OCaml (1) perl (4) php (9) plugin (7) programming (42) python (24) radio (1) regex (3) security (25) sound (1) speakers (1) ssh (3) story (1) Techs from the Crypt (2) telnet (2) tools (15) troubleshooting (5) Ubuntu (4) Unix (4) virtualization (1) web design (14) Windows (8) wx (2)