Secrets and lies, encryption style
Given enough time, nothing is secret. Even for Jihadis.
Encryption still has the whiff of magic about it, even though it is by some margin the oldest application of computing power, having kick-started the modern computing age during WW2 code-breaking. It just never seems to grow old or lose its power to frighten, fascinate or just baffle people.
Even Bacon’s famous “knowledge is power” dictum is shorted by it, requiring reformulation into “knowledge is power as long as it is exclusive.” Those with the power to wrap their own information into a form nobody else can access sometimes look more like the druids of data than harmlessly paranoid nerds.
Encryption is everyday, used in a wide range of mundane applications, mostly for securing data as it moves down tunnels made of SSL or, as in the case of Skype, making VoIP phone calls. But it’s the idea of encrypting data-at-rest that seems to generate the most heat. It lets the paedophile lock up his horrible files, the terrorist frustrate the police from diving evil plans, and the Internet criminal store grubby code on hacked websites.
A recent and scaremongering example is the news that a forum sympathetic to religious extremists is about to release a programme dubbed "Mujahideen Secrets 2”, an encryption suite that will somehow arm lunatics with a means of locking up their data in some kind of a digital vice.
Let’s ignore the fact that there are dozens of well-designed software utilities out there that could do the same job for a one-off fee of $19.95, and which have been around in increasing numbers since the days when Phil Zimmermann got the desktop encryption market off the ground with his PGP software in the early-1990s. Let’s ignore the fact that even the best-secured encryption programme is only as strong as the hash used to turn its key, and let’s finally ignore the fact that the terrorists still have to find a way of distributing this hash to one another without compromising security.
And don’t even start on the fact that super-computing power is now at a level that can thrash mainstream encryption programmes before breakfast if it really matters to creepy the guys wearing shades. In many ways, this world perfectly mirrors the code-breaking machines of WW2.
No, calling it Mujahideen Secrets 2 just sounds scarier, as if it has given these guys something nobody else has.
If you fancy picking an argument, the rise of everyday encryption has actually compromised security because it has given some people the naïve notion that zipping up their worst secrets using their dog’s name and a couple of $$ signs at each end is really going to stop people from breaking in – it isn’t. There is nothing less secure than a scheme that is flawed in ways that the user has not grasped, including the fact that an encrypted document draws attention to itself.
This is not to say that encryption isn’t taking its toll of law enforcement agencies, nor that it is not a cheap way of stopping others from stealing data. But the Internet has not been turned into a tool of destruction just because of encryption.
The most dangerous secrets are ones that are never written down at all, committed to pivot tables, copied to backup CDs or sent across wires with the digital consistency of scrambled eggs. Knowledge is power when it is in the mind and the mind alone, when it is almost unthought, just assumed.