For the sake of simplicity, let’s say there are two kinds of encryption. Plain vanilla encryption that prevents anyone from hacking into your personal information. And, responsible encryption which allows the government or anyone else to obtain your personal information. Which do you choose?
Own The Keys
At one point in the U.S. of A.’s not-to-distant-past, encryption was considering munitions and it was illegal for average everyday folks to own it, use it, or even know about how to make it. Thankfully, those days are gone and encryption is everywhere. Your Mac, iPhone, and iPad have it. Messages has it. Mostly uncrackable munitions encryption is ubiquitous and used by those of us of average humanity, commerce and finance, crooks and hackers, and government spooks.
Guess who wants to crack into your personally encrypted files? Crooks and hackers. And the government. Deputy U.S. attorney general Rod Rosentein:
Responsible encryption is achievable. Responsible encryption can involve effective, secure encryption that allows access only with judicial authorization. Such encryption already exists. Examples include the central management of security keys and operating system updates; the scanning of content, like your emails, for advertising purposes; the simulcast of messages to multiple destinations at once; and key recovery when a user forgets the password to decrypt a laptop.
In other words, if the government has access to your encrypted information, then what you encrypted has gone from safe to not safe encryption. If you hold the keys to your encrypted files, they remain about as safe as advanced encryption can make them in 2017 (quantum computing is on the way and that could change the balance of power within the encryption issue). If the government holds the keys or has access to the keys which unlock your encryption, then what you encrypted is only as safe and secure as the government.
The U.S. government is safe and secure, right?
Use these keywords– us government security breaches encryption– to perform a quick Google search. What did you find?
Breach after breach of supposedly secure government servers. If the government cannot keep itself free from crooks and hackers how will they manage backdoor access keys for private encryption? And, it’s not just the government. Similar data breaches occur on a daily basis among corporations. If those entities, with all their resources, cannot keep out crooks and hackers, what happens to the backdoors, front doors, golden keys used in so-called responsible encryption?
I understand the issue here. Some very bad characters have iPhones and Android phones and specific applications are available to encrypt communication and data so that government entities and authorities cannot gain access to thwart or track their deeds.
That’s a problem.
Unfortunately, there is no solution that involves gaining access to private information via responsible encryption. Why not? First, governments cannot get access to all encryption. It cannot happen because encryption is easy to create. Once the government has access to some encrypted data, the crooks and hackers and terrorists move on to one that works without providing access.
Meanwhile, everyone else is left to be spied upon by the government as well as crooks and hackers to hack into and make off with the backdoors, front doors, or golden keys the government would lead us to believe will be safe.
If they cannot secure their own data then how will the secure access to our data? The government is not safe. Corporations are not safe. Your private information is only as safe as you can make it with best of breed and state of the art protection. Out of sight, out of mind.
My mantra here is simple. Own the keys and do not share.
To an extent, Apple does some of this for us. Macs can be locked down and encrypted by a password and backup key only you know. Communication via Messages is encrypted end-to-end. But not everything we save on our Macs, iPhones, or iPads is completely secure from outside attack or law enforcement. Apple is stuck between a rock and a hard spot here. They provide some security but have to oblige themselves to certain legal challenges and they are not likely to win them all.
To that end I use some third party encryption applications and only use text messages that have the highest encryptions standards built-in for end-to-end encryption.
Trust no one. Any government official who spouts off about responsible encryption is self serving and no different than crooks, hackers, Google, or others who want what you own.