Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Private I: It's time to encrypt everything

Glenn Fleishman | Nov. 21, 2014
If we've learned anything from the last few years, it's that given the opportunity to snoop on or scarf up our data or our metadata, criminals, business, and governments have a lot in common. They may have different ends that drive why they want to look at our email and transactions, listen in to phone calls, track with whom we communicate, and follow our location, but it all involves a lack of consent.

Peer-to-peer clients require that everyone with whom you want to communicate installs the same software, which may be limited to one or a few platforms, or chooses from a much more restricted set of choices. That limits utility, and it's what has driven people to less-secure client/server configurations. The trend is shifting, though, in part for security concerns. Skype has always used end-to-end encryption, as has iMessage. But both have significant flaws in how their integrity is verified by regular users and validated by outsiders.

ProPublica, a journalism non-profit, recently published a deep evaluation of secure messaging tools, scoring one point for each of seven measures, including whether the source code was open to outside auditing. Only a handful of serious, but relatively thinly used systems received seven points; the most commonly used tools scored much lower. AIM received one point as did Skype, while iMessage and FaceTime each scored five.

This scorecard will change rapidly. Just this week, WhatsApp, the Facebook-acquired massively popular messaging app, announced it's integrated TextSecure into its Android client for interacting via text, taking Android-to-Android connections from two points on ProPublica's scale up to seven. WhatsApp will add iOS and other kinds of message support in the future. And a firm founded by former Navy SEALS and veteran iconoclastic encryption gurus, Silent Circle, also scores seven for its text and phone call services available through iOS and Android apps.

You may have a lot of different feelings about whether or not government bodies — with or without the varying legal processes ostensibly guaranteed to you in the country in which you reside — have the right to listen in, intercept, or decipher data on demand when national security or other interests are at stake. But any method by which a government agent can access our data is a conduit for thieves, companies, and other governments to use as well. Law enforcement has to adapt; we need to protect ourselves, as they cannot.


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.