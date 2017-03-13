What The CIA WikiLeaks Dump Tells Us: Encryption Works (ap.org) 25
"If the tech industry is drawing one lesson from the latest WikiLeaks disclosures, it's that data-scrambling encryption works," writes the Associated Press, "and the industry should use more of it." An anonymous reader quotes their report: Documents purportedly outlining a massive CIA surveillance program suggest that CIA agents must go to great lengths to circumvent encryption they can't break. In many cases, physical presence is required to carry off these targeted attacks. "We are in a world where if the U.S. government wants to get your data, they can't hope to break the encryption," said Nicholas Weaver, who teaches networking and security at the University of California, Berkeley. "They have to resort to targeted attacks, and that is costly, risky and the kind of thing you do only on targets you care about. Seeing the CIA have to do stuff like this should reassure civil libertarians that the situation is better now than it was four years ago"... Cindy Cohn, executive director for Electronic Frontier Foundation, a group focused on online privacy, likened the CIA's approach to "fishing with a line and pole rather than fishing with a driftnet."
The article points out that there are still some exploits that bypass encryption, according to the recently-released CIA documents. "Although Apple, Google and Microsoft say they have fixed many of the vulnerabilities alluded to in the CIA documents, it's not known how many holes remain open."
The article points out that there are still some exploits that bypass encryption, according to the recently-released CIA documents. "Although Apple, Google and Microsoft say they have fixed many of the vulnerabilities alluded to in the CIA documents, it's not known how many holes remain open."
When can we expect a ban? (Score:3)
Now the powers to be really have an incentive to outlaw encryption. Great!
Re: (Score:3)
The CIA is supposed to spy on foreign subjects. How will the US manage to ban encryption for foreigners?
Banning the export of encryption already has been tried, and we see how effective that was.
"if the U.S. government" (Score:2)
This is what really pisses me off: the unstated assertion that *only* the US gubmint has these techniques.
Quantum computers (Score:2)
Once the government figures out that quantum computers can be used to easily crack conventional encryption, you can bet that those new machines will be locked up behind a top secret order that's about 30 pieces of paper thick.
Re: (Score:2)
There are already defences against this.
I'd be rather disappointed if military encryption specialists weren't already designing more and even using them in practice already.
No it doesn't (Score:2)
Re: (Score:2)
Well, yes and no. Providing data-in-transit protection between two endpoints only mattes if both end points are of an equally trustworthy nature. Hat is a combination of security of the device, assumption that it has not already been compromised, and that the operator is operating in good faith.
Sending a confidential message via trusted channel to another terminal being operated by Loud Howard who will read the message out loud to himself subverts all the technical controls, too, if he is being listened to
Sigh. (Score:2)
Not surprising, really, given that's exactly what encryption was invented for. To military standards. For military purposes. To prevent other militaries doing exactly what you don't want them to do.
All the scaremongering around encryption "being broken" by these "acres of datacentre" junk is just that - scaremongering. Hell, didn't the NSA recently ask for help breaking Skype? I'm sure there's a certain amount of misdirection there (I'm still not convinced on EC cryptography, which was brought along wit
False assumption (Score:3)
Re: (Score:2)
And that's the point of the argument.
If breaking the encryption was easy, they could just decrypt everything they get off of the wire and not have to insert back doors into software and target into a suspect's OS.
But since encryption is (financially/time/computationally) expensive, it's cheaper to exploit flaws in software.
CIA != NSA (Score:2)
While it may be tempting to think of the recent leaks as evidence of some broader point about cryptography, please realize the CIA is not the NSA. The only thing this proves is there is a huge gap in the capabilities of different agencies.