Smartphones

Should encryption be outlawed?

Telecommunications Secretary Siddhartha Behura, the top official in the telecommunications ministry, has clarified that India does not intend to ban RIM's BlackBerry services in the country.

Telecommunications Secretary Siddhartha Behura, the top official in the telecommunications ministry, has clarified that India does not intend to ban RIM's BlackBerry services in the country. Indeed, the telecommunications department was "very keen" that the services should continue, according to ZDNet News.

A furore erupted last week when India's Union Home Ministry rejected newest entrant Tata Teleservices' application to offer BlackBerry services. Security concerns with regards to terrorism was cited, with the explanation that the secure nature of the BlackBerry platform does not allow for any data interception. Observers note the bizarre clincher that other Indian telecommunications companies already offer the BlackBerry in India.

The decision is all the more strange when you consider that other popular push mail technologies, such as Microsoft's Direct Push, also allow encrypted transfer of data via SSL. Anyway, this clarification puts the India BlackBerry debate squarely into the realm of regulatory impartiality instead.

Still, the initial cited explanation of "security concerns" does bring out the age-old debate. Won't terrorists with access to military-grade encryption be able to thwart the efforts of security agencies? Even the FBI seems to think so, if the allegations of back door access to a major wireless carrier turns out to be true.

Does encryption hinder law enforcement? In the same token, should encryption be banned?

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

45 comments
oldbaritone
oldbaritone

then only outlaws will have encryption. But the government would allow encryption for its own use. Hmmm..... Don't we have enough ID theft ALREADY, without making it that much easier for the crooks?

lastchip
lastchip

It is no worse than having sensitive documents locked in a safe. Privacy for the individual is getting out of hand. There are far too many government imposed "spy" devices already; all in the name of security. Sometimes freedom requires taking chances, or at least balancing each side of the equation.

Ed Woychowsky
Ed Woychowsky

Would the banning include the encryption on DVDs a Blueray? How about DRM? Or, would it be selective?

Jaqui
Jaqui

is among the WEAKEST encryption models. since you have to email the decryption key to those you want to be able to read it, it doesn't matter how strong the key is, a government can get a court order for archives to be kept of all email for a particuar account, this would quite likley include the key to decrypt the encrypted emails.. specially if they track it for a while and have logs when a new address is added to the recipient list of encrypted traffic. ssl is one of the weaker encryption protocols, so just using ssl to transmit the email is not secure at all. it has the decryption information in the connection negotiation traffic, so a clear text log can be obtained if an account is under investigation, a court order to supply such being given to the service provider. just using normal sending services I can encrypt email with gpg, and unless I also send the key to someone, they will not be able to decrypt it without a lot of effort. [ dpending on settings used to generate encryption key naturally ]

paulmah
paulmah

Does encryption hinder law enforcement? In the same token, should encryption be banned?

TonytheTiger
TonytheTiger

armed conflict! I honestly believe there is a better than 50% chance that it will come to that within my lifetime.

JohnMcGrew
JohnMcGrew

...those who do not spread substantial sums of money about Washington.

RFink
RFink

Outlaw SSL and https. I can't wait to see credit card numbers in plain text. :)

royhayward
royhayward

Sorry Jaqui, but doing a simple search for 'How PGP works' would be a good idea. I was really surprised to hear you say this. "since you have to email the decryption key to those you want to be able to read it" In a nutshell, I give you a key, its the public key, and I don't care who intercepts it. I can put it on my website or print it on a T-shirt. This key is only good for one thing. Encrypting a message or file. Once that file is encrypted, you can send it to me. But you can't open it without the private key. I keep that key in a secure place. This means that if you use that key to create any message to me, you can be sure that sending the encrypted message will only be readable by me with my private key. Likewise if I need to send you a message, you will give me a public key wherewith I can encrypt my reply that only you can read. If you really like math you can dive into the equations and algorithms of how this works. But this is the analogy: I give you a magic padlock. With this padlock you can lock up a box, and still have the padlock to lock more boxes. ie. it never runs out. But after you have locked the box, you don't have the key to the padlock, only I have that key, and only I can open the boxes that you lock. Just like a padlock, anyone can lock it, but only the person with the key can open it.

Dr Dij
Dr Dij

symmetric encryption (as in email) is enhanced by assymetric (public key) encryption). Keys are distributed with the compute intensive method - by encrypting with the recipient's public key and for authentication with the sender's private key. This way the keys CANNOT be intercepted. Jacqui, this is basic cryptography. any Security + or other cert prof will know this.

mwclarke1
mwclarke1

The need for encryption, one word.... Governments! We have to protect our rights to our privacy even from our own government who's sole purpose and only purpose is to protect our rights, our Liberty's, and provide us with justice when they are denied. When our government is corrupt, our justice is not so just, so biased with power and greed within itself and those who serve it, We have to protect ourselves, the government is not going to.

Nimmo
Nimmo

Can you imagine what would happen if encryption was outlawed what havoc would arise.

TonytheTiger
TonytheTiger

Law abiding citizens would be deprived of the right to protect their privacy as they see fit, and criminals, who are breaking laws anyway, won't care about breaking one more. What is gained ... and at what cost?

Dumphrey
Dumphrey

to most that the only way to achieve online security is going to involve some form of encryption. Its not the Final Solution, but its a strong part of data protection. As the online world gets more dangerous to our financial and social well being, its important to be finding secure encryption for consumers. Its obvious encryption hinders law enforcement. Thats why good encryption is hard to find, and hard to use. Any smooth commercial package has back doors and built in passwords, "For Consumer Security, and Data Recovery." We have a constitutional right to "arm bears" to protect ourselves from tyranny, encryption should be no different, and for the same reasons.

mydotnetemail
mydotnetemail

And the key is located in 365 different websites on the Internet. Only the designated recipients know where to go to get the key. Write your own, just have to think so far outside the box that no one would ever crack it. :)

Koerper
Koerper

India is one thing. I half expect most countries in the world to do those kinds of things. What really bothers me is that the United States has become a place where people seriously ask these kinds of questions. This kind of thing is NEVER about fighting terrorism or any other kind of crime. It is ALWAYS about controlling people. If terrorism is the use of scare tactics to manipulate people for political gain, shouldn't we apply that label to every politician who cites terrorism as their justification for stealing another liberty?

Forum Surfer
Forum Surfer

It pertains to India, a nation divided between peacful muslims and radical fundamentalists. The country's government sounds as if it is grasping at straws regarding telecommunication security. It's what happens when public officials aren't well informed of the subject matter they are dealing with, then it hits the media before the situation is fully sorted out. At least they recognize that they have a terrorist threat within their borders and look for way to deal with it internally, albeit this venue sounds a little vague. This is a topic that doesn't pertain to Americans or many other countries...it sounds specific to India. That would never fly here.

The Listed 'G MAN'
The Listed 'G MAN'

sd$56667###2344HJH3343asdd234%^&(&?))(? sedDF65%^%?*lpnsdjbjm)(?*????>

Dr Dij
Dr Dij

as the terrorists would then be able to intercept bank transfers, take data from every laptop they stole, including employee SSN / ID#s and credit card#s; If encryption is outlawed, then only outlaws will have encryption. They will still use it like they use guns where they are banned still.

metalmonkey
metalmonkey

And we should also ban locking doors because it also hinder law enforcement. Seriously, the only way not to hinder law enforcement at all would be to strip everybody of all their rights to privacy...some law enforcers/politicians seem to think this is the way to go but somehow...I'm not too confortable with this.

RFink
RFink

Does encryption hinder law enforcement? Sure it does, but is that a bad thing? I don't think so. What happened to innocent until proven guilty? Of the amount of data encrypted today, what percentage of it can be traced to terrorists? One byte per septillion? Given the government we have today ask yourself these questions: How many innocent people have the terrorists killed? How many innocent people has the government killed? I rest my case.

mydotnetemail
mydotnetemail

THank God we still have the right to bear arms!

TonytheTiger
TonytheTiger

the virtual ones I have that are only good at one vendor? :)

Dr Dij
Dr Dij

that public key encryption is compute intensive - very slow; there are symmetric (same key to encrypt / decrypt) block ciphers that have just as good security as PGP but are much faster. Asymetric algorithms (e.g. pgp) may be practical with some emails but not large volumes such as data links. the best compromise is to use standard encryption but distribute the keys via PGP type algorithms as I mentioned above, since distr of keys is low volume.

$dunk$
$dunk$

The US Government spends millions of dollars a year trying to invent encryption algorithms that can't be cracked and can be processed in a reasonable amount of time. They haven't figured it out yet. If you've come up with an algorithm that can't be cracked then you should look into getting a slice of those millions that the government is apparently wasting on all the PhD encryption experts. Also, I believe at one time it was illegal to utilize the public phone networks to transmit data that didn't use standard encryption algorithms. I'm not sure if that is still the case or not. Don't confuse people not being interested in your data to waste their time trying to crack it, with not being able to crack it.

JohnMcGrew
JohnMcGrew

...everything that we must do "for the children"?

royhayward
royhayward

Most people see protection and security as just working one way. But that is not always true. For instance: You lock your door, and then I can't get in to do bad things. But it also protects me, for instance: You lock your door, and then when you can't find your car keys in the morning, you don't come over and accuse me of stealing them. By having and making available ways for people to have secure and private information and communication, protects others from encountering that information and becoming suspect. If your HR department took the financial information and threw it out on a file share that anyone can access anonymously, how would you know who had looked? But if it is in a secure database that only the DBA and the HR person(s) have access to, after your big raise, you won't wonder about the weird look your teammate is giving you after lunch. Instead you will check to see if you have something in your teeth. Worrying about terrorism is not an idle pastime for some people and nations. So there need to be ways to look for them. But those ways need to make sure that we don't create more problems. This proposal of banning encryption sounds iffy.

royhayward
royhayward

kill people! Powerful encryption algorithms kill people. :)

BlazingEagle
BlazingEagle

...outlawing encryption but at the same time, unless the US government is utterly stupid, I would think the US government has a way around encryption already. Just a guess.

Crash2100
Crash2100

The real reason the government pushes things like this is to get an excuse to analyze everyone with a microscope and without the need of a search warrant. They always say it's for all of our protection, but what they really want is an excuse to do whatever they want, whenever they want. Look what we have lost with all of the drug and terrorism crap. They can practically break into any building legally without a search warrant if they have an excuse that's related to drugs or terrorism. Now they want to sacrifice everybody's security in the digital age for the very same reasons. Basically, the government says "we're not smart enough to get this done right, so we'll cheat! And who cares if we cause more problems, we can do whatever we want."

Forum Surfer
Forum Surfer

It's only a matter of time before gun owners become an "easy target" for incoming political parties. I'll be keeping my concealed carry up to date regularly because I beleive it to be a matter of time before that permit is outlawed. I'll give that up if required, but you can pry my gun collection out of my cold, dead fingers! Not that I could actually hold them all at once, lol...but you get an idea about my feelings.

RFink
RFink

We got to protect the public. :)

royhayward
royhayward

Since the article initial was talking about blackberry devices I think the single encryption key could be inside a regular update or passed with an asymmetric process during the device programing and setup. That way the user doesn't have to figure out encryption just to use their phone, but it stays fast and secure. Overall, if we are talking about encrypted data over the internet and such, PGP implemented on modern servers will perform well enough and much better than on Pocket PC level hardware.

mydotnetemail
mydotnetemail

Red tape, CYA and politics - this is why government should be as minimized as possible. Too many useless meetings and way too many committees. They really only have two basic items in their job description (the Constitution): Protect us from foreign and domestic enemies and deliver the mail - leave the rest to Capitalism and the private sector and the economy would boom in such a way as never seen before. When I contracted to the Navy as a Business Analyst, my job was to identify practices, policies and inefficiencies in each of their "Business Lines" (their terminology not mine - lol). They didn't like the results. The conclusion in summary was that 6 out of 10 employees were either redundant and/or unnecessary to accomplish the stated "Business Plan", many of the policies and procedures were too restrictive, time consuming and impeded progress. With the proper modifications to their database systems, even less employees would be needed to accomplish the same goals.(they would need a couple more techs to support the system but the cost of the techs would be far less than the number of employees that the system would replace - with much less errors and a lot less meetings :)) If they had implemented the proposed changes, their annual budget requirements would have been approximately one quarter of what it is. This was generally true over the handful of "Business Lines" that I covered and I have no doubt that it would be true within any other government agency. Consequently, because they never implemented these changes, not only are they still wasting that money(our money), the quarter million that they spent on the analysis was a waste too. They're still doing these kinds of analysis but have no intention of ever implementing them, they are merely done to appease a bunch of knottheads in Washington. Once again I'd have to say that the IT departments were the exception, after all, it's glaringly obvious if they weren't doing their jobs efficiently, the surfing machines, I mean "WORK Stations", would never work. - lol Although they should supply a reasonable income and good benefits to the employees that they actually need, I see nowhere in the Constitution where it's the governments duty or obligation to create jobs for the purpose of having a place for someone to work. If it's needed as a means of support for protecting our citizenry then so be it, but I'm convinced that at least half of them are not needed and are just flat wasting OUR money. MasterLuke

Forum Surfer
Forum Surfer

I could care less about spelling, I?m not even close to being that far OCD. You are posting on a forum, not writing a white paper! Speaking of unplugging things with high heels?the government is a good work environment if you are single. Lots and lots of paralegals, lawyer assistants and other associated temp staff constantly in and out. Male attorneys are absolute dogs in general. They lined up like roll call whenever a new attorney came aboard fresh out of school...didn't particularly matter if she was hot or not. They always got peeved if the lowly IT guy ended up taking her out to dinner. :) I was like a kid in a candy store! As far as governments and incapability go, my experience was that the government officials ALWAYS got in the way and caused problems. 9/10 times the inefficiency could be linked back to a commissioner trying to expose something that wasn't there or raise questions just to appeal to his/her voters. If you were in the know, you this person was full of b/s and was always throwing monkey wrenches in the machine. Take out the politicians on the business end of government and it would actually work pretty well! I once saw a committe of 15 people (commissioners/managers) take almost 2 1/2 months to decide on a layout for a homepage (not content, just layout!). The end result looked horrible and they had to start over. This time they let the web guy handle it (less than 2 days) and they voted on it.

mydotnetemail
mydotnetemail

I guess I should have been more clear, the IT people that I've experienced in govt circles were actually some of the better techs that I've come across. They are certainly the exception to the rule though. (most were ex-military and gained a great deal of experience in the service as I did - not that that is the only place to gain good experience) But I think you do know what I mean. If you worked on the IT staff in a govt setting, you were likely under their desks plugging in their power cord that they unplugged with their high heals, and experienced some very interesting office gossip in the process - Someone has to get them back up to surfing, IMing and emailing - lol You surprised me, I thought for sure that you would have responded to my misspelling of the word click in my last post that should have been spelled clique. :)

Forum Surfer
Forum Surfer

Kudos for not making this into a flame war! You even took the arrogance comment with, well arrogance, lol. My experience when I worked with the government went well. My fellow IT workers were all from previous high strees, high work hour private sector jobs that were willing to take less pay in exchange for better benefits and less hours. Worked great for me while my child was young. Guess I worked for the only shop that did things responsibly and professionally. And yes, this is about as much fun as my girlfriend plucking my eyebrows when I'm not paying attention. :)

mydotnetemail
mydotnetemail

Object all you like, I spent the first 15 years of my career in and around govt circles of varying types and I have NEVER in my life worked around a more inept group of ppl anywhere. There were a few EXCEPTIONS I'd have to admit; the funny thing about them is, they don't stick around long, like myself, they quit, create their own company and contract to the government making 3 times what they made before. I'm telling you, I know this system well, when they want something done right in the least amount of time, they hired ppl like me. My company had one task and it was put to us like this, "we need you to redesign our business processes and clean up this mess". - lol It took us 6 months to do what they attempted to do for the last 20 years. If you want a nice low paying cushy job thats IMPOSSIBLE to get fired from, where there you can surf the internet all day (when your not sitting in useless nonproductive meetings), talk on the phone or sit around in your little cubicle click and gossip about the other cubicle clicks; then the government is right for you. Otherwise, start your own company (This is America ya know) and do something productive. Sorry if this steps on some toes but it is what it is. :) And you are correct about one thing, nearly all programmers are arrogant and I R certainly one of them. - lol So, yes, I can make a general statement like that. MasterLuke this is fun!

mydotnetemail
mydotnetemail

Check your facts my friend. Of course you are correct that it helped accelerate the end of the war BUT thats only part of the story - "Although the Enigma cipher has cryptographic weaknesses, in practice it was ONLY in combination with other significant factors (mistakes by operators, procedural flaws, an occasional captured machine or codebook) that Allied codebreakers were able to decipher messages." War history happens to be one of my strong points. :) Like I said, unless I give you the source code "captured machine" and the personal language "codebook", you ain't crackin it. Even with it you'd have a hell-of-a-time lol BTW - my HS education seems to have done okay for me considering I've always made more money and have had more time and control over my life by working for myself rather than a slave to a company like my college counterparts (been there done that, haven't done it since). Formalized education doesn't guarantee any sort of success in any field. Success is determined by the intelligence of the individual. Gaining extensive expertise in a particular fields of study is what I've done all my life but I stopped taking college courses decades ago when it became apparent that in many cases; what they were teaching was mostly outdated and often wrong. Sorry bud, thats just the facts. I have no desire to work anymore (especially for the government - I've learned my lesson the hard way there - working for the government is like having multiple bickering fickle wives, all blonds of course) :) I crack me up! - ROFLMAO I'm too busy with my hobby's and continuing my extensive education (and no I don't utilize the "lame-stream" education system) I wish you the best my friend and good luck in all your pursuits. "observe the masses and do the opposite" MasterLuke

Forum Surfer
Forum Surfer

"If you want a project to fail miserably, give it to government employees. They'll WASTE millions of dollars accomplishing nothing and if it happens to be a project that is important enough to necessitate a real and tangible result they'll contract it out and actually get it done in a fraction of time and cost." I've known government groups that provided excellent solutions in a timely manner that saved money. I've also known some that were inept. But you can't make a general statement like that and lump them all together! That would be like me assuming that all programmers are arrogant and like to boast about "mine is the best ever" after reading your one post. :)

Dumphrey
Dumphrey

they considered it uncrackable, and had to refuse to admit it had been cracked to save face....thus costing them the war.

$dunk$
$dunk$

Too bad you don't need the money, if it truly is unbreakable, I'm sure the pentagon would be thrilled for you to put together a proposal. I guarantee you would make millions. But, apparently you don't need those millions, so why don't you give the algorithm(s) to someone else who could use the money. [i]The fact that they have a PhD explains why they can't come up with an uncrackable algorithm.[/i] ROFLMAO...yes, gaining extensive expertise in a particular field of study is certain to make sure that you can no longer accomplish your desired goals in that particular area of expertise. If only those PhDs developing those encryption algorithms would have just quit their formal education in high school, then I'm sure they would have created the unbreakable encryption algorithm by now:) P.S. The germans thought the enigma machine was unbreakable also. Good thing for the allies that it wasn't, as breaking the code is what turned the tide of the WWII.

mydotnetemail
mydotnetemail

Believe what you want my friend. The only thing that PhD has ever meant to me is "Piled High and Deep". The fact that they have a PhD explains why they can't come up with an uncrackable algorithm. If you spend that many years having the status quo and "this is the way we have always done it" jammed down your throat in some University, then your probably not capable of thinking too far outside the box and even if one were able, they're too afraid to. But you are right about one thing, there's likely no one interested in the content of my encryptions - lol It was only a hobby project anyway. I've worked both for and have contracted to the Government" - lol - PLEASE!! I'm not impressed with anything that government employees do. If you want a project to fail miserably, give it to government employees. They'll WASTE millions of dollars accomplishing nothing and if it happens to be a project that is important enough to necessitate a real and tangible result they'll contract it out and actually get it done in a fraction of time and cost. BTW - I already have enough money to do whatever I desire. I'd be more than happy to send you the binary for 10 different encrypted messages; I'll even tell you what one of the messages says - okay, okay, two then. :) You can have a crack at it. I'll even give you some hints; it's based on a personal language that uses no vowels and no conjunctions, it's first shifted with my own algorithm then with 2 other more common algorithms - each with separate keys derived from positioning within web page source in any several of ten's of millions of web pages online - the date and time of encryption determine which web page and position, each key of the 3 algorithms comes from a different page. The exe written in c++ is less than 100kb and anything encrypted by it cant be decrypted without it and a knowledge of the personal language. and NO I won't sent it to you. :) Let me know. : MasterLuke

rebecca.hilton
rebecca.hilton

I have been very pleased with Unikey which is a driverless dongle. You might be interested in looking at their website: http://www.esecutech.com They offer free Technical support and also Unikey price is reasonable. I hope this helps.

Editor's Picks