Fact: The U. S. government is capturing data from its citizens. Fact: Encrypted data is of more interest to the U.S. government. Michael P. Kassner asks two experts, one legal, one cryptographic, what our options are.
Soon after the Guardian released the first of many whistleblower documents, describing NSA domestic spying activities in the United States, readers began asking, "Because of all the snooping, should I start encrypting my email?" The answer seemed simple....
Answering the question of whether to encrypt or not became significantly less simple a few weeks later when the Guardian released Minimization Procedures Used by the National Security Agency, a document gleaned from the U.S. Foreign Intelligence Surveillance Court by Edward Snowden. Section Five of the paper is of particular interest (courtesy of the Guardian).
Section Five's ensuing paragraphs discuss what "that" is. Subsection One and Subsection Two lay out what content (foreign intelligence and criminal evidence) will flag domestic communications for retention and investigation by government agencies. Subsection Three, nicknamed the "encryption exception" is the real attention-grabber (courtesy of the Guardian).
What's on the table?
Section Five's lead paragraph affirms what privacy pundits, up until now, could only assume to be true; U.S. government agencies are gathering digital data belonging to U.S. citizens. Next, Subsection Three sheds light on something not expected. All encrypted communications are suspect; meaning government agencies can retain encrypted communications at their discretion, and keep them for as long as the controlling agency deems necessary.
More questionsBefore long, another email onslaught hit my inbox. Concerned readers were now wondering, "If I start encrypting my email, does that mean I'm more likely to attract NSA attention?" Another question being asked often, "What are the odds of the NSA being able to read my email if it's encrypted?"
All three questions are excellent, each deserving an answer. So I got to work, flipping through my digital rolodex, looking for two expert sources: one legal and one cryptographic.
First up, legal
You may remember attorney Tyler Pitchford. He helped me with this article about cloud-service contracts and their unintended consequences. Tyler is uniquely qualified, being intimately familiar with Information Technology and appellate law.
I began by asking Tyler the reader's initial question: Because of all the snooping, should I start encrypting my email? Here's what he said:
It seems that a proper answer requires delving into the different scenarios end users may encounter. Casual users: If you're a casual user who is not worried about government intrusion, but is worried about a script kiddie getting into your files, then encryption is an acceptable solution. There are few, if any, non-governmental entities that could crack modern encryption as long as an acceptable encryption key is used. Privacy advocates: These are people who do not see any reason for people to be in their business (secret or otherwise). For them, the question becomes whether to be more worried about the government reading their unencrypted data, or the government retaining their encrypted data until it can be cracked.
Or maybe both, in which case, they can revert to old-school methods:
Those with something to hide: Those with something to hide fall into two categories:
- Coding data in a non-suspect format: If the data isn't identifiable as encrypted, it will probably pass through the encryption filters.
- Deliver the data in person: Doing so avoids encryption filters, but could result in physical monitoring.
- Low-priority targets: For those who consider themselves low-priority targets, encryption is probably fine. What they have to hide isn't worth the government spending resources on.
- High-priority targets: People in this category will have the same problem as privacy advocates, wanting to encrypt their data, but without alerting the government. I suspect people in this category will physically exchange encrypted data. And, if they were going to chance sending encrypted data digitally, they will probably rely on some form of obfuscation to avoid encryption filters.
Next question for Tyler
Okay, Tyler, now the tough question: "If I start encrypting my email, doesn't that mean I'm more likely to attract NSA attention?" Tyler had this to say:
I've spoken to security researchers who believe all modern encryption methods have been broken — encryption is dead. If you rely on that assumption, plus the knowledge that encrypted files are being stored indefinitely, then encryption is indeed asking the government to investigate.
Legally there is some basis for this argument. One decision out of Minnesota held that "appellant's Internet use and the existence of an encryption program on his computer was at least somewhat relevant to the state's case against him."
More recently, in US v. Cotterman, the 9th Circuit Court of Appeals held that "password protection of files, in isolation, will not give rise to reasonable suspicion . . . ." The court explained: "[t]o contribute to reasonable suspicion, encryption or password protection of files must have some relationship to the suspected criminal activity." Obviously, "some relationship" is a broad category but it's better than carte blanche.
I had one last question for Tyler; I asked if he used encryption:
I'm a privacy advocate; I feel no one should be meddling in my affairs. At the same time, I'm limited by the realities of time vs. convenience. I take measures to protect sensitive data, especially client files.
Next up, cryptography
I can't think of anyone more qualified to talk about cryptography than Phil Zimmermann. His list of accomplishments is impressive: creator of PGP encryption, Internet Hall of Fame inductee, and currently President and Co-Founder of Silent Circle, a mobile communications encryption service I wrote about last year.
As I reread that article, I was struck by Phil's foresight. In the article, I asked Phil if we learned anything in the twenty years since his protracted battle over the legality of PGP. Here is Phil's response:
I'd like to think we have. Anyone knowing the history of PGP realizes it was quite a battle, and we won. I'm afraid we are in the midst of another battle. What I call the "rising tide of surveillance." And, I'm taking direct aim with Silent Circle.
That interview took place a year ago.
To get things rolling, I mentioned to Phil that readers are concerned encrypting digital communications will attract the NSA's attention, not something in their best interest. Phil answered by asking if I remembered the movie, I am Spartacus? I said I did; it had a great cast of actors.
Phil next zeroed in on the scene where everyone stood up, everyone said they were Spartacus, all wanting to remain steadfast in their solidarity. Phil then drove the point home saying that is what everyone needs to do right now, stand up and retake their privacy.
Next, I asked Phil about the encryption question from the readers: What are the odds of the NSA being able to read my email if it's encrypted? I had a pretty good idea what Phil would say.
Phil firmly believes that PGP and Silent Circle are not breakable. He designed both. And, Silent Circle has been available the past eight months for peer review and stands firm. Phil wanted it known that both PGP and Silent Circle are open source and publicly available. I have not forgotten his famous quote:
You can't trust crypto if you can't read the source code.
I hope I have been able to somewhat answer your questions. I'd like to end with the following quote exemplifying our need to be careful when we feel there is "nothing to hide":
By joining pieces of information we might not take pains to guard, the government can glean information about us that we might indeed wish to conceal.
For example, suppose you bought a book about cancer. This purchase isn't very revealing on its own, for it indicates just an interest in the disease. Suppose you bought a wig. The purchase of a wig, by itself, could be for a number of reasons. But combine those two pieces of information, and now the inference can be made that you have cancer and are undergoing chemotherapy. That might be a fact you wouldn't mind sharing, but you'd certainly want to have the choice.
The quote is from Why Privacy Matters Even if You Have Nothing to Hide, an essay written by Daniel J. Solove, Professor of Law at George Washington University.
I'd like to thank Tyler Pitchford and Phil Zimmermann for their help in answering our questions.