It’s Time to Encrypt Email, IM, and Voice

Hacking for password

Two things lead to the creation of this entry 1) various companies and the Federal Government are both collecting and storing my personal data, 2) I recently purchased a new Galaxy S4 and was alarmed at how much information the phone was spewing into the digital aether. Google+ was extremely concerning as it was syncing my contacts, locations visited, email, photos, IMs, and a ton of other stuff back to Google.

The damn thing figured out where I lived on its own by simply calculating where my phone spent most of its time! Convenient I suppose, until I realized Google+ along with hundreds of other companies are sending that information to the Federal Government, who in turn is storing it in a big Utah spy warehouse, for which they just had a ribbon cutting ceremony.

Harmless, right? Well, maybe. I don’t know.

It is convenient for the smartphone to be smarter than me, but it’s also convenient for the Federal Government because there isn’t much they have to do to find me, know where I’ve been, what I’ve bought, what I’m interested in, and who I’ve been communicating with. Paranoid you say? Just remember: The IRS has recently targeted and harassed a group of people that opposes President Obama’s agenda. Do you not think the Republicans will do the same once they are in office? What about the Associated Press who’s emails were illegally wiretapped by the Attorney General, Eric Holder? Had they been encrypted, they may never have been deciphered (although the NSA is pretty good at that stuff).

Perhaps it’s time to block out prying eyes. It’s not that hard to encrypt Email, IM, and Voice communications. It’s all 1’s and 0’s these days and even the most simple encryption algorithm can dramatically impact the government’s ability to spy. The number of IMs sent in the United States last year exceed 95.4 billion. The number of emails exceeded 109 trillion. If all that data were encrypted — at any level — there is no way the NSA could keep up. Sure, they could store the data, but what good is it if they can’t sift through it looking for who you speak with, where you go, and what you bought?

There are those who will say the NSA can crack anything, and that encryption is pointless. Maybe, but they don’t know because the NSA doesn’t exactly advertise this sort of information. PGP (Pretty Good Privacy) is a free, open source encryption algorithm that has been around since 1991. To date, no one has publicly circumvented the algorithm and the only one successful hack has been done by brute force against a 1024 bit key (guessing the passphrase) using a swarm of computers. With key sizes now at 4096 bits, it’s very difficult to brute force hack the key. Can it be done? Sure, but it would take a very long time, even with the newest most absurdly powerful super computer built in Japan (Although it could be much quicker if someone used a simple passphrase).

And that’s just one message encrypted with a 1024 bit key. Security comes in numbers, much like a school of fish that group together to thwart predators. If more people start encrypting their data, everyone gets more secure. If everything were encrypted, down to the most simple of instant messages, it would overwhelm those who wish to decrypt the data for whom it was not intended (eg; NSA). Bump up the keys to 4096 or higher, and it would render the new spy warehouse useless.

Still, others speculate there is a backdoor into the PGP algorithm that allows the privileged few the ability to decrpyt any PGP encrypted message. This is extremely unlikely. There are tens of thousands of really smart Frito eating nerds around the world barricaded in their basements looking over the free and open source code. If there were a backdoor or some other vulnerability in the algorithm, one of them would certainly take the honors in publishing their find attaining demigod nerd status, and news of it would spread faster than a free joint at a Doobie Brothers concert.

The problem is, most people don’t see the need to encrypt, and those who do, don’t possess the technical knowledge (although it’s not that hard). I can send and receive 4096 bit encrypted email on my Galaxy S4 (Android Privacy Guard), on my home computer running Thunderbird (Enigmail Plugin), and I can also send and receive encrypted IM, but I represent perhaps 0.001% of the population.

I understand this is pointless if the people I converse with don’t also have the same capability (which is a lot), and I’m not sure I can convince them to jump on-board the encryption bandwagon. Perhaps I should instead focus my efforts on convincing them to elect politicians who don’t illegally wiretap, spy, break the law and build multi-billion dollar spy warehouses with our tax money so they can spy on us? They’d have to become Libertarians though.

I’m not sure which is easier.

Leave a Comment