Monday March 13, 2017

What the CIA WikiLeaks Dump Tells Us: Encryption Works

The AP is suggesting that one big lesson the tech industry is drawing from the massive CIA leak on WikiLeaks is that their encryption efforts work. Going through the tools that the CIA use in their inventory, none of them broke the encryption used by such services as Apple's iMessage, WhatsApp or similar services. Rather than attacking the end-to-end encrypted messages these services use, CIA has had to compromise the devices they are running on, themselves.

This may seem like a moot point to some, since if CIA or someone using their techniques have compromised your phone, it doesn't matter if your transmissions are encrypted, as they can access all local content anyway. It does however mean that mass dragnets of these services are much less likely, and it forces prying agencies and identity thieves to individually target the people they are trying to get information from, sometimes physically grabbing their phone, installing malware and returning it without the targets knowledge.

When the Snowden NSA leak first became public, much of the pro-privacy narrative circled around how surveillance laws in the U.S. are outdated, as they were written for a time when surveillance was actually difficult and labor intensive, and not something you can do to everyone with the automated click of a button. It is becoming increasingly clear that the use of encryption can, for better or for worse, bring some of this surveillance difficulty back into play. Provided, that is, that the surveillance agencies are not successful in their ongoing attempts to get tech companies to build in intentional back doors.

News Image

"There are different levels where attacks take place, said Daniel Castro, vice president with the Information Technology and Innovation Foundation. "We may have secured one level (with encryption), but there are other weaknesses out there we should be focused on as well."

Cohn said people should still use encryption, even with these bypass techniques.

"It's better than nothing," she said. "The answer to the fact that your front door might be cracked open isn't to open all your windows and walk around naked, too."

Ongoing Discussion