Pages: [1]   Go Down
Author Topic: Why aren't more communications (cell phone, email) heavily encrypted?  (Read 946 times)
0 Members and 1 Guest are viewing this topic.
Show Your Work
Offline Offline
Edison Member
*
Karma: 14
Posts: 1072
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

I don't have a deep understanding of encryption except that I think I understand the principle of asymmetric encryption where you have a public/private key pair and anything encrypted with the public key can only be decrypted with the private key.  This would seem to me to be strong enough encryption to thwart any broad information-gathering type eavesdropping.  It wouldn't stop a dedicated attack on a series of communications between two known stations of course.  Man-in-the-middle attacks and other types of attacks are pretty good at getting around encryption in these cases.  But in terms of "gather everything, put it in a database, index it" I think that would kill this type of collection.

Why aren't there commonly available commercial encryption communication devices?  For example, cell phones, land phones, email clients, etc., that detects if the other station supports asymmetric encryption and then exchanges keys and encrypts the data, just like SSL.  You would think there would be a huge legitimate (and also illegitimate) market for this sort of thing.  And with the power of computers and smartphones these days, there would be no problem with a software-only implementation.

What am I missing?
Logged

I have only come here seeking knowledge. Things they would not teach me of in college.

0
Offline Offline
Faraday Member
**
Karma: 8
Posts: 2526
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
What am I missing?

People are stupid/lazy/cheap.  Unfortunately the current state of the art means that using encryption requires the user to be knowledgeable, to think, and to act.

Also remember encryption is only part of the story. Even the metadata tells someone a tremendous amount about you - encrypting your phone conversation so that the NSA can't hear you ask mom "how many kilos of C4 was I supposed to pick up?" doesn't help your security all that much if they can use the metadata to know that you placed the call from Achmed's Bomb Shop.

-j
Logged

Global Moderator
Netherlands
Offline Offline
Shannon Member
*****
Karma: 211
Posts: 13469
In theory there is no difference between theory and practice, however in practice there are many...
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

I think using encryption is illegal in several countries.
Logged

Rob Tillaart

Nederlandse sectie - http://arduino.cc/forum/index.php/board,77.0.html -
(Please do not PM for private consultancy)

Maine
Offline Offline
Sr. Member
****
Karma: 14
Posts: 417
Caution: Explosives in use.
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

I think using encryption is illegal in several countries.

Yep, my wonderful country considers exporting encryption technologies to be the same as exporting nuclear weapons. Only above a certain threshold though (meaning it has to be weak enough for the CIA to bruteforce in a few hours).
Logged

"Anyone who isn't confused really doesn't understand the situation."

Electronic props for Airsoft, paintball, and laser tag -> www.nightscapetech.com

Show Your Work
Offline Offline
Edison Member
*
Karma: 14
Posts: 1072
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
What am I missing?

People are stupid/lazy/cheap.  Unfortunately the current state of the art means that using encryption requires the user to be knowledgeable, to think, and to act.

Also remember encryption is only part of the story. Even the metadata tells someone a tremendous amount about you - encrypting your phone conversation so that the NSA can't hear you ask mom "how many kilos of C4 was I supposed to pick up?" doesn't help your security all that much if they can use the metadata to know that you placed the call from Achmed's Bomb Shop.

-j


Is that really true?  How long did it take for you to set up the SLL in your browser?  Did that setup process really cause your laziness to stop you from using SSL?  I am joking here, of course.  With asymmetric encryption, all the transmission station needs to do is to randomly select two really large prime numbers, multiply them, and publish that as the public key.  Now anything sent to that station encrypted correctly with that public key can only be decrypted with the private key.  I simplify, of course, but the basis of asymmetric public key encryption actually lends itself to very simple implementation.  And I understand what you mean about the other types of data that can be connected, in fact this seems to be the data actually being collected the most.  But still, if phone and email transmissions were as easy to encrypt as your browser session to Bank of America, AND IT IS!, then why not?
Logged

I have only come here seeking knowledge. Things they would not teach me of in college.

Show Your Work
Offline Offline
Edison Member
*
Karma: 14
Posts: 1072
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

I think using encryption is illegal in several countries.

Yep, my wonderful country considers exporting encryption technologies to be the same as exporting nuclear weapons. Only above a certain threshold though (meaning it has to be weak enough for the CIA to bruteforce in a few hours).

That was the case many years ago but I thought that policies under Bill Clinton relaxed that a lot.  It used to be we wouldn't sell supercomputers to the Russians or Chinese.  Now that the Chinese actually fab a lot of these parts it can't be stopped and they actually have the fastest computer in the world for the moment.  I think this still applies to embargoed nations, but not to others.  After all, the browser on phones we export can do SSL and encrypt the heck out of browser transactions.  It just won't do it for phone or text data.
Logged

I have only come here seeking knowledge. Things they would not teach me of in college.

Offline Offline
Sr. Member
****
Karma: 11
Posts: 480
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

I think that commercials available encrypted phones are available at a price over here in th uk.
I need to check the details Monday though.
Logged

Global Moderator
Dallas
Offline Offline
Shannon Member
*****
Karma: 197
Posts: 12736
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Why aren't there commonly available commercial encryption communication devices?

The last conversation I had on a cell phone went like this... "Hey."  "Hey."  "Which brand of pudding should I get?"  "Doesn't matter.  Just make sure it's a variety pack."  "Got it.  I'll be home in about 10 minutes."  "Bye."  "Bye."

If someone wants to listen to my conversations they will soon die of boredom.  I suspect that's true for the vast majority of communications.

Quote
You would think there would be a huge legitimate (and also illegitimate) market for this sort of thing.

In the U.S., not really.  Industrial espionage is illegal (and very expensive from the ensuing lawsuit).  Most other conversations are like the one above.

These folks also think there's a market...
https://silentcircle.com/
Logged

Pages: [1]   Go Up
Jump to: