Magic mirror on the wall, do we need encryption at all?

Steve Naidamast, a senior software engineer, talks about the Apple-FBI encryption battle and reveals that the feud has deeper implications which may concern the population. Will we need encryption in the (near) future? That is one puzzle worth deciphering.

By now many are aware of the ongoing fight between the FBI and Apple over the FBI’s request to have Apple devise a version of it’s iOS operating system that will include some form of encrypted backdoor access to all of the company’s customers’ iPhones and iPads. Oddly enough, the same request hasn’t been made for Apple’s desktop systems or their laptop line. If it has, it so far has not been mentioned in the press. Nor has a similar request been made to Samsung (at least not as publicly if it has been made), most likely a result of it being a foreign corporation.

The reaction has been, and rightly so, quite fierce from the technical community who see such a request as compromising the security of customer devices for the possibility of having complete access by the FBI if it deems it warranted.

Considering that the NSA is already scooping up every electronic transmission it can get it’s hands on, both within the United States and outside of it, the request by the FBI appears to be rather redundant though criminals with any brains would not electronically transmit any incriminating information in the first place and as such, probably would not hide such information on a device that can be easily stolen or lost.

Yet, the FBI request in question appears to center around access to the smart-phones of the San Bernardino shooters only a few months ago. And here the local police have demonstrated that such access would probably yield little if any worthwhile information since they had pieced together all of the needed information through normal investigative means.

The Conference for Continuous Delivery, Microservices, Containers, Cloud & Lean Business Serverless Deployments with Canary – Creating DevOps engineers at LEGO.com Nicole Yip (The LEGO Group) The Road to the Continuous Monitoring Pawel Piwosz (Epam Systems) Hacking Terraform for Fun and Profit Anton Babenko (Betajob) DevOpsCon London Program » The Conference for Continuous Delivery, Microservices, Containers, Cloud & Lean Business Workflow Engines: Our Journey towards a self-healing Infrastructure Arun Kumar Singh (Adobe Systems) Stop playing Detective – use Observability to tell a better Story Elizabeth Carretto (Netflix) Serverless Patterns made simple with real-world Use Cases Shen Brisals (Lego) DevOpsCon Program »

Whether you believe that the San Bernardino attack was a “False Flag” operation or not (and there is some evidence to suppose that it was), the mainstream media presentation of the situation has already been founded on the acquisition of data through normal investigative channels. For example, the police investigators have found absolutely no links between these shooters and any radical terrorist organizations, though they may have been influenced by the propaganda from such groups. If there are no links found in any avenues of normal investigative procedures, it is unlikely that such contradictory information would be found on one or two smart devices in the shooters’ possession.

Being that as it may, allowing any government or business organization to have an open-door pathway into one’s privacy at such a level is somewhat ridiculous given the technical challenges it poses and the fact that once provided leaves such a path also open to those who are part of the criminal mindset that the FBI is trying to get information on in the first place. In this case, you simply can’t “have your cake and eat it as well”.

Yet, the bigger issue is not the FBI or any other government investigative or intelligence agency wanting such access but instead, how so many people, young and old are so willing to give up vital, personal information so easily that it encourages such behavior from the worst in governments. This is all directly related to the technology axiom that is most often overlooked by the public as well as the technical communities themselves; all technology always falls to the lowest common denominators in a society. In other words, if a technology is made available to a society, it will be used to the benefit of the worst elements in that society.

Starting with the general usage of the telephone at the turn of the century and its increasing proliferation throughout societies over the years, few if any realized that this new device was also partially in the public domain while privacy of conversations grew increasingly porous over the years as newer technologies were developed. Until AT&T was broken up in the United States that domain was completely controlled by a single, monopolistic corporation that was deemed legitimate since it was in the national interest to have one organization control the usage of such a device. As a result, only one organization had complete control over the nation’s wires and what they were used for. By the 1940s, wire-tapping of telephone lines had emerged as a necessity for certain areas of crime fighting and snooping into one’s conversations was only a matter of the respective agency obtaining a warrant.

Anyone who has read the history of the FBI under Herbert Hoover would know that such a belief was not well deserved as the FBI became as much an infiltration agency as much as it was supposed to be an investigative one that had since its founding ignored many of the privacy rights of American citizens.

In any event, anyone who has been keeping abreast of the many papers and articles written on this issue currently would have found by now that what the FBI is demanding of Apple is already available to them by other means such as working directly with the hardware on such devices. Even Edward Snowden has recently offered such a technical opinion on the matter stating that such a demand is categorically worthless given the alternate routes to decrypting such equipment. And this too has been corroborated by other security researchers in the industry.

So what exactly does the FBI really want?

What it wants is the ability to access any US citizen’s smart-device, anytime, anywhere, without any restrictions placed in its way. The FBI and all the other alphabet law enforcement and intelligence agencies in the United States, Great Britain, and other western nations want to implement in similar style the all-watching tele-screens of George Orwell’s classic, “1984”, so that governments can know all at all times. However, their efforts are already being well satisfied with the many avenues that citizens already have to display their entire lives online in the guise of such social media sites as Facebook and others. In fact, people addicted to such technologies (which are becoming the majority that use such devices) simply can’t get enough exposure for themselves and leap from one form to another as if a good portion of the United States has suddenly become a classic study in group-based narcissism.

And yet these very same people who want to be able to expose themselves to the world want their digital privacy protected, which it can’t since many of the organizations that created this digitalized world are working hand-in-hand with the government organizations that can’t get enough of this level of personal exposure. It is as if both sides of the debate are completely addicted to “digital crack”.

The problem with the FBI demand is that even if it were allowed, and it is increasingly looking to be the case that it will be, there is no computerized piece of equipment on the planet that can serve up the artificial intelligence necessary that could make sense of all the literal data that makes up people’s lives so that it could allow any agency to prevent a crime; at least not in the way that our protectors believe it to be possible. And so far, all of the documented evidence has clearly shown this in that the US government in particular has been unable to crack a single legitimate terrorist threat in order to stop it before it occurs. There have been many hearings on the matter and the evidence demonstrated by agency officials that support their claims to the worth of such massive intelligence gathering have all been debunked by security researchers. The reason for this is that similar to the many people that can’t wait to put another personal tidbit online for all to see the intelligence agencies are similarly hampered in their ability to scoop it up in that they are only looking at a single level of where and how crimes are planned and committed. Professional criminals use lower levels of communication that make it much more difficult to unearth without the investigate resources necessary.

For example if criminals (and terrorists) began using regular mail using respectable addresses that cause no red flags than the US Post Office would then be charged with opening more mail and scanning it than is possible and remain efficient. Besides the criminals would catch on to this as well and simply change course. It is a never ending battle that has been made drastically more difficult with the introduction of mass communication technologies.

Nonetheless, a number of years ago a group of top computer scientists at the NSA actually developed such algorithms that formed the basis for what would be called “Thin Thread”, an application that could filter out all the unnecessary junk data for intelligence purposes leaving only the valuable targeted data that was required for analysis.

Mass surveillance

In addition, it completely maintained the privacy of all citizen data no matter in which country they resided in. This highly advanced software did not require vacuuming up all data from the four corners of the Earth, just the necessary data for actual, intelligence analysis, which is how business performs its data acquisition for marketing purposes. The results were a complete success when the software’s capabilities were demonstrated to agency officials against large swathes of data. Yet, this application was never refined and incorporated as is into our nation’s intelligence infrastructure. Instead, far less capable programs were devised at exorbitant expense. This leads to the reasoning for ignoring such valuable capabilities; money. It’s always about the money with these officials; that and they are most often useless, incompetent, unintelligent people with no sense of honor and duty, which explains the lack of intelligence success in unearthing potential terrorist activity about to go live. They present a good front but it’s all just PR for the masses. This then is a glaring example of technology’s lowest common denominators. These are also the people that everyday citizens all over serve up their most personal information in the online world for such agencies to easily scoop up everything about everyone and then use poorly designed software to analyze such data for only God knows what purpose. It is a very parasitic relationship whereby the victims voluntarily act as hosts.

The result of all this that a number of agency employees have already spoken out against such mass surveillance since so much of the data cannot be mined for anything valuable effectively. Despite such reasonable warnings all of this data is continuously sent on a daily basis to a large and very expensive site for the NSA in the state of Utah where a lot of this data sits uncategorized and untouched by researchers simply because they have no way to use such enormous amounts of data for intelligence purposes.

Thus, the nation’s security has already been terribly undermined as a result of the tremendous amounts of monies that have found their way into the pockets of government officials and those of the contractors who build and design such structures, equipment, and the software that the equipment uses. Not much of an ROI for the citizens’ of the United States and nor has it been proven to keep anyone safe from all the nefarious bogeymen that the US government has portrayed as being around every corner. Most US citizens though, are quite happy to keep on feeding the insatiable maws of this leviathan without nary a thought to the long-term consequences making all such people enablers in a very dangerous enterprise.

If it wasn’t bad enough that many would post their private information onto the likes of social media and all the other available electronic forums on the Internet as well as their own personal, mobile devices, the tentacles of these companies have reached quite effectively into every area of the online world along with every other commercial organization on the planet that provide apps and games to allow the masses to continue gulping down the “Digital Kool Aid” to their own delight. It wouldn’t be so bad if such mobile devices were used for the same utter nonsense that make up most social media but such devices have taken personal exposure to new levels of near depravity. And it is this narcissistic behavior that the government wants in on since mobile devices of so many people have become the digital alter egos of their owners.

There have been quite a number of sociological documents that have been written detailing the dangers of using smartphones incessantly and tablets in general. For the smartphone, the dangers are both physical and mental, while the tablet remains more towards the mental damages.

The health perils of using smartphones and tablets

Physically, smart-phones emit micro-wave radiation, which have been proven to be a source of cumulative radiation exposure to “any” part of the body that such devices are placed near. The incessant use of devices near the head increases the odds substantially that in later years, users could very well experience brain cancers and other such maladies. Medical documentation was produced on this issue at least five times in the earlier years of the emergence of the smartphone from the very area of the world that invented them, Scandinavia.

However, the mental dangers of the usage of such devices are just as bad given that sociological studies have found that many users are literally “downloading their brains” on to such equipment. The subsequent results of such a level of usage, is that users increasingly use such devices for decisions and informational research for all aspects of their daily lives where even the barest of critical thinking skills are severely undermined. As an example, parenting in general has been severely distorted as they use such devices to monitor and control literally every activity, endeavor, and location of their children while children often respond to their own needs by being able to so easily access their parents in real time. This proliferation of such access has become so common-place that children are no longer growing up with any sense of independence and free thinking on their own; what we used to call “back in the day”, “street smarts”.

With the growing reliance on such devices for daily life, increasingly private and very personal information is being placed on these devices that if lost could literally disrupt one’s life to various levels of detriment. How many times have you heard the phrase used, “I can’t leave home without my smart-phone?”. This is the proof of this increasing accumulation of data in the semi-public domain of data transfer by individuals from their brains to hi-tech equipment. People no longer have to think about what they need or want to know. Of course the excuse provided by the vendors is that people can now spend more time on more advanced pursuits; like playing “Candy Crush” or sending pics of their private parts.

And it is all this data that the US alphabet agencies and others around the world along with a host of highly capable criminal organizations are scooping up like vacuum cleaners all looking for a variety of pieces of information that could yield the results each is looking for. And thus the unending need for greater and more complex encryption services to protect such data from the prying eyes of whatever organization wants access to it.

Most often people believe it is their financial information that is sought or other such related information such as social security numbers. However, if that were the case, than the massive, criminal data breaches the United States has experienced alone in the last decade would have allowed such organizations to bankrupt a large part of US society or at the very least seriously disrupt tens of thousands of lives. However, there has never been any reporting of such a digital epidemic in the US. That being the case, there is likely a more sinister nature for such breaches, that being for purposes of blackmail, extortion, disinformation, and other such nefarious activities.

Intelligence agencies are surely not above the usage of such data for such purposes but it goes further in that such data provides insights into people as to their nature allowing agencies to recruit them under coercion to do things that such people would normally not do. This very idea has been a result of research into a variety of supposed terrorist attacks such as the Boston Marathon Bombing. Whether it was used in these cases for such purposes or not, there is no doubt that such coercion has been used by these agencies based on the information they have been able to acquire through such means.

More importantly, such data is used to develop networks of contacts between people allowing agencies to build relational diagrams for the entirety of an individual’s life. For example, many people keep contact information of their friends and acquaintances on their smart-phones often not concerning themselves with the nature of a friend’s work or position. For example, let’s suppose that someone has the contact information of a high-level researcher at MIT who works on classified materials stored on their smart-phone. That person has just quite easily led someone else to their friend’s doorsteps.

With Apple fighting the government on the FBI’s demand to design an operating system that would allow such easy access to the world’s smart devices Apple manufacturers, all of this information will become an open book if Apple loses the fight. If Apple wins, there will simply be another court case brought by yet another intelligence agency defined with slightly different parameters but with the same intent. Given the horrific deteriorating nature of the US government, it is only a matter of “when” and not “if” such data floodgates are opened.

A new sociological study has been released by Bernard E. Harcourt entitled, “Exposed”, which details the sociological dangers that are closing in on US society if it persists in such reckless usage of online technologies. The book’s jacket cover’s description of the study is the following:

“Social media compile data on users, retailers mine information on consumers, Internet giants create dossiers of who we know and what we do, and intelligence agencies collect all this plus billions of communications daily. Exploiting our boundless desire to access everything all the time, digital technology is breaking down whatever boundaries still exist between the state, the market, and the private realm. Exposed offers a powerful critique of our new virtual transparence, revealing just how unfree we are becoming and how little we seem to care.

Bernard Harcourt guides us through our new digital landscape, one that makes it so easy for others to monitor, profile, and shape our every desire. We are building what he calls the expository society―a platform for unprecedented levels of exhibition, watching, and influence that is reconfiguring our political relations and reshaping our notions of what it means to be an individual.

We are not scandalized by this. To the contrary: we crave exposure and knowingly surrender our privacy and anonymity in order to tap into social networks and consumer convenience―or we give in ambivalently, despite our reservations. But we have arrived at a moment of reckoning. If we do not wish to be trapped in a steel mesh of wireless digits, we have a responsibility to do whatever we can to resist. Disobedience to a regime that relies on massive data mining can take many forms, from aggressively encrypting personal information to leaking government secrets, but all will require conviction and courage.”

Do we really need encryption?

The book’s assertion about using aggressive encryption techniques to protect private data, though correct, has two issues in of itself. First, using such techniques also means that you cannot rely on public domain corporations to provide such techniques for you. Not that companies like Apple or others will not provide very strong encryption, but like individuals, even these companies are coming under the boot of the surveillance state in certain areas though they also aided in its creation (talk about a paradox), meaning that they will most likely have to eventually give up such techniques to government snoopers under the guise of “national security”. These organizations will then act and have acted in more or less the roles of “double agents”. Thus, individuals are left to themselves to devise their own encryption techniques that no one else will knows about, which is impossible between people since you cannot send and receive information to friends and family using such a closed system of encryption without also giving them the software and the encryption keys to unlock the encrypted messages. However, you can use it for your own data.

The second issue is that processes under such circumstances all have a law of diminishing returns. Thus, there will be a point where such encryption may become so cumbersome that it in of itself could become very inefficient to use or completely useless to the user. Encryption and decryption processes use a lot of CPU cycles to complete their tasks making them rather resource intensive to run on every bit of data in order to keep it safe. It is a self-perpetuating cycle that will in time lead to its own defeat unless computer scientists can devise algorithms as efficient as they are safe.

Another side of the encryption argument, which is never mentioned but is as entwined with this debate as any other factor, is that if one uses encryption they are doing to “defend” themselves from outside attack. This then places every individual in a position in what the military would call “siege”. Such a mode of defense has historically always lost to the besiegers; in this case, the cyber attackers. The reason for this is that the person being besieged has only one type of defense, a wall, whether it is a stone wall or a cyber-one. A besieger on the other hand has many ways in which to attack his or her target making it inevitable that the target will eventually succumb to the continuous attacks that a besieger has the luxury of inflicting. Thus, if a new encryption scheme is designed, no matter how powerful, someone somewhere will find a way around it even if it means bribing someone to provide some level of access, which is many times the case in corporate breaches as it is from simple sloppiness in such security defenses.

SEE ALSO: Securing the Internet of Things

All this then indicates that the ongoing struggle between Apple and the FBI is somewhat moot and nothing more than political Kabuki theater. Apple wants to promote the image of the “good company” fighting off the “bad government”, knowing that if it doesn’t it stands to lose billions of dollars like companies before it to the knowledge of the international community that using American hardware and software products will mean that no one is protected from the US government’s insatiable appetite to act like cyber-gluttons.

In two years, Russia is expected to be able to produce microprocessors that are on par with those produced in the United States. What happens if Russia were to come to the table and offers the world fully encrypted devices with options that allow the users to not only pick their own encryption keys but the encryption methodologies with which to safe guard their data that subsequently cannot be tracked or decrypted by any external sources. This is already being done in Switzerland with “Proton Email”. The US, feeling threatened, would no doubt send black-ops units into Russia to get enough data to reverse engineer the Russian software and technologies. However, with the ongoing modernization of Russian intelligence and military defenses, it is as likely that such operations could fail exposing the world to another unaffordable international scandal by the United States.

Users of such devices may have to change the way they use such devices to transmit data and messages to friends and business colleagues but if new technologies slowly becoming available guaranteed to be safe from prying eyes, it could be “game over” for many US corporations while government agencies will simply “go dark” in their ability to monitor people. Unfortunately, with the level of paranoia that pervades many US government institutions they would no doubt spend increasing amounts of money to “crack” such encryption schemes and when accomplished the cycle would simply repeat itself at increasing levels of costs to those who are attempting to develop the unbreakable algorithm…

In short, in such a world, no one will ever be safe…

This article first appeared on Tech Notes, Black Falcon Software’s technical articles for .NET Development.