Home      Download      Learn more      Tech      Help     

Tiger Privacy: The Limits of Encryption

Tiger Privacy home
Tiger Privacy 

There are scams and news stories from time to time about "unbreakable" encryption. When you hear someone say any encryption system is perfect, that's a red flag. Someone's trying to sell you something that doesn't exist. The technical term for unbreakable encryption is "snake oil".

Many good security pros don't want to tell you about the weaknesses in security because too many people hear about flaws and just give up. But you have locks on your doors even though you know they won't stop a determined burglar. Those locks still help, even if it's just to make a casual thief try somewhere else. There isn't a bank safe in the world that is uncrackable. But most of us trust banks enough to keep money there. When you write a paper letter that you don't want exposed like a postcard, you don't send it in a two ton safe. You wrap it in more paper, an envelope. We trust that's enough to keep it from prying eyes. So as you read about all the risks of encryption, don't get discouraged. If you give up, you lose right then. Hang in there and learn a little.

The best encryption is at least as good as a paper envelope. It may be better. But just as a snoop can steam open an envelope, there are always ways around any security system.

There are some encryption systems we don't know how to break yet. But that doesn't matter, because if you're the target of people with billions of dollars they will just bypass your security. They'll bribe someone, or blackmail them, or con them. If they can't get in a back door, they'll climb through a window. Determined well-financed attackers usually find a weak spot somewhere.

Does this mean you shouldn't bother with security, that there's no point in encrypting? Of course not. We use banks even though people rob them. We use envelopes even though they're made of paper.

Security works when it makes getting to the target cost more than it's worth to an attacker. For a "high value target", attackers are willing to expend a lot of resources. But most of us aren't worth that much. We're not targets. Good security is good enough for almost everyone.

The best thing you can do for your security is to not become a target. Try to keep a low profile.

If you're a target, encryption by itself won't help much. You'll have to do a lot more. But if you're already pretty sure you're a target, why make things easy for the people attacking you? If you've overestimated how much they're willing to spend on you, the encryption will help. If not, you can at least make them waste some resources.

For example, the NSA tries to scan all email and phone calls. But that doesn't mean that they listen to every call or read every email. They don't have the resources. No one does. Bypassing encryption is more trouble than it's worth unless the target is important. So the NSA scans everything quickly to select calls and messages for more processing. If you're not a target, good encryption stops these attackers from seeing more than the kind of information on the outside of an envelope, such as who the message is from and who it's to.

There is so much traffic moving all the time across phone lines and the nets that hiding in the crowd might work for docile citizens with nothing to steal. If you're one of these, you probably don't want to draw attention to yourself by encrypting. For the rest of us, encryption is important and valuable. And the more we can get others to use encryption, the less we'll stand out when we use it.

It's a good idea not to trust the crypto systems themselves too much. There's a long history of spies getting backdoors built into encryption. A layered defense is essential. Use packages from different countries, since one group of spooks usually won't share willingly with another unless they're paid well. One layer might protect against one spook group, and a different layer protect against another. And not everyone who writes crypto software is for sale. Some security pros care so much about freedom and rights that they are willing to take the risk of becoming a target. If you use multiple layers, you have a better chance that at least one of the layers is from the good guys.

Backdoors are a serious concern, but a bigger risk in any security system is ordinary bugs. People aren't perfect, and neither is anything they do. The good news is that because the bad guys usually try to disguise their backdoors as bugs, the same countermeasures generally work for both accidental and intentional flaws.

Insist on open source. "Security" software without source code isn't secure. Source code is the human readable form of a computer program. Open source is source code available to anyone. When source code is open, experts can read it to check for bugs. Without the source, bugs easily stay hidden.

Look for projects that encourage testing, code reviews, and security audits. Anyone can help test. If you're an expert, some people are actually begging for audits! And don't forget, even with the best of intentions, no one ever finds all the bugs.

Know the limits of encryption. If someone claims their encryption system is "unbreakable", they're trying to sell you snake oil. No security is perfect. Do what you can, with the resources you've got. Try not to be a target. Encrypt and encourage others to use encryption. Insist on open source software, particularly security software. Don't trust anyone or any system too much. Help others when you can.

And remember, most bad guys are picked for how corrupt or blindly loyal they are, not for their brains. We can outsmart them, and even have fun doing it.

Support Individual Rights Privacy policy
Copyright © 2005-2007 Tiger Privacy