Encrypted by default
Soon after the storm over the NSA and the cloud services and operating systems we use some months ago; the likes of Google and other cloud and Internet Services companies announced they were encrypting everything. Now leaving aside my ongoing disgust with how they handled the whole thing, this announcement gave me reason to raise an eyebrow.
The idea is that encryption would be added to the links between datacentres, also to disks. Indeed, more recently we have an announcement that encryption will be turned on by default in all mobile devices running both Android and IOS. All of this is beneficial. A stolen phone is no longer such a grievous liability; using a public wireless hotspot isn’t quite as risky,though you might consider a VPN app to guard against miscreants with packet sniffers.
However, the announcements were implied to resist the intelligence and law enforcement communities. Now while a law enforcement request, with warrant, shouldn’t be a problem, the idea of someone crawling around in your personal information is quite distasteful and conjures images of 1984. So this encryption is supposed to fix everything and let us rest happily. I only wish it were that simple.
You see, one of the things to come out is that the various three letter agencies have staff at the tech firms. They have eyes and ears inside, where the encryption is of now use. All we’re seeing is cryptowash, PR bluffs. To use a medieval analogy, if the tech firm is a castle, then the agencies have men inside the keep. Now, my own view is that the encryption is like strengthening the walls and perimeter of a castle; if the enemy already has agents in the keep the castle has fallen, you just don’t know it yet.