The Strongest Evidence that Encryption Works - Subpoenas

There is a lot of debate around the internet about what types of encryption are safe, and if any level of encryption is safe from an advanced persistent threat like the National Security Agency. With some of the most talented staff in the world, including the worlds largest army of mathematicians and security researchers, and near-limitless budgets for supercomputers, interception equipment, subversion programs, and bribes, people question the integrity of any tools to fight back.

The answer lies in what action the agencies take against their targets. If they have a way into systems with a low risk of being detected, it is being used. This is where programs like foxacid, hammerchant, and turbine come in. If they do not have an easy way into your systems, that is when they deploy the subpoena to try to use the long legal arm of the government to break into your systems.

If they had pervasive, widespread tools to get at the data they wanted, there would be no need to deploy the subpoena against companies like Lavabit, Megaupload and recently POGO.

There is also substantive changes in how the general public values privacy. This is leading to better public auditing and reporting of issues with widespread open-source software. We only need look as far as OpenSSL to see how the increased scrutiny has led to dramatic improvements to security. It is bad that these bugs existed in the first place, but you also have to consider that these bugs are being found and stomped out. OpenSSL is now stronger than ever before, and the increased interest is also increasing budgets to continue to improve and clean up the code.

There are a number of efforts active now to improve the OpenSSL project, similar to the efforts to audit Truecrypt and efforts to fork the project after the current developers abandoned the project.

So not only does properly implemented encryption work, the widespread software is getting stronger by the day.

< last
next >