As privacy becomes more and more of an issue for computer users, many turn to encryption software to protect confidential documents and email messages. There are the advantages and disadvantages of encrypting your data, including how just the fact that a file is encrypted may be a red flag that attracts hackers, who have reason to believe the data must be valuable (or at least titillating) since you went to the trouble to try to keep its contents secret.
But the bigger question may be whether encryption really protects your information at all, or just provides a false sense of security. That may depend on who it is that you’re trying to keep out. Certainly a good encryption program will help prevent snooping by co-workers, family members or casual hackers. But if you’re worried about keeping the government from knowing your secrets, will encryption do the job?
Earlier this month, Vnunet.com’s News section ran a story suggesting that Microsoft “may” begin training police agencies to crack the encryption technology in Vista, the desktop operating system slated to replace Windows XP when it’s released later this year. This speculation was based on talk in a U.K. parliamentary committee meeting.
A lot of folks are up in arms over this possibility, perhaps not realizing that computer forensics is already a big and growing subspecialty for officers of both local and national law enforcement agencies all over the world. Training has existed for years, designed to teach government agents how to decrypt encrypted data regardless of the operating system, and how to discover incriminating data that’s been deliberately hidden on computers or left there inadvertently, even when users think they’ve erased it by deleting files or formatting disks.
Many believe that the National Security Agency (NSA) has the ability to decrypt any existing encryption. Of course, the federal government doesn’t publicly confirm or deny this, but reports surface regularly of deals made by those who make encryption software and devices to provide a “back door” to which the NSA has the keys. For instance, in 1999 a story came out that Swiss company Crypto AG had built a back door for the NSA into their encryption devices and it was being used to decrypt messages of foreign governments containing military secrets and other sensitive information.
Many experts agree that the next stage in computer technology will be quantum computing, machines based on quantum physics that will allow for computers that are orders of magnitude faster and more powerful than today’s supercomputers. Such technology would render all of today’s encryption methods easily breakable (and would also result in new, far stronger encryption solutions). Some believe the NSA or some other secret government organization has already built such machines. Whether they already exist or not, it’s a good bet that governments with vast financial resources will have access to them first (and maybe exclusively).
Some folks don’t see anything wrong with any of this. They believe that the military and law enforcement need to have every tool possible to fight crime and terrorism, and that those who have nothing to hide won’t mind that their secrets can be probed whenever the government wants. Others are appalled at the idea that “Big Brother” can read their encrypted email, even if there’s nothing incriminating in it.
But you don’t have to be encrypting your data to have a false sense of security. Many computer users still think that when they delete a file, it’s gone from their hard disk. That’s not true, and that’s why File Recovery programs work. These programs have been lifesavers for many who have accidentally deleted their homework or the Great American Novel they’re writing, but have also proven to be a source of chagrin for people from pedophiles to cheating spouses who’ve thought they disposed of the evidence only to have it come back and haunt them. Even reformatting your disk doesn’t get rid of the data. To do that, you can use an overwrite program that will write random characters to your disk over the “deleted” data, use a strong magnet to wipe all the data off the disk, or physically destroy the disk. Even if you do one of these, remember that copies of your document or email message may still be residing on one or more servers somewhere.
Features in some applications have also resulted in embarrassment to those who don’t understand how they work. For example, many companies use the Track Changes feature in Microsoft Word when collaborating on or editing documents. Depending on Word’s settings, those changes may or may not be displayed. More than once, edited documents have been sent with the edits still available to be viewed by the recipient when this was not what was desired. For an example of this, see another Vnunet.com article here.
Have you been operating with a false sense of security? Or do you even bother to try to protect the privacy of your data? Should the government and law enforcement officers have access to “back doors” in software to allow them to decrypt information if they need to in investigating criminal activity? Should they be required to get a warrant first, or would that prevent them from being able to effectively protect the public? Is encryption that can be cracked worthless, or should we look at it as analogous to locks on our doors – a deterrent, but not something that’s expected to keep a really determined intruder out? Let us know what you think.
Deb Shinder