Friday, July 4, 2014

Encryption

I've had a fascination with encryption since I was 12 (1973).  When I was 12, I started a code club at Junior High School.  In those days, we used Pig Latin, ciphers, and other types of hand codes. Only one other person showed up for the club meeting, but no one else understood the need for encryption back in the day either.  They all thought you merely didn't let anyone else see your written output.

That was true then, but now, everything I write is up for grabs in a public venue.  You might say email is private, and generally you are correct.  There is so much email that no one ever reads anyone else's email.  However, computers on the Internet that serve mail can scan every email as they go through.  If an email has the right words inside, then, according to Urban lore, your words will be read, or you will be put on some terror list.  My family, which has more than its share of brilliance associated with accompanying mental instability, has at least two electrical engineers who don't use email or Facebook due to security concerns.  Prior to Snowden, everyone had a fantasy that computers were secure most of the time.


Edward Snowden from Wikipedia article

Back in the day, mail was secure too.  Who could remember what went through the Postal System?  Today, everything gets logged.  With scanning, I am sure postcards are read as well.  For all I know, there could be a way to read what is inside envelopes too. 

The key concept here is everything we do is inherently insecure.  The insecurity needs to be met with better means of communicating via computer.  I suppose we could mail each other usb sticks, but is that really a practical option?  Or possibly we could put usb sticks in walls and other immovable objects for people to hook computers into. 

I would still want to encrypt the files on any usb stick.  That way I would be able to ensure only my intended recipient read the message, or used my files.  While a lot of encryption has back doors, some must still work well.  Police report encryption being a major block to accessing information on a hard drive during some of their investigations.  Still, though, odd stories persist, like whatever happened to TrueCrypt?  Suddenly one day, the project closed shop and told readers how to migrate TrueCrypt information to other encryption software.

When I install Linux, most distributions (I'm thinking Fedora and Mint) let me encrypt my hard drive.  I've no idea how well this works, but I comfort myself with the thought that if I lose my laptop, most everyone won't be able to read the information there.  Same with parts that wind up in Ghana, or somewhere else. 



What's the cure? 
So long as I have information someone else wants, then I am at risk that my information will be read by others.  I have a few ideas that may help, though.
  • Keep a computer that never connects to the Internet.  Use this computer to decrypt and encrypt items you wish to keep secure.
  • Use a VPN combined with a browser only used with the VPN.  Hint: Don't check your email or Facebook with the browser you wish to keep secure. (An exhaustive rundown of VPNs is here)
  • Use TOR combined with Vidalia
  • Encrypt email
  • Pass usb sticks by hand and then read them on your computer that doesn't connect to the Internet, or use Cold War drop methods.
  • Mail usb sticks in the mail inside a bank deposit bag so you can tell if it was disturbed.
  • Encrypt your entire hard drive
  • Consider Hush Mail, or sign up for a foreign email service.  Watch services that demand your cell phone number or other identifying information.  You might have to use your VPN to appear you are in another nation.
  • Use DuckDuckGo, not google for web searches.  Watch what you search for on a computer traceable to you.
  • Be paranoid.  Anything commercial likely has back doors.  PGP is no longer prohibited from export which means interested government parties must be able to read information encrypted this way.
In general, these thoughts may or may not work successfully.  In any event, adding layers of confidentiality should help keep information secure from most unauthorized readers.  If you don't keep everyone out, then you will be able to at least cause difficulty for those who are trying to access your confidential information and communications.