Sunday, 19 June 2016

Should I thank Theresa May?

For some decades now the security and Internet community have tried to convince people to encrypted data.

It has taken a long time to do this - partly as computing power used to be difficult to handle secure communications even only a few years ago, but times have changed.

Now it is not just possible, but desirable, for https everywhere not http, and end to end encryption in communications.

The challenge has been convincing people of the need. After all, criminals may be smart but they had not, until more recently, been that smart.

The good news is that it seems to me that the message is finally sinking in. More and more people are assuming every web site they make should be https. Heck, even the aa.net.uk site should be soon. We are looking at ways to make this the default for our web hosting customers too (but that is quite a complex project).

The odd thing is why this is happening. Criminals are the real threat here - they could hack communications providers to access unencrypted data. They could hack DNS to impersonate a web site. They can get your data and exploit it.

But the real reason I feel worried, and I know a lot of others do, is not the criminals, it is the authorities. It is the massive invasion of privacy that the government want to have access to.

I am far more concerned that my privacy will be invaded by the government than criminals.

Why? Well, if they get the IP Bill through they will simply have the legal power to do that, and on a large scale. Criminals take a risk and have to compromise systems. Government can simple issue secret orders and warrants and do what they like. Which is more likely to happen?

The good news is more and more people are using end to end encryption like PGP, Signal, iMessage, and all sorts. More people are encrypting hard drives as standard. More operating systems are making it easy and default to do so. If they insist we disclose passwords, we make systems with hidden partitions, and steganography and secondary password protected innocent file stores. So many ways to defeat the adversary. So may ways we can prove we are complying and innocent whatever data we really hold. These are techniques to handle the criminal, even those with $5 wrench but they work just as well on the authorities if you are a criminal yourself, or not and you just want your human right to privacy.

It really seems we all fear a police state more than we fear criminals. Crazy, I agree, but end result is we are safer from criminals too. So a good thing.

Thank you Theresa May for whipping up enough paranoia for people to finally take privacy seriously. Well done.

1 comment:

  1. An interesting read on the woman

    http://order-order.com/2016/07/02/read-full-article-pulled-telegraph-pressure-may-campaign/

    ReplyDelete