Banning encryption and other unicorn fairies

Amber Rudd (some busybody MP) was recently quoted in the news after complaining nobody in the tech industry was taking her seriously about her plans to ban encryption.

There's three things here that any fule no:
1) You can't ban digital technology that's well established in the public domain
2) MPs don't want to ban encryption to fight terrorism, they want to fight personal privacy and have access to all our 'secrets'.
3) Amber Rudd is an ugly munter

Number three was a bit childish, but that's just the way I feel

There are two types of encryption: Communication and data storage. Amber Rudd is targeting Whats App in particular, a communications forum that uses end to end encryption. Ms Rudd would like to ban that type of encryption so she can read your innermost thoughts. It's a rather complex process to get hold of information shared through these services, if it's even stored and i won't go into all that

It's simpler to get hold of data stored on a personal computer, for example, because the police just get a court order for the password. If you don't supply it, you go to prison until you do

Encryption can have it's uses, but it can also have it's pitfalls. Very often, after the police arrest someone, they take their computer(s). Legal and innocent data stored on a PC can actually provide 'evidence' of guilt

If you were arrest arrested in connection with a sex offence and you have a large database of legal porn, you may not want the police to see it as they may draw their own conclusions.

I have a large database of websites and information pertaining to Libertarian issues. If I were wrongly arrested in connection with a terror offence, the police may well see me as some kind of subversive, particularly with the current drive against anything 'far right', which to our current powers that be, include simply voting UKIP

I have a similar collection of martial arts ebooks and the like. I used to do a lot of martial arts when I was younger and like to keep on top of it. This could also be seen in a bad light if I was arrested for something I had not done.

Have a look through your computer files and your books / magazines around the house. How many of them could paint the wrong picture of you if you ever came to the attention of the law?

The desire to ban encryption is apparently about, "those intent on trying to mask their online criminal activities". The keyword there is criminal. What it really means is anyone wanting to mask any activities done on their pc. If the police ask to see your database, you must comply.

I would like to think that any request for information on my PC would be backed up by a court order, and that order would only be obtained after the police had supplied sufficient evidence to the courts that I was involved in criminal activities. However, I am not that naive.

Purposefully using encryption programs on your PC can raise a red flag if scrutinised. It says you have something to hide. Something to hide, to normal people, just means protecting their privacy. To the Government and their enforcers, it means you must be a criminal.

In the early days of computing there was a program call PGP, which stood for Pretty Good Privacy. It was an uncrackable program

When PGP first came out in America, the authorities made moves to outlaw it. They also wanted to ban research into encryption algorithms and keep it for themselves. They wanted to make you , as a concerned citizen, liable to fines or imprisonment if you dared own software capable of making your files inaccessible to them.

This went tits up when PGP was immediately distributed on the Internet as freeware. Since then, Phil Zimmerman, the software's creator, was harassed for three years and taken to court by the American government for allowing his own software to "escape" from the USA. All under the guise of anti terror, anti drugs. The usual suspects and this was (I believe) about 30 years ago.

I have never been tempted to use this program or anything similar. The simple reason is, a 50 character password says to any casual observer, "look at me, I've got something to hide".

You don't need encryption software to keep your private information safe, particularly in this day and age with drives that have huge storage capacity.

My preferred method of keeping data secret is not to encrypt it, but to hide it among vast amounts of other information.

For example, download a copy of the Encyclopedia Britannica, pick a subject, say, the Alaskan Moose and replace that chapter with the data you want to keep secret. Only you know where it is or even that it is there. Anybody wanting to gain access would have to read through most of the encyclopedia just to find it. You can be put in jail for refusing to disclose a password, but not a passage in an encyclopedia.

You can also use this trick when emailing sensitive information. Send so much data that your secrets will never be picked out from among it. Only your recipient knows to look under "Moose".

USB data sticks can hold a huge amount of information and can be hidden in very small spaces. If you store info on a USB, never copy it to your PC to work on it / edit it. Do it all with the data on the stick.

Encryption will only serve to flag your data and the police will just "ask" for the password.

If you store personal information on your hard disk and delete it or move it to a USB stick, it isn't really gone. The file has simply been flagged as free space. Unless other data is written over it, it can easily be recovered. Use a program such as Eraser to clean your old files. It's free to download. Eraser doesn't just mark data as free space, it overwrites junk data on top, erases that and does it again. This means that the files can never be recovered.

If you really, really must encrypt then do it wisely. If you have a set of bank accounts and stocks that you are saving in case the worst happens and you get divorced (a good plan), then you may want to use something a bit more secure than what I have stated above. Details on a USB stick that may one day be discovered by the Mrs would be better with some kind of encryption security. PGP is still the best in my opinion. Pick a good password. Not Tiddles or Manchester United. You need a string of characters and numbers that don't make any actual words. Decryption software will break a bad password in minutes.

Encryption and decryption also takes time. Only do it to files you wont be accessing often. If you have to access them daily you will get lazy and leave them decrypted for the next time, and that is when you will get caught.
And lastly, don't call your highly sensitive file, Otherwomenihaveshagged.docx. Call it "My love poems", or something equally as likely to not get read.

A good trick back in the old days was to use a floppy disk. Put your data on a disk, label the disk, 'Frogger', then chuck it in a box with a hundred other game disks. It's not such a good trick with modern technology, but a variation is if you have multiple folders on your PC containing multiple word documents (maybe you're a professor or something), bung you data in a word document and stick it somewhere in the middle. You can also store pictures in word documents, so if someone searches your PC for picture files (JPEG etc) they won't find your incriminating pictures

One basic rule to always follow though: You best kept secret is only as safe as your worse kept secret. Meaning, if someone decides to have a look through your files, maybe the wife looking for your secret bank account, they cannot find anything. If they find something that isn't all that sensitive, but has been hidden in a half arsed manner, they're on to the fact that you have things to hide and will step up the search until they find everything

That principle also applies to analogue encryption. Hiding items in a shoebox under the bed. If you want your privacy to truly be private, make sure all your secrets are adequately hidden. They find one, they find them all

It's your data and you have a right to keep it private.

*Disclaimer* I use the methods above to keep my personal data private, not to conduct criminal activities and neither am I condoning such. Don't be a cunt.


nisakiman said...

Bucko said...

Anonymous said...

Bucko said...