Apple vs FBI: The unspoken Truth on Encryption

While one can admire Apple for ‘defending’ it’s customers privacy, while also benefiting with the positive advertising. It is probably a moot, and hollow victory as the NSA and the CIA have already broken Apple security.

Not that it shouldn’t be of high importance, the resources required to do the cracking of any particular extraction of an encrypted message sent with a iPhone would most likely exceed the budget of a small country. Which is exactly the point of encryption, making it hard, and expensive to decrypt. Imagine the joviality at the NSA/CIA after the hours of decryption, that the ‘Important’ message turns out to be a high priority, top secret Cookie Recipe from you mothers cookbook.

And thereby is the unspoken truth of encryption the first one is this: you must either decrypt everything, to find what is being said, because if you can only choose strategic messages, choosing the right ones are tantamount.

During WWII monitoring enemy communication was aided by observing the frequency of communication traffic, when frequency increased, something important was being communicated. Modern military communications is continuous and unbroken, transmitting meaningless message traffic, and therefore not highlighting any particular message in the traffic stream that would be required to be decrypted. This would now be a requirement to decrypt everything, in the military traffic stream.

The second Truth is this; The assumption that you can decrypt all the messages is the hight of arrogance and ignorance. Anyone, yes anyone can create an encryption that will be impossible for a machine of any sort to decrypt, and many of these can be hidden to the point that even a human expert directly observing the message can not decipher.

Imagine hiding messages in the continuous email stream called Spam, which now constitutes more that 80% of all email traffic?

Thoughts like this keep the NSA/CIA/FBI up nights, and no matter what Bull Shit they might tell you about the need to have back doors and encryption keys it will NEVER catch all the potential secret messages that terrorists might choose to pass to each other.

Because the simplest of truths: It isn’t possible.

Internet Privacy myths

One of the enduring myths of the internet is the one involving privacy. This article on CNN titled U.S. enables Chinese hacking of Google takes umbrage at the notion that everyones email is secret and private. And while this myth might comfort many, the truth is that email was NEVER private. Every email host, every email relay was able, and in fact, completely open to reading, scanning and snooping, by man-in-the-middle processes and furthermore always has been since the beginning of the internet. And even if everyone was using https or ssh with their email clients while connected to their mail server, it did not encrypt the contents of the email. It may have minimized the likelihood of it being read in the data stream, but unless you were in the habit of encrypting your email with PGP or some other cypher your email and hence your ‘Privacy’ is negligible, hence, the privacy myth.

And while on the CNN article the discussions brought up the same old saw that governments HAD to have backdoors to snoop on email communications to prevent crime and terrorism without the concern that at no time has it proved itself in practice. Anyone wishing to sent communication, and have it stay private can do so, even in the face of a dedicated snoop. Anyone who had even browsed an encryption textbook can create a completely uncrackable code, and I mean uncrackable by anyone, by any means and present their messages in plain text in emails. Hacking them by any government is merely security theater and fundamentally has NO value.

If you seek ‘privacy’ stop sending anything through the internet unless it is encrypted by at least PGP (if not something more substantial). The only thing Google has lost in this privacy issue is the trust of their users to protect their email ‘publications’ on the internet. Now everyone will know that they have another recipient to all their emails, in other words, all the other governments, hackers, scammers and spammers in the internet.

Crypto in the personal privacy world

I was recently presented with The Code Book and while leafing through the pages during a moment of boredom I managed to create a simple crypto using the Julius Caesar character substitution method using Sybase T-SQL. And though I’m sure that the resulting encrypted text could be broken with brute force, it would not be easy, nor very worthwhile for most messaging.

In this world of spying and privacy invasion from all directions, a little personal crypto might be in order, particularly if one is inclined to be suspicious of commercial algorithms. and while this stored procedure is simple, it can be enhanced, feel free to use it for your own needs.

CREATE PROCEDURE dbo.simple_crypto
(
@key_word varchar(25),
@message varchar(255),
@direction varchar(8)
)
as

set nocount on

declare
@key_input varchar(20),
@key varchar(27),
@key2 char(27),
@olumn int, @olumnk int,
@input varchar(255),
@olumnb int,
@output varchar(255),
@out char(1), @a_char char(1),
@undone varchar(255),
@count int

select @count = 97, @olumnk = 1
select @key_input = lower(@key_word) –‘branedy’
select @input = lower(@message)

create table #alpha (a_char char(1))

while @count <= 122 begin insert into #alpha values (char(@count)) select @count = @count + 1 end select @key = char(32) while @olumnk <= datalength(@key_input) begin select @out = substring(@key_input, @olumnk, 1) delete from #alpha where a_char = @out if @@rowcount = 1 begin select @key = @key + @out end select @olumnk = @olumnk+1 end select @key = @key + a_char from #alpha drop table #alpha select @olumn = 1, @olumnb = 1, @key2 = 'abcdefghijklmnopqrstuvwxyz{' -----------------encrypt if @direction = 'Cipher' begin while @olumnb <= datalength(@input) begin select @output = @output + char(charindex(substring(@input, @olumnb,1), @key) + 96) select @olumnb = @olumnb+1 end select @input + ' = ' + @output as 'Encrypted' end -------------------------------------------decrypt if @direction = 'Decipher' begin select @output =@message while @olumn <= datalength(@output) begin select @undone = @undone+ char(ascii(substring(@key, charindex(substring(@output, @olumn,1), @key2),1))) --, select @olumn = @olumn+1 end select @output + ' = ' + @undone as 'Decrypted' end -------------------------------- select 'From the key ' + @key return GO