Lawrence E. Hughes
– Is Privacy Dead?
A really good book from one of the best people in the security field came out last year. I recommend you to read it. It’s “Data and Goliath” by Bruce Schneier. Bruce explains exactly how your privacy is being invaded on a monumental scale today. The government does it to look for threats to national security. Many corporations (including many prominent Internet companies) do it to collect information they can resell to anyone willing and able to pay for it. Windows 10 is collecting all kinds of information on its users. This book will scare the hell out of you.
But we can’t stop using our cellphones, the Internet, chat, or e-mail – our society depends on these things now. But we can learn to protect ourselves (to some extent) from having everything about us scooped up in the widely cast nets being used today.
Bruce points out that encryption is one of the most powerful PETs (Privacy Enhancing Technologies). It is indeed, but in many uses of it, it’s simply too hard for ordinary mortals to use. It works best when it happens “in the background” with little or no effort on the user’s part. Things like HTTPS (secure web), and Full Disk Encryption (e.g. Bit Locker) are good examples of this.
With HTTPS, you don’t really have to do anything (other than include the “S” after HTTP, and even that is usually done for you, in hypertext links). The server sends you its SSL certificate, your browser validates that, verifies the server has the corresponding private key that identifies the server, exchanges a symmetric session key, and encrypts everything going in both directions. All of that wizardry happens without you having to tell it to do it, or even knowing that it’s going on. You get server to client authentication and privacy essentially for free (well, the website owner has to buy an SSL certificate, but you don’t have to buy anything). That’s good security design.
With Full Disk Encryption, your entire hard disk drive is kept in encrypted form. When you are using the computer, the device driver automatically decrypts the sectors your read, and encrypts the ones you write. You hardly can tell it’s happening (especially with an SSD that has hardware encryption). You do have to supply a passphrase when you first boot up your computer, but that’s about it. But if someone steals your computer at the airport, the data on it (which may be incredibly valuable) is completely safe from the thief. That is also goodsecurity design.
But with some Privacy Enhancing Technologies, like Strong Client Authentication (obtaining and using a client digital certificate to identify yourself to a secure server) or S/MIME (End to End secure E-mail), it’s so difficult to use that few people do. This is because the technology is too “exposed” and requires complex manual steps today (not to mention too much obscure technical knowledge).
I once heard about an experiment regarding S/MIME usability. They gave a group of technically competent people copies of Microsoft Outlook, and access to a vendor of S/MIME certificates, then gave them two hours to send the experimenter an encrypted message. At the end of the time, only two of the participants had succeeded. There is nothing wrong with S/MIME – the implementation is simply not suitable for most people to use. Current PKI implementations are mostly web based. My E-mail client can’t surf to a website to request and download a cert. Those sites are designed for humans to use. That is bad security design.
After many years of working in security and PKI I realized that creating a secure Certificate Management Protocol (like our Identity Registration Protocol) and using that protocol to allow an e-mail client to automate most of the steps (thereby hiding the complexity from the user) can make S/MIME E-mail as simple to use as HTTPS.
We first created a certificate authority that supports IRP (IDCentral), and then a secure E-mail client that supports it (Blackbird). We also added in LDAP integration to make it trivial to publish your own cert in a directory (e.g. Active Directory), and allow other users to use that directory as an address book (complete with your cert).
With this automated certificate management and directory integration, the vast majority of the participants in that experiment would have managed to complete the challenge, most in 15-30 minutes. This brings a powerful Privacy Enhancing Technology (S/MIME E-mail) into the reach of any Internet user.
Some people may say “why would I need to encrypt my E-mails? I’m not James Bond”. You might be surprised how easy it is for people to see (or even change) your E-mails without this protection. Unencrypted E-mails are easy to surveil at many points along the way. Google routinely scans all your free G-Mail messages and sells information found there to anyone willing to pay for that. But there is a better reason, as espoused by the Encrypt Everything project (who are trying to make HTTPS universal). Today, using encryption makes you stand out, and the bad guys will try to find out what you are trying to hide by other means (like installing a Trojan Horse that watches everything you type or see on your screen). If everyone uses encryption, they won’t know whose E-mails (or web searches) are “interesting”. They will be trying to find a needle not in a “haystack”, but in a giant pile of needles (a much more difficult proposition).
My primary focus at Sixscape is to create advanced Privacy Enhancing Technologies that are so simple and unobtrusive that anyone not only can, but will use them, as with HTTPS today. We are first applying this to E-mail, then to chat, and later to voice.
I am doing this because I strongly believe that Privacy Is a Fundamental Human Right.