WikiLeaks Showed That Encryption Works

What the CIA WikiLeaks dump tells us: Encryption works.

The tech industry is drawing one lesson from the latest WikiLeaks disclosures.  It is that data-scrambling encryption works.

Documents purportedly outlining a massive CIA surveillance program suggest that CIA agents must go to great lengths to circumvent encryption they can’t break. In many cases, physical presence is required to carry off these targeted attacks.

“We are in a world where if the U.S. government wants to get your data, they can’t hope to break the encryption.” This according to Nicholas Weaver, who teaches networking and security at the University of California, Berkeley. “They have to resort to targeted attacks.  That is costly, risky and the kind of thing you do only on targets you care about. Seeing the CIA have to do stuff like this should reassure civil libertarians that the situation is better now than it was four years ago.”

Four years ago is when former NSA contractor Edward Snowden revealed details of huge and secret U.S. eavesdropping programs. To help thwart spies and snoops, the tech industry began to protectively encrypt email and messaging apps.  That is a process that turns their contents into indecipherable gibberish without the coded “keys” that can unscramble them.

The realization that spy agencies had figured out that problem spurred efforts to better shield data as it transits the internet. A few services such as Facebook’s WhatsApp followed the earlier example of Apple’s iMessage.  They took the extra step of encrypting data in ways even the companies couldn’t unscramble.  This method is called end-to-end encryption.

At the moment, though, end-to-end encrypted services such as iMessage and WhatsApp are still the exception. Encryption is far more widely used than it was in 2013.  Nevertheless, many messaging companies encode user data in ways that let them read or scan it.  Authorities can force these companies to divulge message contents with warrants or other legal orders. With end-to-end encryption, the companies wouldn’t even have the keys to do so.

Read more.