2008/01/28

Encryption / FDLLUG

Everyone who uses digital communications or stores information in digital form in today's world should have a good working knowledge of encryption.

According to Wikipedia, "encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key."

Two primary reasons to have a good working knowledge of encryption are:
  1. To avoid problems if you lose private or sensitive digitally-stored information, such as medical records, confidential company documents or personal finances.
  2. To maintain privacy for digital communications, such as email, which, if not encrypted, can quite easily be read by others.
In the case of digitally stored information, encryption has become much more important than it was ten or twenty years ago. This is because quite a bit more of our lives are stored on digital media than was ten or twenty years ago and because of the proliferation of portable computing devices. Computers and digital information have become an essential part of everyday life for most Americans. Moving a person's information from hardcopy to digital format means that thousands of times more information can easily be carried around by one person (or sent over the internet) than could have been done in the past. People never used to carry around on a daily basis their music collections, photo albums, correspondence with 100 people for the past three years, address books, and hundreds of memos and reports from work. With smartphones, 8 GB USB flash drives and 160 GB iPods, people have the capability to carry the above list of items and more. All this information, if not encrypted securely, can easily be viewed by strangers when you forget your flash drive on a computer you borrowed for a few minutes, when your iPod is stolen by someone when you're not watching, or when you forget your cell phone at the airport security check, like thousands of people do each year.

Regarding the second reason listed above for having encryption, an unfortunate result of using the term email for early internet communications was that people in the US associate the relative security of snailmail with communications they send via email. Such is not the case. Most people assume their email cannot easily be read by others, partly because they themselves don't know how to read other people's email. Many governments and hackers would be able to demonstrate the fallacy of thinking your email is secure. Unencrypted email can be quite easily intercepted and read. To understand this point, consider that "...in a Jan. 21 [2008] New Yorker article, Director of National Intelligence Michael McConnell discusses a proposed plan to monitor all -- that's right, all -- internet communications for security purposes..." The US federal agencies wouldn't dream of proposing they be given carte blanche for opening all US snailmail in order to keep us safe and "stop terrorists". Yet they are more than willing to repeatedly request the legal right to monitor all phone calls and email/internet communications for that same reason. Some people think these agencies already have programs and equipment in place to do this type of monitoring, regardless of the legal issues involved... Maybe they should also be given the legal right to open all snailmail to keep us safe. After all, if you're not doing anything wrong, why would you object to some government agency opening and reading all your snailmail??

At the 6 PM, 13 February 2008 Fond du Lac Linux Users Group (FDLLUG) meeting, encryption will be the topic of the month. The speaker will be Jim Leinweber from Madison, Wisconsin, USA, a speaker who was both knowledgeable and entertaining as a speaker at an FDLLUG meeting several months ago. When I asked him to bring Bruce Schneier along to the FDLLUG meeting for a panel discussion, Jim said I'd have to settle for a panel of one (meaning Jim), although he has been at presentations Bruce has given and has several of Bruce's books. If you're interested in encryption and can make it to the FDLLUG meeting at Moraine Park Technical College in Fond du Lac on 13 February, you can learn about PGP, GPG, other basics about encryption and get most of your encryption questions answered.

*****

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home