You are viewing a single comment's thread from:

RE: The battle over encryption...

in #technology9 years ago

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I saw an interview by an FBI agent the other day about how the agency used a 3rd party hacker (so-called grey hats) to obtain the iPhone information from the San Bernardino shooter. Here's a link :

http://www.nytimes.com/2016/04/20/technology/fbi-iphone-apple-house-encryption-hearing.html?_r=0 .

I think a particular useful comment was that we should have a public debate on it. She seems a bit less intense than the current Director of the FBI.

All in all, encryption is a tool. We use it all the time for ordering items off the internet and rely on it for security. Also, we know from Snowden that "Encryption works." The biggest threat to security is not the government creating quantum computers or having enough computational power to brute force an attack (they will do this if they are bent on obtaining your private key). Rather the human element and the potential for mistakes and, in general, poor operational security are the biggest factors that contribute to this.

As users of new and innovative technology that relies on various encryption schemes to work, we need to address this topic. In doing so, we can educate the public and teach individuals the difference between encrypting a message and signing a message to prove authenticity. However, I think one of the first steps is to always sign messages. This has the side effect of permeating society's mind about the existence of digitally signed messages, which is a prelude to full-blown encryption.

-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlcZe6cACgkQrXhoUZB1ALtNagD/cv53Y9XX19q/FxPnKlroWnro
HkDh6rbfI9K7Kt0ufigA/3BPoc9eQWvPMBiayzXpKZRo7PExOuifuGs+Jd28HWgD
=oTcA
-----END PGP SIGNATURE-----

Sort:  

Apologies to anyone who finds out that this signed message doesn't verify. Formatting reasons exist within Markdown. A signature of the above message can be found at www.matthewniemerg.com/STEEMIT/Comments/justin.encryption.comment.1.asc .

Since STEEMIT requires a login with a private key, it is implicit that you are signing a message. I am only signing these comments and a few posts to prove authenticity, which can be verified with my other public key that is hosted on MIT's public GPG servers.