Tech trends and business ideas

All things that motivate entrepreneurs

Sunday, July 06, 2008

Can't crack your code - make it simple

The noise over advanced encryption technology used by RIM refuses to die down.

Indian officials had put pressure on RIM to provide security agencies with a way around its encryption demanding either a "master key" into data and e-mails sent from RIM’s BlackBerry devices or that RIM set up servers that could be monitored by Indian security agencies. But during a presentation to India's Department of Telecommunications, RIM pointed to four other mobile e-mail systems in the country -- Windows Mobile ActiveSync, Nokia Intellisync, Motorola's Good, and Seven Networks -- that utilize similar encryption. RIM contends that the government would have to also take actions against those companies and not just RIM.

Data on RIM's network utilizes the 256-bit Advanced Encryption Standard. The Department of Telecommunications has said it wants RIM to reduce this to a 40-bit encryption.

Now I ask – Just because you are going on a long vacation, would the authorities want you to leave your apartment keys to them? How safe are our properties with an easily corruptible Govt. official?

By making the encryption crackable, they enable corporate espionage, spying and all kinds of gamesmanship. Why even an obsessed individual can hunt down anyone. Crime rings can have a field day. That's what we all need, more crime.

What’s the big deal about 256 bit encryption anyway? Is it not crackable? Satellites use 1024 bit encryption – do they want them to be downgraded too?

Every bit of encryption is just a complex algorithm that masks data. It can be outwitted by another stroke of ingenuity. It’s like picking locks. For every intricate lock, there is a smart locksmith that can pick it. By asking to limit the level of encryption, lawmakers expose their own strategic myopia. Next what? Will they want all locks to be pickable and make it easy for burglers? Asking for a master key to peep into every e-mail or seeking localized servers serves hardly a purpose. If they want to intercept communications, they should rather allow for the best encryption technology to prevail and then invest in innovative counter-cryption technologies or code-cracking initiatives that can break every code lock. That’s where we want a national policy – innovation investments as a part of counter espionage initiatives.

Yet another aspect worth exploring is when technology levitates more and more services from the desktop to the computing cloud or the internet. When SaaS service providers allow users to have unique encryption keys, will they classify such information as being held in the location of the server or where the key is held? I am not sure the data woven with advanced encryption protocol will cease to be in public domain that the security agencies cannot intercept. Nobody is asking for an intrusion free data haven as yet. We just want our data - say money in the bank - available for our exclusive use and not for any random hack to rob every last dime. But the Government in asking for lower encryption standards from RIM is exactly setting a trend in that direction.

Would they still ask for the cloud servers or their massive data centers to be located inside the Capitol Hill or the Parliament House? How much can they geotarget? Have they ever imagined what it takes monitor such a high volume data? Now the big question – how hard is it to bribe the security official that has access to the master key? Bite what you can chew folks!



Post a Comment

Subscribe to Post Comments [Atom]

<< Home