Strong encryption, overreaction, and what you can do to help keep yourself safe online

With the release of the new iPhone last month, and the announcement of it’s new (and existing) security features, there has been a rash of stories about law enforcement’s reaction to these new features, and the reaction has bordered on the ludicrous.

This:

“Apple will become the phone of choice for the pedophile,” said John J. Escalante, chief of detectives for Chicago’s police department. “The average pedophile at this point is probably thinking, I’ve got to get an Apple phone.”

Or this In a Washington Post op-ed from Ronald T. Hosko:

“[Criminals’] phones contain contacts, texts, and geo-tagged data that can help police track down accomplices,” Hosko wrote. “These new rules will make it impossible for us to access that information. They will create needless delays that could cost victims their lives.”

These reactions make me very angry. As is typical with this kind of thing there is the backlash in the media with very little thought paid to what is being said. Then the reaction comes from the people who are now scared because they have put little thought into the reality of the situation and are simply reacting out of fear.

What planet are these two law enforcement people living on? Somehow having encryption on the iPhone is going to suddenly make it the phone of choice for pedophiles (what was their choice before…the iPhone already had encryption)? Are they saying the pedophiles aren’t using encryption already?

According to these gentlemen it will be impossible for law enforcement officials to do their jobs because iOS 8 has encryption turned on by default. What have they been doing up until this point? Nothing? This certainly isn’t some brand new technology so I’m curious how iOS 8 encryption turned on by default is any different than the encryption technologies already encountered by law enforcement in previous cases.

The truth is it isn’t any different. The rules haven’t changed at all. Law enforcement still has all of the tools necessary to prosecute these cases they had before iOS 8 and their job isn’t any harder. The idea that the only tool they have is decrypting someone’s computer or phone is completely ridiculous.

Let’s get back to the idea that somehow pedophiles have won now that iOS 8 is available. Here are a couple of stories about recent cases of the use of encryption in child pornography arrests:

So in two out of three of the cases discussed police were still able to get what they needed. In the third case there was no hard evidence and the guy hadn’t been charged with anything until being held in contempt of court for refusing to decrypt the drives.

What is even worse to me are the people who think that somehow anyone has to have a “good reason” to use strong encryption. Here is a piece written about another child pornography case:

“True Crypt” Encryption Software Stumps MCSO Detectives in Child-Porn Case

This is yet again another good example of law enforcement already getting what it needed without requiring the defendant to decrypt other hard drives that were in his possesion. But the most ridiculous part of this article is this quote (emphasis mine):

For computer users and businesses, encryption may just be a way to prevent theft of such information as credit card numbers. There’s a comforting power and freedom behind the idea of creating files that no one else, not even the seemingly all-powerful government, can see. But in terms of which individuals actually need unbreakable encryption, potential perverts, criminals, and terrorists are clear benefactors of the technology.

Yes unfortunately those people are benefactors of the technology. So is everyone else. Want to help keep your identitiy from being stolen? Go paperless and encrypt your data. Want to only have one password as the key to all of the others so you don’t have to remember them? Use an encrypted password vault. There are many, many reasons to use strong encryption, none of which have anything to do with breaking the law, being a pervert, or a terrorist.

I prefer keeping my information encrypted. I store all passwords encrypted. I store vital documents and other sensitive personal information in an encrypted form. I pretty much keep all of my data encrypted. Why? Because it’s my private data and I don’t want potential thieves being able to get it and use it. The reaction of law enforcement to the iOS 8 announcements seems to indicate they think I’m hiding something from them by using encryption. No, I’m using it to protect myself.

I’m getting really tired of reading these kinds of things. Here is a quick guide on how to help protect yourself while using your Mac or iOS device.

What is the most important thing you can do to increase your digital safety? Choose good passwords! Easier said than done right? Not true. To make your life easier you only need to choose a password vault application to store all of those passwords. That application also will help you generate very strong passwords. The beauty of it? You only need to remember one password. Everything else is stored, encrypted and secure, in the password vault. I store everything in mine: passwords, credit card information, insurance information, etc. I have it on multiple devices so it’s easily accessible. It is the first piece of software I install on any new device I buy. Two good options are:

So the first thing to do is get one of these applications. Choose a long password as the key to your password vault. Remember that this will be the only one you’ll have to memorize so make it good! The next time you visit a website that requires you to log in change your password there. Generate a strong password with the password vault and store it there. With just that step you’ve already gone a long way to helping yourself out.

What else can you do? Use full disk encryption for your Mac, especially if you have a laptop you take anywhere with you. On the Mac this is easily done by turning on FileVault.

If you own an iPhone and/or iPad there are several more things you can do.

1: Use a passcode.

Even if it’s four digits it’s better than nothing! This article has a bit of information on how data security works on an iPhone or iPad and has a good section on choosing a passcode. Aside from the built-in apps more apps are taking advantage of the security framework provided by Apple to also encrypt their data when a passcode is used. GoodReader and Scanner Pro are examples of applications doing this.

2: Use iMessage as much as possible when texting.

iMessage is encrypted end-to-end and Apple (and anyone else) can’t read your messages.

3: Use a password vault.

1Password and LastPass are both on iOS and sync with the desktop/web versions so you’ve got everything right there on your iPhone or iPad as well.

These practices are a good start to improving your security online. As with anything else there is more you can do but these things will go a long way to making sure that you help yourself stay safe online.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: