Encryption Part I: Introduction to Encryption 1
The first part of a new series on encryption: what it is, how it works, and how you can protect yourself.

By: Shane Killian

More:
Encryption Part I: Introduction to Encryption 1 - Video

Photo: Getty

The spread of usable encryption tools hasnt exactly made law enforcement wiretaps obsolete. But in a handful of cases over the past yearand more than ever beforeit did shut down cops attempts to eavesdrop on criminal suspects, the latest sign of a slow but steady increase in encryptions adoption by police targets over the last decade.

In nine cases in 2013, state police were unable to break the encryption used by criminal suspects they were investigating, according to an annual report on law enforcement eavesdropping released by the U.S. court system on Wednesday. Thats more than twice as many cases as in 2012, when police said that theyd been stymied by crypto in four casesand that was the first year theyd ever reported encryption preventing them from successfully surveilling a criminal suspect. Before then, the number stood at zero.

The cases in which cops encountered encryption at all, its worth noting, still represent just a tiny fraction of law enforcements growing overall number of surveillance targets. Feds and state police eavesdropped on U.S. suspects phone calls, text messages, and other communications at least 3,500 times in 2013, a statistic that will likely be revised upwards over the next year as law enforcements data becomes more complete. Of those thousands of cases, only 41 involved encryption at all. And in 32 cases cops were able to somehow circumvent or break suspects privacy protections to eavesdrop on their targets unimpeded. The report doesnt include details of the specific cases.

Those numbers still contradict the warnings from government agencies like the FBI for more than a decade that the free availability of encryption tools will eventually lead to a going dark problem, a dystopian future where criminals and terrorists use privacy tools to make their communications invisible to law enforcement. Last year, for instance, the Drug Enforcement Agency leaked an internal report complaining that Apples iMessage encryption was blocking their investigations of drug dealers. So the cryptapocalypse they warned us about in the 90s has come to pass, University of Pennsylvania computer science professor Matt Blaze noted drily on twitter. Strong crypto used in a whopping 0.25% of wiretaps last year.

Even so, a look back at the last ten years statistics from police reports shows that encryption use is on the rise, even if the number of cases remains small and most encryption use is still futile. As recently as 2006 and 2007, police reported that they hadnt encountered any uses of encryption at all, and only dealt with one case of a suspect using encryption in 2009, as shown in the chart below. (In Thursdays report, police also counted another 52 cases of encryption use by their targets prior to 2013, but didnt specify in which years those incidents had occurred.)

That steady trickle of encryption tools into the publics hands is a sign that Americans awareness of surveillance is rising. Edward Snowdens leaks about NSA surveillance began dropping in July of last year, and carried with them a wave of interest in new privacy technologies. Post-Snowden, both people and companies have become more sophisticated in safeguarding their communications, says Hanni Fakhoury, a surveillance-focused attorney with the Electronic Frontier Foundation. When you look at this report next year, there will no doubt be even more use of encryption.

Crypto aside, the report noted a significant drop in the cost of cops surveillance. Police reported an average of $41,119 per case in which they intercepted a suspects communications in 2013. Thats down 18 percent from the year before, and represents the cheapest snooping ever, perhaps thanks to advances in surveillance technology. In 2003, for instance, a wiretap cost an average of $62,164, almost 50 percent more than today.

That steady drop in the price of spying may be one reason why the number of total wiretap cases has steadily grown over the past decade. Although the total wiretap count for 2013 is still incomplete, it added up to 4,927 cases in 2012, more than twice the 2,136 cases in 2003.

Follow this link:
Rising Use of Encryption Foiled the Cops a Record 9 Times in 2013

Original illustration: Getty

Encryption is hard. When NSA leaker Edward Snowden wanted to communicate with journalist Glenn Greenwald via encrypted email, Greenwald couldnt figure out the venerable crypto program PGP even after Snowden made a 12-minute tutorial video.

Nadim Kobeissi wants to bulldoze that steep learning curve. At the HOPE hacker conference in New York later this month hell release a beta version of an all-purpose file encryption program called miniLock, a free and open-source browser plugin designed to let even Luddites encrypt and decrypt files with practically uncrackable cryptographic protection in seconds.

The tagline is that this is file encryption that does more with less, says Kobeissi, a 23-year old coder, activist and security consultant. Its super simple, approachable, and its almost impossible to be confused using it.

A screenshot from an early demo of miniLock.

Kobeissis creation, which he says is in an experimental phase and shouldnt yet be used for high security files, may in fact be the easiest encryption software of its kind. In an early version of the Google Chrome plugin tested by WIRED, we were able to drag and drop a file into the program in seconds, scrambling the data such that no one but the intended recipientin theory not even law enforcement or intelligence agenciescould unscramble and read it. MiniLock can be used to encrypt anything from video email attachments to photos stored on a USB drive, or to encrypt files for secure storage on Dropbox or Google Drive.

Like the older PGP, miniLock offers so-called public key encryption. In public key encryption systems, users have two cryptographic keys, a public key and a private one. They share the public key with anyone who wants to securely send them files; anything encrypted with that public key can only be decrypted with their private key, which the user guards closely.

Kobeissis version of public key encryption hides nearly all of that complexity. Theres no need to even register or log inevery time miniLock launches, the user enters only a passphrase, though miniLock requires a strong one with as many as 30 characters or a lot of symbols and numbers. From that passphrase, the program derives a public key, which it calls a miniLock ID, and a private key, which the user never sees and is erased when the program closes. Both are the same every time the user enters the passphrase. That trick of generating the same keys again in every session means anyone can use the program on any computer without worrying about safely storing or moving a sensitive private key.

No logins, and no private keys to manage. Both are eliminated. Thats whats special, says Kobeissi. Users can have their identity for sending and receiving files on any computer that has miniLock installed, without needing to have an account like a web service does, and without needing to manage key files like PGP.

In fact, miniLock uses a flavor of encryption that had barely been developed when PGP became popular in the 1990s: elliptic curve cryptography. Kobeissi says that crypto toolset allows for tricks that havent been possible before; PGPs public keys, which users have to share with anyone who wants to send them encrypted files, often fill close to a page with random text. MiniLock IDs are only 44 characters, small enough that they can fit in a tweet with room to spare. And elliptic curve crypto makes possible miniLocks feature of deriving the users keys from his or her passphrase every time its entered rather than storing them. Kobeissi says hes saving the full technical explanation of miniLocks elliptic curve feats for his HOPE conference talk.

See the original post here:
The Ultra-Simple App That Lets Anyone Encrypt Anything