The Blonde Bombshell warned us about the “Five Eyes”. It’s illegal for our most beneficent government, which loves us and only wants what is best for us, to spy on us. Of course, that depends on what is meant by “spying.” But never mind that for a moment.
Our most loving government still wants to know about many of us, and since they cannot spy legally, they ask a friend to do it for them. Or so the rumor goes. We ask, say, England to spy on our citizens, and we in turn spy on Australia’s, who spy on Canada’s, who spy on New Zealand’s, who spy on England. Or Australia spies on New Zealand, who…ah, never mind. It’s a merry skulduggery mixup!
The real headline is this: ‘Five Eyes’ governments call on tech giants to build encryption backdoors — or else.
A pact of five nation states dedicated to a global “collect it all” surveillance mission has issued a memo calling on their governments to demand tech companies build backdoor access to their users’ encrypted data — or face measures to force companies to comply.
The international pact — the US, UK, Canada, Australia and New Zealand, known as the so-called “Five Eyes” group of nations — quietly issued the memo last week demanding that providers “create customized solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements.”
This kind of backdoor access would allow each government access to encrypted call and message data on their citizens. If the companies don’t voluntarily allow access, the nations threatened to push through new legislation that would compel their help.
In other words, you will be forced to let the government spy on you. And they will, as they always have, put that information only to good, moral, upright use. Because of love.
There’s only a couple more terms we need grasp. One is “end-to-end encryption — where the data is scrambled from one device to another — even the tech companies can’t read their users’ messages.”
Another is the difference in encryption, which we can take as the mathematical scrambling of a message, and encoding, which is the stating of a message in a different language.
Finally, “Security researchers and other critics of encryption backdoors have long said there’s no mathematical or workable way to create a ‘secure backdoor’ that isn’t also susceptible to attack by hackers, and widely derided any backdoor effort.”
This is true. Even if your device and your friend’s device employed unbreakable one-time-pad encryption, there must still come the point at which the device decodes and decrypts the message and displays it in plain text. Anything that can hack what’s on the screen can then read the message. You cannot make a device invulnerable to this kind of hacking (other kinds of hacks exist, too, such as keystroke reading, etc.). Backdoors into the encryption code are thus not strictly necessary: the government can mandate “screen readers” instead.
Encryption, then, only slows down a determined enemy. Still, slowing down an enemy is a valuable strategy.
Now suppose you are one of the very, very few individuals your government does not love, and you want to make life hard on those who would spy on you. What can you do? Encryption is good, but imperfect, as mentioned. You have to limit your “meta” data, which is liable to sigint spying. The NSA, for instance, collected where you made calls (or texts or emails, etc.), to whom you made calls, what time you made calls, the duration of those calls, on what devices (and who owned them) you made calls, the pattern of those calls and non-calls (your device is tracking you wherever you go), the pattern of calls of whom you called, and so on. All this together paints a rich picture of your message, even if the exact message remains hidden.
There are only three solutions. The best is the old fashioned way. Use non-electronic means to communicate with your friends. Written one-time pads cannot be spoofed or broken, and you only need worry about cameras recording you reading the message (which you can burn). Sigint is still possible—the cameras in public spaces see you coming and going—but it can be reduced.
Spoofing is still fun. Send random messages at odd times from strange locations that seem to laden with content but which are nonsense. Be careful who you’re sending them, too, of course. Spoofing keeps ’em guessing.
Last, use layers of code (before encryption). Your device encodes your plain text into 0-1 bits, but that’s a trivial code. Remember the Navajo code talkers? That worked because only a few knew what the encoding meant. You want messages like this:
Hello, Lucky. Hello, Lucky. Report my signal. Report my signal. Over.
Hello, George Mike Walters. Strength three. Over.
Recon reports Indians on the warpath in your area. Over.
Ain’t no Indians around here. Over.
Do not take literally. Repeat. Do not take literally.
The vultures are circling the carcass. Repeat. The vultures are circling the carcass. Over.
I see a couple of gulls, but I don’t…
The pit bull is out of the cage. The crips are raiding the store.
Make yours a little more inventive. Mix real ones with spoofed ones. And NEVER, not ever, repeat a scheme. Even one repeat and they gotcha.