Fully encrypted? Watch your back!

January 28, 2014 // By Julien Happich
Sure enough, the revelations of whistle-blower Edward Snowden on NSA’s large-scale surveillance practices have not just created political embarrassment among US allies, they have raised the level of “Big Brother” suspicion among even the most naïve citizens who would have assumed until then that any sort of state-surveillance is for their good only.

Then European governments somehow faked their surprise and horror. “Why would you so comprehensively spy on your closest allies?” they asked candidly, industrial espionage being just a bonus.

Early November last year, I remember receiving some press releases from companies exhibiting at Paris-based event Milipol, about stealth fibre communications interception equipment and server-based snooping software, to be installed on telco’s racks (the press release didn’t say if they had to agree or not). This global event gathers all the who’s who in the tech world of law enforcement, crowd control, surveillance, and military equipment.

At the time, I just thought, “if it’s for sale, surely there is a well-documented market for it and undoubtedly it will be used by any state or company acquiring it”. Nearly every day, there was a new revelation in the newspapers about how comprehensive, how “unfair” the NSA’s surveillance strategy had become.

And you can bet that pretty much every country represented at Milipol was looking for similar solutions, only limited by their spending budget, either to spy on others or to closely control their own citizens or very wide encompassing “select groups of activists”.

This surveillance scandal definitely gave a boost to providers of data encryption solutions, since you could argue that well encrypted data is rendered useless for analysis. The marketing pitch is easy now that we know pretty much anyone of us is virtually spied upon, indiscriminately.

Security technologist Bruce Schneier, a regular contributor to The Guardian on secure communications, got early access to leaked NSA documents to help journalists clarify the technical implementations of data collection and sifting. His main conclusions regarding encrypted data, is that the NSA will circumvent state-of-the-art encryption by finding the weakest point in the communication chain, accessing the data at weakly protected spots before the hard encryption takes place.

Often these include the end-points, your mobile device or computer, running an easy to tamper operating system,