Following the recent data breaches at Sony and the attacks at the Paris offices of Charlie Hebdo, certain politicians have wasted no time calling for increased government surveillance, broader anti-hacking statutes (with stiffer penalties), and, in the case of British Prime Minister David Cameron, a call to limit non-government use of encryption technologies. Oddly enough, a leaked cybersecurity report from the U.S. government pointed out just how important crypto is to everyday internet functionality.
We've heard this story from governments before, of course, from the "crypto wars" of the early 1990s to recent claims by the FBI that encryption allows networks to "go dark," and prevent legitimate law enforcement efforts. But as the leaked security memo asserts, without strong crypto and secure networks, we're all put at greater risk. It is crucial that we keep this in perspective as the world's legislative bodies rush to do something--anything--in the face of these crises.
My most recent article on this topic, Furtive Encryption: Power, Trust, and the Constitutional Cost of Collective Surveillance, was just published in the Indiana Law Journal, and addresses some of the issues around crypto in greater detail. Specifically, what happens when your use of encryption is automatically labeled suspicious behavior by governments? I'd love to hear your thoughts on the topic and continue the conversation, as some of my current research builds on these concepts.
In the meanwhile, I'll leave you with this handy link with practical tips on surveillance self defense.