Drone Data Sparks a New Industrial Revolution

From farming to mining to building, the increasing availability of drones and the information they can map is changing how companies do business.

Businesses are learning that sometimes the best way to boost the bottom line is by reaching for the sky.

Commercial drone usage across a wide variety of industries is exploding as businesses take advantage of rapidly advancing technology and falling hardware prices to incorporate the technology into their work flow.

“Incorporation of commercial drones is going to continue to grow exponentially,” says Darr Gerscovich, senior vice president of marketing at DroneDeploy.

To date, the aerial data consulting company’s clients have used DroneDeploy drone software to map more than 2 million acres across 100 countries. It helps dozens of industries collect and interpret drone data. “We’re seeing a tipping point now, but it’s the first of many tipping points,” he said.

“Businesses are finding a tremendous amount of value in having aerial intelligence,” Gerscovich continued. “Getting data, and making sense of the data.”

In a little more than a year, DroneDeploy clients mapped an area larger than the state of Delaware, and they’re adding aerial data four times faster this year. Drone-captured data, it seems, is in high demand.

More than Google Earth

It’s tempting to think of commercial drone usage as a more detailed version of Google Earth, but the information is far more dynamic.

“Who are the primary users of Google Earth?” Gerscovich asked. “You and me—people with a goal of getting from point A to point B. Roads may change over time, but they typically don’t change that often.”

For Gerscovich’s clients, however, the surveyed areas change constantly.

“We’ve had plenty of examples where Google Earth or another satellite image provider just shows a bunch of trees or a wooded area, and after the drone flight, we see that there’s a full solar power plant there,” he said. “Static imagery is not sufficient.”

(Looking) Down on the Farm

One of the first, and heaviest, users of commercial drones is the agriculture industry.

“Farms have hundreds or thousands of acres,” Gerscovich explained. “They largely use drones for crop scouting. It saves the time of someone going out and driving around the fields, which is one of the ways it’s been done until now.”

Instead, a drone can fly over the entire area and spot which fields farmers need to pay attention to, rather than relying on what can be seen from the nearest driving path. Growers can then upload the images to the cloud and knit them together to make a map showing the condition of an entire crop.

“You can see the entire field and identify the areas where there’s an issue,” Gerscovich said. “During growing season, they’re trying to catch issues while there’s still time to address them.”

The condition of a crop can change with a few days of rain or dry weather, so multiple drone passes are necessary to provide a constant stream of data.

Data Mining and Construction Site Insights

The mining and construction industries have also been early and avid adopters of drone technology. While farms need quick maps of large areas, building and digging sites typically are smaller, but the need for detail is much higher.

“Generally, they want to understand site progress,” Gerscovich said. “In order to get daily or monthly status updates on the stage a project is in, for a large site, it used to take a half a day to walk the entire site. Now, they can do it in 15 minutes with a drone.”

Job sites also tend to make heavy use of 3D modeling, something that can be built from detailed drone data.

“If you’re building a tower, and you’re six months into the project, you can verify the structure is being developed according to plan,” Gerscovich said, explaining that the 3D image can then be loaded into the construction company’s autoCAD system to compare the progress to the building plans.

“It helps people on site, and it also helps people back in the corporate offices to understand what’s happening,” he said.

Aerial data can also measure volume. At construction and mining sites where there are often stockpiles of moved dirt mounds or cement materials, Gerscovich said, drones can give accurate measures of just how large the mound is. Compared to other methods, such as having people climb to the top of the mound with lasers to attempt to measure it, drone technology has its advantages.

“Drones are safer, faster and about half the cost as compared to traditional ground-based volumetrics,” said Dallas VanZanten, owner of aerial mapping company Skymedia Northwest.

Inspection Gadget

An emerging market for drone technology is the inspection industry.

A DroneDeploy client in Mexico was contracted by the government to inspect 600 miles of road. Instead of employing aircraft or spending weeks driving and manually capturing data across the countryside, the company used a handful of drones and quickly produced more than eight terabytes of data.

How much is that? If the Mexican company used 16 GB smartphones, the highway data would have filled 512 of them.

Building inspectors are using drones to get a better look at the roof. Insurance companies, Gerscovich added, can use the resulting 3D images to assess damages.

“Say a tornado comes through an area,” he continued. “Instead of waiting for the claims inspector to arrive, they could fly over the area with a drone and quickly do a 3D model.”

Emergency response teams also incorporate aerial data. Drones can quickly create high-resolution maps of large areas, in, say, a wooded area, for search and rescue operations. Drones can even assist forensic specialists who need to inspect large plane or train crash sites.

“Before the inspectors arrive with cameras to start taking still images, they can create a 3D model, and then everything about the area is preserved,” Gerscovich said. “They can use it to measure distances and angles between things.”

Growth Continues to Skyrocket

In the early days of commercial drone usage, only the largest companies could afford to collect aerial data. Technology has helped lower the price of entry.

Engineering consultant Iain Butler, better known as The UAV Guy, raves that drones are, “a disruptive technology. Literally anyone can crop scout with a drone and get actionable data within minutes.”

Just a couple years ago, most of the drones used commercially were custom-made, with a price tag of $10,000 to $20,000. DroneDeploy said today companies can pay far less.

“The hardware has gotten so good, so quickly, that today a majority of drones used commercially are bought off the shelf—high-end consumer drones,” Gerscovich said.

Today, an $800 to $1,500 investment is enough to get a business airborne and collecting data.

The biggest hurdle to using consumer drones is that the batteries typically last about 30 minutes. That’s long enough to map between 60 and 80 acres before running out of power.

“Having said that, we’re seeing agricultural companies doing very large maps with off-the-shelf quad copters,” Gerscovich says. “We had one client map 4,300 acres with a quad copter. That’s 3,500 football fields—a massive effort.”

It would also take more than 35 hours and 70 battery changes. “Obviously, they’re doing this because they’re seeing substantial value. Otherwise, no one would be out there doing it for that long,” he said.

Still, companies in various industries are beginning to understand the value in the sky, and they’re finding innovative ways to use drones and help their businesses soar.

 

Editor’s note: Article reposted from ‘Drone Blog’


Shawn Krest. “Drone Data Sparks a New Industrial Revolution”

Drone Blog. N.p., Web. 30 June. 2016.

Why the fear over ubiquitous data encryption is overblown

Mike McConnell is a former director of the National Security Agency and director of national intelligence. Michael Chertoff is a former homeland security secretary and is executive chairman of the Chertoff Group, a security and risk management advisory firm with clients in the technology sector. William Lynn is a former deputy defense secretary and is chief executive of Finmeccanica North America and DRS Technologies.

More than three years ago, the former national security officials penned an op-ed to raise awareness among the public, the business community and Congress of the serious threat to the nation’s well-being posed by the massive theft of intellectual property, technology and business information by the Chinese government through cyber-exploitation.

In the wake of global controversy over government surveillance, a number of U.S. technology companies have developed and are offering their users what we call ubiquitous encryption — that is, end-to-end encryption of data with only the sender and intended recipient possessing decryption keys. With this technology, the plain text of messages is inaccessible to the companies offering the products or services as well as to the government, even with lawfully authorized access for public safety or law enforcement purposes.

The FBI director and the Justice Department have raised serious and legitimate concerns that ubiquitous encryption without a second decryption key in the hands of a third party would allow criminals to keep their communications secret, even when law enforcement officials have court-approved authorization to access those communications. There also are concerns about such encryption providing secure communications to national security intelligence targets such as terrorist organizations and nations operating counter to U.S. national security interests.

Several other nations are pursuing access to encrypted communications. In Britain, Parliament is considering requiring technology companies to build decryption capabilities for authorized government access into products and services offered in that country. The Chinese have proposed similar approaches to ensure that the government can monitor the content and activities of their citizens.

We recognize the importance our officials attach to being able to decrypt a coded communication under a warrant or similar legal authority. But the issue that has not been addressed is the competing priorities that support the companies’ resistance to building in a back door or duplicated key for decryption. We believe that the greater public good is a secure communications infrastructure protected by ubiquitous encryption at the device, server and enterprise level without building in means for government monitoring.

First, such an encryption system would protect individual privacy and business information from exploitation at a much higher level than exists today. As a recent MIT paper explains, requiring duplicate keys introduces vulnerabilities in encryption that raise the risk of compromise and theft by bad actors. If third-party key holders have less than perfect security, they may be hacked and the duplicate key exposed. This is no theoretical possibility, as evidenced by major cyberintrusions into supposedly secure government databases and the successful compromise of security tokensheld by a major information security firm. Furthermore, requiring a duplicate key rules out security techniques, such as one-time-only private keys.

Second, a requirement that U.S. technology providers create a duplicate key will not prevent malicious actors from finding other technology providers who will furnish ubiquitous encryption. The smart bad guys will find ways and technologies to avoid access, and we can be sure that the “dark Web” marketplace will offer myriad such capabilities. This could lead to a perverse outcome in which law-abiding organizations and individuals lack protected communications but malicious actors have them.

Finally, and most significantly, if the United States can demand that companies make available a duplicate key, other nations such as China will insist on the same. There will be no principled basis to resist that legal demand. The result will be to expose business, political and personal communications to a wide spectrum of governmental access regimes with varying degrees of due process.

Strategically, the interests of U.S. businesses are essential to protecting U.S. national security interests. After all, political power and military power are derived from economic strength. If the United States is to maintain its global role and influence, protecting business interests from massive economic espionage is essential. And that imperative may outweigh the tactical benefit of making encrypted communications more easily accessible to Western authorities.

History teaches that the fear that ubiquitous encryption will cause our security to go dark is overblown. There was a great debate about encryption in the early ’90s. When the mathematics of “public key” encryption were discovered as a way to provide encryption protection broadly and cheaply to all users, some national security officials were convinced that if the technology were not restricted, law enforcement and intelligence organizations would go dark or deaf.

As a result, the idea of “escrowed key,” known as Clipper Chip, was introduced. The concept was that unbreakable encryption would be provided to individuals and businesses, but the keys could be obtained from escrow by the government under court authorization for legitimate law enforcement or intelligence purposes.

The Clinton administration and Congress rejected the Clipper Chip based on the reaction from business and the public. In addition, restrictions were relaxed on the export of encryption technology. But the sky did not fall, and we did not go dark and deaf. Law enforcement and intelligence officials simply had to face a new future. As witnesses to that new future, we can attest that our security agencies were able to protect national security interests to an even greater extent in the ’90s and into the new century.

Today, with almost everyone carrying a networked device on his or her person, ubiquitous encryption provides essential security. If law enforcement and intelligence organizations face a future without assured access to encrypted communications, they will develop technologies and techniques to meet their legitimate mission goals.

 

Editor’s note: Article reposted from ‘The Washington Post’


Mike McConnell, Michael Chertoff, William Lynn. “Why the fear over ubiquitous data encryption is overblown”

The Washing Post. N.p., Web. 23 June. 2016.

Analytics could be the key to cyber defense

With Defense Department networks under constant attack, officials have been at pains to develop necessary defensive measures. One approach: big data tools and analytic capabilities that have played a big role in the past and will continue to be vitally important in defending against a vast array of attacks.

Many have called for more automation in responding to cyber incidents given the rapid pace cyber attacks occur. DOD Terry Halvorsen, however, is taking this a step further. “I want autonomous basic security tools – not automated, I want autonomous basic security tools that I can just let go that will look at my network, sensor it, and say, ‘You know what, there’s an attack happening here, we’re immediately going to quarantine this part of the network, we’re going to add some security protection,” he said at the Brocade Federal Forum on June 15, while requesting industry help in this area. “I can’t have people in that loop…it’s too fast.”

Analytic tools can help monitor network traffic and the threats coming across. These tools include the Cybersecurity Situational Awareness Analytic Cloud, or CSAAC, which aggregates and fuses data from various sensors and endpoints to analyze potential threats across the network, David Mihelcic, Defense Information Systems Agency CTO, said at an AFCEA sponsored breakfast June 15.

According to DISA, CSAAC allows for more informed decision-making based upon broader information sets driven from open source and classified components in addition to leveraging community tech transfers from other DOD entities. CSAAC also supports the Joint Information Environment – a unified command and control IT architecture shared across all the services – and the Joint Regional Security Stacks, enabling greater cross-DOD collaboration and stronger defense of the DOD Information Network.

Mihelcic announced plans to upgrade CSAAC’s underlying technology in August. This update to DISA’s big data platform will enable data in the cloud to be copied and have custom mission focused analytics run on top that don’t interact with the rest of the platform. The benefit here is “we’ll be able to take either commercially developed analytics or analytics…operated out in the field and run those against some or all of that data without necessarily having it interact with the purpose-build and certified core analytics,” Mihelcic said. This capability will really accelerate the development and deployment of analytics at the tip of the spear, he added, noting that it will enable analytics to be built on the fly.

Other analytic tools include indicators, which include reports of malicious activity. “What happened prior to our analytics is that we received these reports and by hand we would have to go and translate these reports into figuring out, OK, here’s the various countermeasures, so here’s the blocks where we’re going to put different tools to be able to defend ourselves against whatever these threats are,” Jack Wilmer, vice director for the development business center at DISA, said at the same breakfast. “So we were able to automate a lot of that and I think there’s 500 percent increase in the amount of countermeasure that each analyst could implement, basically, per day, which yielded pick your number of thousands of additional countermeasures that we could deploy every month, year, etc.”

Wilmer added that there are significant investments being made in this area. “There seems to be an endless stream of desire for, ‘Hey, maybe we could take various sources of data and come up with this metric or this analytic or all kinds of other areas,’” he said. In line with Halvorsen’s plea to industry, Wilmer said there is the desire for “more of a near real-time ability to do some of these defenses, so not necessarily having to have the people in the loop to implement things.”

Mihelcic also noted there are several opportunities for industry in hunt tools, something he said he expects to see more of in the future. The Cyber Protection Teams – which will number 68 of the eventual 133 cyber teams under Cyber Command and focus specifically on DOD’s number one mission, defense of the network – use tools to find adversaries on the network. These tools could be used “on a persistent basis to look across the information that’s available in the network to look for adversaries,” he said.

Mihelcic told Defense Systems following the panel that there are at least three commercial companies he knows of working on hunt tools, though he declined to name them. He added that these tools could and should be used by everyday administrators in addition to CPTs. “I think we’re going to need these hunt tools for our day to day systems and cyber administrators so essentially they can on a regular basis try to use the data out of the network to identify adversaries and then pass that along to the CPTs to actively eject them from the network,” he said.

The hunt mission is somewhat of a change in procedure for DOD and DISA. “The biggest change both in DOD and the commercial world … is we’re going out and hunting for the enemy on a daily basis,” John Hickey, DISA’s cyber security authorizing official, said in January. “We don’t really talk about where we’re hunting, obviously, we don’t even tell the people on the inside where we’re necessarily hunting things and we’re certainly not going to tell the folks on the outside, right?”

Officials also discussed the need for vigilance. “In almost every attack that we see … bad guys exploit the same old preventable vulnerabilities that we’ve been saying we need to prevent for 20-25 years,” DOD’s Deputy CIO for Cybersecurity Richard Hale, said.

“We’ve got to be vigilant about patching those systems. We’ve got to be vigilant about operating the systems – not just talking about the cybersecurity professionals, for the system administrators, monitoring logs, etc,” Mihelcic added.

Editor’s note:


Mark Pomerleau. “Analytics could be the key to cyber defense– DefenseSystems”

DefenceSystems. N.p., Web. 16 June. 2016.

 

Unscrambling the future of encryption

As the more subtle attempts at undermining security become impossible, spies will have to find alternative routes to access their targets. Earlier this year the UK government published the legal framework under which GCHQ and other British spies can hack, use bugging devices (or even steal and replace) computers, servers, routers, laptops, and mobile phones to either obtain information or conduct surveillance.

The guidelines create a legal framework for such behaviour under UK law, and even okays potential intelligence gathering activities which involved hacking attempts against people who are themselves not targets of intelligence agencies.

This gives some credence to Snowden’s recent claim that intelligence agencies are targeting IT staff because they have access to systems and databases.

It’s also worth noting that, despite the anguished howls from law enforcement, spy agencies and others still have plenty of data left to sift.

Firstly, encryption is really, really hard to get right: as projects like Bullrun and others have proved, the intelligence agencies and law enforcement still have plenty of ways around it. There are legal tools, for example: the UK has legislation in place which makes it an offence to not hand over encryption keys when requested by law enforcement, punishable by up to five years in prison.

And while many tech companies may well encrypt customers’ data when it is on the move — such as between datacentres — many will not secure it entirely using end-to-end encryption.

Why? Simply because they need to look at that your email or web browsing themselves in order to sell advertising against the subject matter of the email.

The advertising-driven business models of Silicon Valley rule out the pervasive use of strong end-to-end encryption, and that means intelligence agencies and police can continue to gain access to vast amounts of information.

Police and intelligence agencies still have plenty of other data sources — the metadata on communications, including who you have called, when, and for how long, CCTV, and more.

“Law enforcement agencies have access to more data now than they have had in the history of time. Pre-Facebook, how hard would it be for any law enforcement agency on the planet to find out all your known associates? They’d have to question dozens of people to find out who it is you know. They are able to get access to vast amounts of information just by asking,” said Privacy International’s Hosein.

“They complain that they’re not getting enough information but they’ve had more than they’ve ever had before,” he added.

Edinburgh Napier University’s Buchanan echoes the sentiment: “There are now so many ways that investigators can actually investigate someone who is suspected of committing a crime there isn’t really a problem. This isn’t going to shut the door.” Good old-fashioned policing and follow-the-money are still the most effective ways of catching the bad guys.

And widespread usage of strong encryption is not the worst scenario for the spies: harder to crack and harder to detect technologies are already either in existence or in development.

One such technology is steganography — hiding communications within digital images — and it’s incredibly hard to spot. Equally, quantum encryption could do away with the inherent weakness of the public key infrastructure systems used today and make messages impossible to intercept.

Still, even the experts don’t really know how the future of encryption is going to play out: there is apparently no way of accommodating both the desire of the intelligence agencies to be able to access the data they want with the safe and secure working of the web as we know it.

They are mutually exclusive, and mutually antagonistic. Like the best encryption, the problem of making national security and privacy work together seems uncrackable.

“Many of us agree with the sentiment — I am one of them — that from a security perspective you don’t want people who would do you harm being able to talk in secret. But at the same time if your answer to that is to ban encryption, that is a very bad way; the technology is not good or evil, it is the people using it,” said the University of Surrey’s Woodward.

“If we can’t secure these things, then people will die.”

GUS HOSEINPRIVACY INTERNATIONAL

Technology is unlikely to offer a way out of this impasse. As the power of supercomputers (or more likely giant cloud arrays) continues to grow, it’s easy enough to increase the size of the key — from 516, to 1024, to 2048 and onwards.

Even quantum computers, long touted as a way of cracking all encryption almost immediately, become widespread the reality is that, although they would undermine encryption in one way, they will also boost it again (thanks to something called quantum key distribution). And as Woodward notes “we’ve been talking about viable quantum computers since the 80s and they’re always 10 years away.”

But the stakes may continue to rise, as least from a certain point of view.

“The security of our common computing infrastructure is even more important now than it was back then. Back in the 1990s, the reason we won was because every economy wanted to be the best marketplace for ecommerce on the planet so they knew they could not put constraints on security technology if they wanted to enable all that ecommerce,” said Privacy International’s Hosein.

And soon those issues of privacy and security will become as concrete as the buildings we live in. With the advent of smart grids, the internet of things and smart cities, we will be using the web to monitor and control real-world systems. “If we can’t secure these things, then people will die,” he warns.

This also raises another issue: as our houses and even clothes are filled with sensors, what sort of privacy is appropriate? Is it right that we should be snooped on through our smart TV or networked baby monitor, or our webcams or smartwatches? Can we draw a line anywhere?

When President Obama was asked about the issue of encryption his response was nuanced. While he said he supported strong encryption he also noted: “The first time an attack takes place and it turns out that we had a lead and we couldn’t follow up on it, the public is going to demand answers, and so this is a public conversation that we should end up having.”

It’s entirely possible to argue that we don’t need another public debate about encryption: that we had one back in the 1990s. And that privacy had trumped national security when it came to the use of strong encryption. It’s just that the intelligence services didn’t like the answer.

But there are plenty of good reasons why we do need to go over the arguments about encryption again.

“This is a public conversation that we should end up having.”

BARACK OBAMAPresident of The US

Back in the 1990s and 2000s, encryption was a complicated, minority interest. Now it is becoming easy and mainstream, not just for authenticating transactions but for encrypting data and communications.

Back then, it was also mostly a US debate because that was where most strong encryption was developed. But that’s no longer the case: encryption software can be written anywhere and by anyone, which means no one country cannot dictate global policy anymore.

Consider this: the right to privacy has long been considered a qualified rather than an absolute right — one that can be infringed, for example, on the grounds of public safety, or to prevent a crime, or in the interests of national security. Few would agree that criminals or terrorists have the right to plot in secret.

What the widespread use of strong, well-implemented encryption does is promotes privacy to an absolute right. If you have encrypted a hard drive or a smartphone correctly, it cannot be unscrambled (or at least not for a few hundred thousand years).

At a keystroke, it makes absolute privacy a reality, and thus rewrites one of the fundamental rules by which societies have been organised. No wonder the intelligence services have been scrambling to tackle our deliberately scrambled communications.

And our fear of crime — terrorism in particular — has created another issue. We have demanded that the intelligence services and law enforcement try to reduce the risk of attack, and have accepted that they will gradually chip away at privacy in order to do that.

However, what we haven’t managed as a society is to decide what is an acceptable level of risk that such terrible acts might occur. Without that understanding of what constitutes an acceptable level of risk, any reduction in our privacy or civil liberties — whether breaking encryption or mass surveillance — becomes palatable.

The point is often made that cars kill people and yet we still drive. We need to have a better discussion about what is an acceptable level of safety that we as a society require, and what is the impact on our privacy as a result.

As the University of Surrey’s Woodward notes: “Some of these things one might have to accept. Unfortunately there might not be any easy way around it, without the horrible unintended consequences. You make your enemies less safe but you also make your friends less safe by [attacking] encryption — and that is not a sensible thing to do.”

Working at the White House, we don’t get easy problems, easy problems get solved someplace else.

MICHAEL DANIELWHITE HOUSE CYBERSECURITY COORDINATOR

And while the US can no longer dictate policy on encryption, it could be the one to take a lead which others can follow.

White House cybersecurity coordinator Michael Daniel recently argued that, as governments and societies are still wrestling with the issue of encryption, the US should come up with the policies and processes and “the philosophical underpinnings of what we want to do as a society with this so we can make the argument for that around the planet… to say, this is how free societies should come at this.”

But he doesn’t underestimate the scale of the problem, either. Speaking at an event organised by the Information Technology and Innovation Foundation, he said: “Working at the White House, we don’t get easy problems, easy problems get solved someplace else, they don’t come to us. This is one of the hardest problems I know about, certainly that’s anywhere close to my job. And I think it’s clearly not one that’s going to be resolved easily, simply or quickly.”

Which brings us back to those civil war codenames, Bullrun and Edgehill, which may serve as an inadvertent, gloomy prophecy about the future effectiveness of the intelligence agencies, unless we have a better discussion about how security and privacy can work together online.

If not, it’s worth remembering the Cavaliers and the Confederates both won the first battles of the English and American civil wars, just as both would finally lose their bloody and divisive civil war. Perhaps, after a few early victories in the new crypto war, the intelligence agencies may face a similar defeat, outpaced by encryption in the long term.

It may be that in a few decades, the spies look back at the tribulations of the first and second crypto wars with something approaching nostalgia.

Editor’s note:


Steve Ranger. “The undercover war on your internet secrets: How online surveillance cracked our trust in the web– TechRepublic”

TechRepublic. N.p., Web. 10 June. 2016.

 

The Encryption Backlash

Of course, it’s often argued that all of this activity is simply the NSA (National Security Agency) doing their job: they break codes and have done so for decades, to make sure that criminals, terrorists, and others cannot plot in secret. If this means exploiting weaknesses in software in order to eavesdrop on those who are plotting crime, then so be it.

As GCHQ (Government Communications Headquarters) told a government enquiry set up after the Snowden revelations: “Our goal is to be able to read or find the communications of intelligence targets.”

From that perspective, they’re doing nothing more than the code-breakers of Bletchley Park did back in WWII — cracking codes in secret to fight the country’s enemies.

But many argue that the analogy doesn’t hold: Bletchley worked on cracking codes used by, and only by, the Nazis. What the NSA and GCHQ have been doing is breaking the codes used by everyone, good and bad, both outside of the US and inside it. By doing so, they risk undermining the security of all communications and transactions.

Those weaknesses and backdoors created or discovered by the NSA and its colleagues elsewhere can be used by hackers and hostile states as easily as they can by our own intelligence agencies. Access for them to spy on the few automatically means insecurity for the rest of us.

As Snowden told the recent CeBIT conference in Germany: “When we talk about security and surveillance, there is no golden key that allows only good guys to read the communications of only terrorists.

Some privacy advocates also argue that no government should ever have such a capability to trawl through the lives of individuals. “It produces an inescapable prison. We can’t let this happen. We have to, as a matter of civic hygiene, prevent it from happening,” Phil Zimmermann, the creator of the PGP encryption algorithm, said recently.

And if the Snowden revelations themselves were an embarrassment for the intelligence agencies, the consequences for their intelligence gathering capabilities have been far worse.

In response the big internet companies such as Yahoo and Google rapidly starting encrypting this traffic to shut out the watchers. As one cryptography expert, Matthew Green from Johns Hopkins University, noted at the time: “Good job NSA. You turned Yahoo into an encryption powerhouse.”

Encrypting data links between datacentres was only the beginning. As the revelations continued to tumble out, more companies decided it was time to increase the privacy of their services, which meant even more encryption.

“If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy we risk something far more valuable than money. We risk our way of life.”

TIM COOKCEO, APPLE

“Encryption has only really become a big issue again because Snowden showed the world how insecure the infrastructure was and how it was being abused by intelligence agencies and so companies started reacting,” said Gus Hosein, the executive director of campaigning group Privacy International.

Perhaps surprisingly, given the decade-long assault on encryption, it seems the fundamentals of it remain strong, so long as it has been well implemented. As Snowden said: “Encryption works. Properly implemented, strong crypto systems are one of the few things that you can rely on,” before adding the caveat: “Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.”

Consumer applications are jumping on the encryption bandwagon. In November 2014, the popular WhatsApp messaging service also switched on end-to-end encryption for hundreds of millions of users who post billions of messages each day.

Using end-to-end encryption like this means law enforcement cannot access the messages sent at all. Previously they have been able to access communications at the datacentre with a warrant, because it would be stored there unencrypted. But end-to end encryption means that from the point it leaves one phone to the point it arrives at the other, the message is scrambled.

Apple’s iOS 8 operating system now encrypts iMessage conversations and FaceTime video chats end-to-end.

“Apple has no way to decrypt iMessage and FaceTime data when it’s in transit between devices. So unlike other companies’ messaging services, Apple doesn’t scan your communications, and we wouldn’t be able to comply with a wiretap order even if we wanted to,” the company says.

Speaking at a cybersecurity summit hosted by the White House at Stanford University, Apple CEO Tim Cook made his position clear, that providing privacy was a moral stance: “History has shown us that sacrificing our right to privacy can have dire consequences. We still live in a world where all people are not treated equally. Too many people do not feel free to practice their religion or express their opinion or love who they choose, a world in which that information can make the difference between life and death.”

“If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy we risk something far more valuable than money. We risk our way of life,” said Cook.

Apple isn’t alone in this. The Electronic Frontier Foundation lists a variety of applications that to a greater or lesser extent now encrypt communications in transit or end-to-end.

The backlash had begun to gather pace.

This unexpected shift towards greater privacy caught the intelligence services and law enforcement off guard. They suddenly found that easy sources of data had gone dark. Senior officials on both sides of the Atlantic began to warn that criminals and terrorists would be able to slip through their fingers. As GCHQ’s new director Robert Hannigan said:

“Techniques for encrypting messages or making them anonymous which were once the preserve of the most sophisticated criminals or nation states now come as standard. These are supplemented by freely available programs and apps adding extra layers of security, many of them proudly advertising that they are ‘Snowden approved’.”

He wasn’t alone in voicing such fears. Late last year, one of his predecessors, Sir David Omand, gave a similar warning to a government privacy and security inquiry.

“Post-Snowden, the companies are now making their devices technically inaccessible even to themselves.”

DAVID OMANDFORMER GCHQ DIRECTOR

Another unexpected consequence of the revelations about Western intelligence agencies’ behaviour is that, unsurprisingly, other nations have also demanded access to encryption keys. That’s the problem with putting backdoors into secure systems: once one nation, law enforcement agency, or legal system has them — officially or unofficially — then everybody wants one.

For example, a new anti-terrorism law in China, which could be adopted into law in 2015, would require US technology firms that want to do business in the country to turn over their encryption keys and communications records to the government.

President Obama has complained about the proposed legislation, demonstrating neatly that one country’s dangerous backdoor security vulnerability is another country’s essential tool.

Sabre88 considers encryption as a BOON and not BANE. Lets live a life with security, and the right way to do this is by encrypting every other sensitive data.

 

Editor’s note:


Steve Ranger. “The undercover war on your internet secrets: How online surveillance cracked our trust in the web– TechRepublic”

TechRepublic. N.p., Web. 02 June. 2016.