The strength of encryption has proved to be no barrier to human capability in 2017, as more standards are broken.
Concluding the ISSE 2017 Conference in Brussels, Professor Bart Preneel from the Katholieke Universiteit Leuven ran through many of the crypto stories from 2017, including Infineon, KRACK, Bitcoin and SHA-1 collisions.
Focusing on last year’s FBI efforts to get access to an Apple iPhone, Preneel said that following the recent case of the Texas shooting, “every time there is a bad guy or a terrorist with an iPhone or an Android phone, the battle starts again.”
Relating to the crypto wars of the 1990s, Preneel said despite theories that the wars had been won, revelations from Edward Snowden showed that the intelligence agencies had hacked information in other ways “where they put backdoors in random key generators, the proposed block ciphers, they undermined implementations and so on.”
After former FBI director James Comey was replaced by Rod Rosenstein who claimed that “strong encryption that we don’t have access to is ‘unreasonable’", Preneel encouraged the use of strong encryption. He also said that while it felt good that Apple fought back against the FBI, for European users, “Apple gives your data to the NSA and we know that as it is in the Snowden documents.”
He added that Americans have the Fourth Amendment which prohibits unreasonable searches and seizures “so if you want to feel safe, travel to the USA.”
Preneel said that we now live in a time where we are constantly monitored using the systems and devices we pay for ourselves.
“I’m very lucky as when I started 30 years ago crypto was expensive and there was probably a million devices in the whole world and today there is 30 billion devices so crypto is everywhere,” he said.
“However, crypto is there to protect companies from their users; your bank card is used to protect them from you as you may spend more than you have on your account and the crypto on the bankcard is there to stop that.”
Preneel also praised the work of Lets Encrypt, which is offering users a safe environment that was not being offered previously.
Moving on to Big Data, Preneel said this is something we would look back on in 40 years and wonder what we were doing “just as we look today at the 1960s or 1970s and pollution, this is the same thing”. He also said that with the GDPR compliance deadline close, we should keep data more local and have open systems.
He concluded saying: “Technology has been used to erode our freedoms, and in the last three decades we’ve lost it all. In a well-organized world, the powerful should be transparent and the weak should have some privacy and protection. The technology makes the powerful opaque and we can’t know what they do and it’s in their algorithms, but with you as a user we made it completely transparent.
“The next step is to talk to politicians, or build the systems yourself. This is a good challenge for the next decade.”