Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

5/14/2015
10:30 AM
Lysa Myers
Lysa Myers
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

When Encrypted Communication Is Not Good Enough

For the vast majority of conversations -- on paper, by phone or computer -- encryption is a perfectly adequate form of protection. Unless, of course, a life or livelihood is at stake.

I participated in a panel discussion recently with a moderator who communicates with activists that could be under nation-state surveillance. She asked this group of security-minded professionals what we considered the most secure form of electronic communication. The panelists fell awkwardly silent. Is there any politic way to say what we were thinking? The truth is something we often forget in an interconnected era: If you absolutely need a particular piece of data to be secure, the best option is not to write it down at all.

There is a reason that the most important or potentially contentious legally binding agreements require a written contract to be accepted by all parties. If you want a long-lasting confirmation of something, you record it. Things that exist only in memory are, by nature, ephemeral and kaleidoscopic.

This is why we were collectively at a loss for words; anything recorded or written digitally or physically is not truly secure. There is a continuum of security levels of data ranging from “maybe someone can only get the metadata” to “public and indexed by all major search engines.” But recorded data are always inherently less secure.

The most secure information is that which one person alone has processed, without recording it by any means. But that scenario naturally excludes communication since it requires two or more people. Therefore, the question becomes: what would be the criteria that make a form of communication more or less secure?

Minimally processed
In short, the most secure conversation is one that has been processed by only two people, face to face. Whenever transmission over greater distance is involved, whether it is on paper or by phone or computer, this will either necessitate or increase the likelihood of it being processed by another party. Sometimes that third party is a living person, such as a mail carrier, and sometimes that third party is technological, such as an Internet Service Provider or via a telephone exchange.

Encryption of sensitive data is obviously a way to decrease the utility of that information if an unexpected person were to get hold of it, which is good enough for almost anyone in almost any situation. It’s how I would send most of my own sensitive information.

When you use end-to-end encryption, those third parties necessary to process the transmissions may not have access to the data within, but they certainly do have access to the metadata. In the aftermath of the Snowden revelations, few of us still wonder what the big deal is with sharing data about your data, if the original data per se is protected.

Just in case you didn’t catch that moment of collective panic: metadata collection is as if something analogous to Dewey Decimal System were automatically applied to communications so that the data about your data could be found without having to know who the author is or what the specific contents are.

This brings up the question of why we are protecting data. Some people seem to view protection simply from a perspective of reducing the chances of someone stealing data or using it for fraud. But there are other cases where things could be lost that are worth more than the time or money needed to recover from theft or fraud. While losing something like financial records is no small matter, there are subjects that some people find even more damaging to reveal to others. Arguably this could include mental or physical health records, but it could also be something as simple as gossip.

Significant consequences
The journalist who was moderating our discussion is someone who uses electronic communications to discuss things that are literally matters of life and death; hence our awkward silence. The consequences of choosing a platform with a weak algorithm or shoddy security practices are a big deal. And because the group was composed of security-minded (Read: paranoid.) people, we all had the same thought – if we had to discuss something that critical, we would rather not do it electronically.

Most of us simply don’t chat about anything so fraught with danger. But that doesn’t mean that we don’t all have things that we really don’t want repeated or revealed to parties outside of the discussion. Maybe it’s information that is simply not appropriate to openly discuss right now but which might be okay to discuss in a few days or a few months’ time. Maybe it’s information that would be a significant inconvenience or an embarrassment if it were shared. Whatever the situation, it’s completely normal and common to have information we don’t want leaked to anyone else (or just not to have repeated to some specific person).

In the vast majority of conversations, encryption offers plenty of protection for our interactions. But as we often say in this industry: if you have a sufficiently determined adversary, he or she will get in. If the consequences of that disclosure would be too high, a face-to-face dialog may indeed be the best recommendation.

Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/19/2015 | 9:00:26 AM
Re: The group didn't answer the question.
@LysaMyers, the adage -- "Don't let perfect be the enemy of the good." -- doesn't totally apply in this case because there will always be risk in electronic communications. But in many of these extreme cases where bulllet proof security would be imposilbe the "good" will have to suffice. I assume that's what the panel concluded. So in the end the issue becomes one of guaging risk versus benefit.

 
LysaMyers
50%
50%
LysaMyers,
User Rank: Author
5/18/2015 | 3:23:22 PM
Re: The group didn't answer the question.
In person, we did answer the question. For the purposes of this article I chose to discuss just the first few minutes of a much more in-depth conversation. The answer is not a simple one - If you absolutely, positively need to discuss things electronically, there are a variety of things you will need to consider. Part of that consideration needs to be understanding that you will, at the very least, be exposing the metadata for the conversation. If one or the other party of the conversation are under surveillance, you may not be able to guarantee that your conversation is not being eavesdropped upon, even if you're using the most secure electronic communication method available.
RetiredUser
100%
0%
RetiredUser,
User Rank: Ninja
5/16/2015 | 12:40:37 AM
If Pressed, Then I Choose...
...from a couple of apps deemend by the EFF to fit the bill:  Cryptocat or TextSecure.  I use 4096-bit GnuPG encryption for files that I exchange with trusted key-holders and talk on private IRCs with OTR encryption.

But, yeah, let's face it: True privacy, true security, is never assured, but at least let's do what we can to achieve it, best we can.  
AMARGHEIM570
50%
50%
AMARGHEIM570,
User Rank: Apprentice
5/15/2015 | 9:48:15 AM
The group didn't answer the question.
I give your article a thumbs-up for emphasizing the dangers of electronic communication but it gets a thumbs-down for not answering the original question.  The group's response would have been much more useful if they would have told us what they would do when a face-to-face meeting isn't possible(since face-to-face meetings aren't possible in many, if not most, situations).
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
5/15/2015 | 8:25:22 AM
Very thoughtful
Great insight on the limitations of encryption in the digital era. Thanks, Lysa. Nice job putting the issue into a real-world context.
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15113
PUBLISHED: 2019-08-16
The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF.
CVE-2019-15114
PUBLISHED: 2019-08-16
The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.
CVE-2019-15115
PUBLISHED: 2019-08-16
The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.
CVE-2019-15116
PUBLISHED: 2019-08-16
The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.
CVE-2017-18547
PUBLISHED: 2019-08-16
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.