Security 101 — a Wickr Telegram
How much of your life / knowledge do you want the world to know about? How much do you know about others that is a secret between you two people? You should ask this of yourself. I was floored today when someone I know very well was astounded that I pay significant amounts of money to ‘secure’ my computers. This seemed alien to him, that I actually paid to keep my computer safe, at level 1, against viruses / malware. I simply told him, “it’s not just your computer that can be hacked, it’s your TV entertainment system, your fridge, your car”. His response — “oh, well, I won’t get one of those driver-less cars until I know they’re safe”. Really?!? — what about current models, just ask about Jeep, Lexus, and so on, the list is endless, all have shown that to a greater or lesser extent they can be controlled by a hacker. A driver-less car can be hacked to drive you into a ditch.
Vehicles seemed a dead end, so then, I pointed out that email was never designed, from it’s early days, to be secure, it probably should have been called ‘open-mail’. It should never be used to share any information you (or the subject of the information if that’s not you) would be happy to see broadcast world-wide. If you’ve got something to communicate one-or-one, use an encrypted service like Wickr (I do) or Telegram. These can be read instantly only by the recipient and it takes a lot of personal time and expensive computer time (I’m talking here about serious machines who, if they could talk, as they may soon, would say ‘Bill who?’) to decrypt that what you said was “I like the tulips, don’t you”. However, the real answer in encrypted technology is not the technology itself, it’s in how you use it.
If there’s someone with whom you may want to exchange something private, don’t use an encrypted service for only that communication, use it for all communications with that recipient, the really important one will hopefully get lost in the flurry of your messages to him / her. Second, don’t use it for just one recipient. If you can, use it for very ordinary communications to very ordinary recipients as well, it frustrates the hell out of the security services to know you like tulips.
I think I am talking here about two, overlapping, concerns you might have. Firstly, how secure are my devices when I use them to communicate with someone else, and secondly am I doing anything that smacks of criminality if I use encryption, is there an assumption that only criminals use encryption? My answer to the first is ‘No, forget privacy, just ask Hillary — if she had used encryption they’d now be working on message number 10 to maybe find she likes tulips or whatever. To the second, ‘No, this is a fear cultivated by those who see just how unmanageable this has become — it’s a good, private, space already being used extensively for bad reasons, why not use it privately for good?
I want to make it absolutely clear that I totally reject the use of encryption to hide criminal and terror-related activities, but the fact is, this is already happening. Your involvement in cryptographic use won’t make a bad situation worse. It is already as bad as it can get. The future of anti-criminal pursuit is humInt, not decryption of who likes tulips.
But beware, quantum computing is coming, it could render everything I have said redundant.