Sunday, December 27, 2009

“Just Encrypt Everything”

Here’s Bruce Schneier’s well-argued retort to all those supposed security experts who assert that it would be trivial encrypt the video streams coming out of those Predators that were supposedly hacked by insurgents in Iraq.  As he notes, it’s trivial to encrypt, but it’s not so trivial for troops on the ground or our allies to obtain and deploy the right encryption/decryption keys.  Despite what the encrypt everything proponents say, encryption doesn’t solve security problems, it just shifts them to key management, which in a traditional office environment that is self-contained and doesn’t involve granting access to outsiders might work well, but in ad hoc environments that are constantly changing and need the information quickly to save lives, we still don’t have the right solutions.

http://www.schneier.com/blog/archives/2009/12/intercepting_pr.html

“So the military is now committed to encrypting the video ... eventually. The next generation Predators, called Reapers -- Who names this stuff? Second-grade boys? -- will have the same weakness. Maybe we’ll have encrypted video by 2010, or 2014, but I don't think that's even remotely possible unless the NSA relaxes its key management and classification requirements and embraces a lightweight, less secure encryption solution for these sorts of situations. The real failure here is the failure of the Cold War security model to deal with today's threats.”

No comments: