May 27, 2014
One of the commonest accusations flung at Edward Snowden is that by revealing the massive scale of the NSA’s global surveillance, he has tipped off terrorists that they are being watched all the time, and thus caused them to move to stronger encryption to protect their secrets. An article in Recorded Future would seem to support that claim:
Following the June 2013 Edward Snowden leaks we observe an increased pace of innovation, specifically new competing jihadist platforms and three (3) major new encryption tools from three (3) different organizations — GIMF, Al-Fajr Technical Committee, and ISIS — within a three to five-month time frame of the leaks.
And yet security expert Bruce Schneier not only doesn’t think that’s a problem, he believes Snowden has made it easier to break the encrypted communications of terrorists:
I think this will help US intelligence efforts. Cryptography is hard, and the odds that a home-brew encryption product is better than a well-studied open-source tool is slight. Last fall, Matt Blaze said to me that he thought that the Snowden documents will usher in a new dark age of cryptography, as people abandon good algorithms and software for snake oil of their own devising. My guess is that this an example of that.
That’s a great point. For obvious reasons, terrorists won’t be able to draw on the knowledge and skills of the global crypto community when they create a new “home-brew” encryption program to replace an existing tool they fear may be compromised. Instead, they will be forced to depend on a limited circle of experts, who are likely to miss subtle or even not-so-subtle flaws in the new code. It’s a good demonstration of how the open, collaborative approach that produces the best encryption tools makes it very hard to subvert the process for malicious purposes.
This article was posted: Tuesday, May 27, 2014 at 10:13 am