03 May 2013

Full disk encryption is too good, says US intelligence agency

You might be shocked to learn this, but when a quivering-lipped Chloe from 24 cracks the encryption on a terrorist’s hard drive in 30 seconds, the TV show is faking it. “So what? It’s just a TV show.” Well, yes, but it turns out that real federal intelligence agencies, like the FBI, CIA, and NSA, also have a problem cracking encrypted hard disks — and according to a new research paper, this is a serious risk to national security.

The study, titled “The growing impact of full disk encryption on digital forensics,” illustrates the difficulty that CSI teams have in obtaining enough digital data to build a solid case against criminals. According to the researchers, one of which is a member of US-CERT — the US government’s primary defense against internet and digital threats — there are three main problems with full disk encryption (FDE): First, evidence-gathering goons can turn off a computer (for transportation) without realizing it’s encrypted, and thus can’t get back at the data (unless the arrestee gives up his password, which he doesn’t have to do); second, if the analysis team doesn’t know that the disk is encrypted, it can waste hours trying to read something that’s ultimately unreadable; and finally, in the case of hardware-level disk encryption, tampering with the device can trigger self-destruction of the data.

The paper does go on to suggest some ways to ameliorate these issues, though: Better awareness at the evidence-gathering stage would help, but it also suggests “on-scene forensic acquisition” of data, which involves ripping unencrypted data from volatile, live memory (with the cryogenic RAM freezing technique, presumably). Ultimately, though, the researchers aren’t hopeful: “Research is needed to develop new techniques and technology for breaking or bypassing full disk encryption,” concludes the paper.

It’s a tough situation: On the one hand, being able to crack full disk encryption is vital for the prosecution of white-collar criminals, child porn ringleaders, pharmaceutical spam barons, and the curtailment of terrorism — but on the other, it’s quite satisfying to know that, perhaps at long last, we have a way of escaping the ireful eye of Big Brother. Where do you stand on FDE?

extremetech.com 18 Nov 2011

It's all about making every person on the planet transparent to the corporate elite and governments as well.

Privacy laws are created for the corporatocracy and NOT the masses, as some may believe.

If an individual has the same access to government information as governments has to the individual, the individual then is charged for 'hacking', and imprisoned.

Encryption keys created in the United States are stored in a U.S. government facility and are not allowed to be exported.

Here are some comments from the article:

Ref:

"While the Fourth Amendment is being dismantled wholesale at the behest of law enforecement and corporations, Fifth Amendment still provides some levels of protection. For now, at least in the US, you can't be compelled to give up a password. Fifth Amendment sees to that."

"The fifth has been breached pretty egregiously already. The nastiest such was probably when President Obama ordered a murder of a US citizen abroad and the military carried it out for him. For good measure, he then ordered the murder of the minor child of that US citizen. 
That's a stunningly clear-cut case of flagrantly flouting the fifth amendment - by the one person who literally takes an oath to protect and defend the Constitution. "

No comments:

Post a Comment