We've been hearing a lot of talk about encryption lately – especially the Advanced Encryption Standard, or AES. Even at its most basic level of 128-bit encryption, the standard is considered unbreakable by today's computers. However, fears of future supercomputers have some professionals opting for 192- or even 256-bit encryption.
But the encryption level doesn't really matter when the data is compromised – either by the sender, the recipient or both parties – and we've seen some serious errors committed by both parties as of late.
The Sender
In order for any sort of encryption to work effectively, the sender needs to maintain complete secrecy, confidentiality and encryption throughout the entire process chain. This is illustrated in the recent investigation into Paul Manafort, a former campaign chairman for President Trump, who was backing up information from his WhatsApp account to the Apple iCloud.
Although this data was originally encrypted on Manafort's end, files archived to the iCloud are stripped of their encryption. It's no surprise that federal investigators were able to obtain a warrant and view the archived information on Manafort's iCloud account.
The entire team with Apple has always been a staunch supporter of online privacy. While they've made it clear that they won't decrypt their users' phones at the demand of the FBI, they also let users know that any data uploaded to their iCloud account is unencrypted. Although the information is readily available for all to see, it's a point that's overlooked by many Apple users.
Assuming you don't archive your data to an unencrypted format, there are plenty of encryption tools to choose. Some of the most popular choices include:
1. VeraCrypt – Microsoft Windows, Mac OS X, Linux
2. AxCrypt – Microsoft Windows
3. BitLocker – Microsoft Windows
4. GNU Privacy Guard – Microsoft Windows, Mac OS X, Linux
5. 7-Zip – Microsoft Windows, Mac OS X, Linux
As you can see, there are plenty of programs to use when trying to send an encrypted message. But remember – all encrypted messages require two parties: a sender and a recipient. In many ways, the sender's efforts don't matter; they can all be undone by the recklessness of the recipient.
The Recipient
The recent case involving President Trump's former campaign chairman also outlines the importance of data security on the recipient's end. In this case, the witnesses who were contacted by Manafort immediately shared these messages with investigators – effectively rendering any form of encryption totally useless and obsolete.
As you can see, it's important to build a level of trust with the intended recipient before sending out an encrypted message. If they share it with anyone at all – either a friend, relative or law enforcement – they've effectively rendered any sort of encryption as moot.
Using Encryption Effectively
When used correctly, any of the three common forms of encryption – 128, 192 and 256 – are highly effective at maintaining privacy and keeping your data away from prying eyes. If there is any weak link in the process chain – either on your behalf or on the part of the recipient – you might as well send that message in a plaintext form.
The Weak Link in End-to-End Encryption: The Sender and Recipient
Comments
No comments yet. Sign in to add the first!