Encryption and Decryption: A Difficult Global Problem

January 10, 2018

I read “FBI’s Wray Calls for Significant Innovation’ in Accessing Encrypted Data.” The story echoed a statement which appeared in one of the technical product sheets from a company few people reading generalized online content have heard about.

The firm is Shoghi, and it is based in India. The main business of the firm is designing and licensing hardware and software for military and law enforcement use. The company can acquire data from a range of sources, including undersea cables. In the company’s description of its https intercept service, I noted this statement:

“Interception of this secure HTTPS traffic is possible at various point but it is normally not possible to achieve the decryption of the HTTPS traffic due to the secrecy algorithms used for encryption of the data.”

HTTPS poses a challenge. Encrypted hardware poses a problem. The volume of data continues to increase.

When a major lawful intercept company is quite explicit about the difference between intercept (capture) and being able to “read” the information, the problem is not confined to the US. Shoghi has as customers more than 65 countries and, it appears, each has the same problem.

Jumping back to the Fox story and Mr. Wray’s call for innovation, I want to point out that:

  1. The problem is not just the FBI’s; it is a problem for many authorities
  2. The “weakening” of the Internet is a powerful argument; however, as the fabric of security continues to fray from insider and outsider activities continues to capture headlines, the Internet has not become weak. The Internet is what it was designed to be: Robust in delivering packets and weak in terms of inherent security.
  3. The technical innovation referenced in the write up is what Shoghi wants its licensees to do: Figure out how to make sense of the captured data.
  4. The solution may reside with specialist firms which have developed technologies which perform date and time stamp analysis, clustering, digital fingerprinting of handles (user names), link analyses, and other text processing methods.

To sum up, Mr. Wray has identified a problem. Keep in mind that it is one that exists for countries other than the US. From my point of view, identifying specialists with non-intuitive ways of approaching the encryption problem warrant additional funding in the efforts to crack this “problem.”

My Dark Web Notebook team has compiled a list of companies with orthogonal approaches. We do make this information available on a fee basis. If you are interested, write benkent2020 at yahoo dot com for more information. Also, the January 23, 2018 “Dark Cyber” video includes a segment about the encryption problem for lawful intercept and surveillance vendors.

Stephen E Arnold, January 10, 2018

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta