Encryption-We All Use it

article top

“Alan headshot Image”

There has been an effort to from post-September 11th, to amend the Patriot Act regarding encryption. Before I get into the implications of this proposed amendment of the Patriot Act, let’s look into some of the more popular encryption programs:


PGP — Pretty Good Privacy Originally created by Philip Zimmerman. Pretty Good Privacy (PGP) provides a method to encrypt data files on your computer. It is very popular program to send e-mail confidentially. Sending “un-encrypted” email is like sending a postcard. With PGP, it’s still sending a postcard, except only the recipient can read it. And no, it’s not illegal, it’s called privacy.

The time needed to break (decode) a 2048 bit PGP encryption is 3 billion-billion years. The outside estimate of the age of the universe is 20 billion years.

DES and Triple-DES — Data Encryption Standard (1977) DES is a 56-bit encryption process, and Triple-DES encrypts the data three times (Triple). It is still in use for securing data for a commercial (Banking, retail) and government (NSA, military, CIA, FBI) organizations. It has been shown that it takes about 20 hours for a super-computer to break a single DES encryption. If a supercomputer could break a single DES encryption in one second, it would take a billion years to break a Triple-DES message.

AES — Advance Encryption Standard (1997) Though Triple-DES is, to say the least, difficult to break, the National Institute of Standards and Technology (NIST) saw the need to create an even higher encryption process, the Advance Encryption Standard (AES), which has encryptions of 128, 192, and 256-bit. If Triple-DES could be cracked in a billion years, AES would take a 149 trillion (149 thousand-billion) years.

Two things bring up this article about encryption: First we are all using encryption knowingly and unknowingly in our daily lives: Talking on our digital cell phones, punching in our ATM code, purchasing items on the Internet, doing a bank wire transfer, or even local credit card purchases.

Second, the proposed amendment to the Patriot Act wants to add a five year prison sentence for using encryption in a willful and knowing way while committing a felony. This is in a similar vein of thought as the punishment for using a firearm while robbing a bank. It is not the same. It is a knee-jerk reaction with unintended and far-reaching consequences. It is similar to the proposed three strikes bill running though the Hawaii Legislature, but that is another story.

Law enforcement has not been hampered by encryption over the Internet, and criminals will continue to use easier and more obvious methods to commit felonies. The 9/11 hijackers did not use encryption in their e-mails, they didn’t have to. With e-mail traffic estimated at 24 Billion each week, it is really just trying to filter it. Knowing where to look is the issue. In the end, why support an amendment that has more potential for harm and mis-use (remember, we all use encryption), and give our politicians credit for solving a problem that never was.

Oh, by the way, here’s my credit card number, knock yourself out, 1 second, 2 second . 1 day, 1 month, 1 year ..30 Billion-billion years: