Thursday, December 20, 2007

Computer Privacy


The Feds Can NOT Demand Your Encrypted Files
Suppose that you want to send a message to someone that only this person will be able to read. A mathematical process called encryption makes this possible.
Encryption scrambles the message using mathematical formulas that make the message unreadable to anyone except for someone possessing the key to "decrypt" it. Even the CIA's supercomputers can't decipher messages created with numerous encryption programs, at least not without an exhaustive effort.
This development deeply concerns law enforcement officials around the world. And it's not surprising why: A technology now exists by which you can keep information secret, even from the government.
In this age of warrantless wiretapping, ever-present video surveillance, and terrorist profiling, there are still limits (imposed by technology, not law) to where government watchdogs can and cannot go.
Encryption is useful in many situations. You can encrypt an email message you send to someone to insure that only the intended recipient can read it. You can also send someone a confidential message on a CD or USB stick that only that person can decipher. You can also insure that prying eyes can't read the confidential files on your personal computer.
This latter capability is particularly important if you travel internationally. For instance, U.S. Customs officials can seize and copy any laptop's contents carried across U.S. borders. There's no arrest, warrant or probable cause required.
What happens, though, if you encrypt your laptop's contents before Customs officials want to examine them? Can custom agents force you to reveal your "passphrase" that converts unreadable gibberish into intelligible - and potentially incriminating - text or images?
Recently, a federal judge in Vermont said that Customs officials don't have this right. The judge ruled that a man charged with transporting child pornography on his laptop across the Canadian border could legally refuse to disclose his encryption passphrase to prosecutors. To force him to do so, the judge ruled, would amount to forced self-incrimination. The Fifth Amendment to the U.S. Constitution prohibits this.
While prosecutors are appealing the decision, it sends a very important pro-privacy message. Simply encrypting the contents of your personal computer - a process made simple using programs such as Pretty Good Privacy can provide a legally unassailable barrier to privacy invasion.
Incidentally, in other countries, this protection may not apply. For instance, in the United Kingdom, if police or Customs officials demand access to your laptop files, you must provide them with the passphrase. Failure to comply can result in up to a five-year prison sentence.
The message should be crystal clear. Encrypt your files. Better yet, use a program such as PGP Desktop that encrypts your entire hard disk. That way, not only will you protect your confidential files, but you'll also shield all other data on your hard disk. That means not-quite-deleted files, Internet surfing logs, etc. won't be visible, either.

No comments: