Keeping data secret, or not

[mtbc]

With secure communication online (TLS, etc.) it is interesting to see how standards develop: older ways are later judged insecure and the community slowly moves onto newer ones. I have wondered if the security services, and others, record some of the more interesting traffic that they can't decrypt yet in the hope that new developments might someday reveal the content of those once-private communications. People move on to different algorithms for actual reasons. Even if past the statute of limitations for prosecution, such records may still yield useful intelligence.

Now, given my job, I think about cryptocurrency more. There are some currencies, popular for payments for illegal services, that are designed to obscure the details of transfers. Even with normal cryptocurrencies, whose transfers are easily observed, there are tumblers which are busy accounts that take in many and various payments, and make payouts differently and rather later, so as to obscure the flows: they make it difficult to match the incoming funds against the outgoing.

I had already been wondering if statistical analysis of activity around tumblers may at least circumstantially reveal repeated flows for habitual users. Now I also wonder if some of the privacy-enhanced cryptocurrencies may be found to be less private than currently assumed, which would be interesting given that the blockchain records all the data publicly and long-term.

In short: as new discoveries uncover historical information, perhaps some people have bad surprises waiting for them.

Comments

[thewayne]

The FBI has proven that they can unwind transactions cycled through tumblers.

One concept in encryption is 'secure enough for long enough'. If the message is 'We attack Monday morning' and the message is not decrypted until Tuesday, after the attack, then it was good enough encryption. Thus there's lots of 'it depends' on how good the security needs to be.

One advantage of breaking old message traffic in criminal proceedings would be to use it to rattle people. If you're interrogating someone and casually slip 'When you told George to kill Freddy on December 6, 1992...' it could have an unnerving effect since they've thought they were clean on a killing that was over 30 years ago.

This news about the UK trying to force Apple to break their encryption is quite troubling. Apparently Apple is considering just turning it off for the UK, which would probably be a field day for the Tabloids vs the Pols.

[mtbc]

The law enforcement side of government here never seem to fail to make me roll my eyes. I bet you remember the Clipper chip! A disaster waiting to happen.

Good point that long enough is an important criterion. I bet it's an oft-forgotten one!

[thewayne]

Oh, yeah.  I remember Clipper and also DeCSS.  I have/had the two t-shirts that had the complete code for DeCSS.

[darkoshi]

I recently heard talk of how quantum computing is becoming a thing, and how once it takes off, it will render current encryption obsolete. That it will be able to crack it very fast. And that some entities are out there, harvesting encrypted data with the intent to use it to their advantage once it can be cracked.

[mtbc]

Indeed, my hazy memory is that NIST, etc. have encouraged standardization on quantum-resistant algorithms but let's not hold our breath for widespread adoption! How resistant for how long is an interesting question that's still being answered, it's not as if we're even sure that there's no classical way to factorize large integers fast and math sometimes does yield surprises. Interesting to learn that people are indeed harvesting data now, rather beyond my mere speculation.