Changing view on proprietary encryption

Prior to the 1990s encryption was a tool that was almost exclusive to governments and the military. There was the COCOM list and only a handful of experts were actually working on encryption algorithms as there was only limited use of that technology. For those who needed encryption, e.g. for inter-bank money transfers, a standard algorithm (DES) was available.

Standard or Certified encryption algorithms have gone through years of testing and have been certified by the US Government. The Advanced Encryption Standard (AES) is the latest example.
It is no secret that the US Government has been against the proliferation of encryption technology that would prevent itself from monitoring the activities of its enemies and of its citizens. It is then logical to at least contemplate the idea that the US Government only certifies encryption algorithms that it is able to crack.
To further substantiate this idea we have the policies of the US Government themselves. The US Government promotes the use of AES Encryption, and requires most government agencies to use AES encryption when securing sensitive information. Yet when dealing with secret and Top Secret Information, it is explicitly stated that AES Encryption is NOT to be used.

So what does the US Government use for encrypting Secret and Top Secret information. The truth is, that no one really knows, at least not anyone who is going to talk about it.
In other words they use their own Proprietary Encryption. Following the logic of publically known experts, this encryption, most likely developed by the NSA, cannot be trusted, as it has not received the public scrutiny and peer review, that the experts claim to be so essential for a good sound encryption.

The common position the Government takes on AES Encryption is that they can not break it. But at the same time they say, ‘so what if we can, the only people who should then be worried are criminals and terrorists; people who have something to hide.’ And this, at one time may have been the case.

So why should you be concerned that the Government can crack the encryption you are using and access you protected files.

A new adversary:

In 2003 the FBI estimated that at least 20 foreign nations have tried repeatedly to steal US Commercial Trade Secrets. Many foreign governments will readily steal US technology in order to assist businesses in their own country. Foreign governments are well funded and well equipped adversaries, who have developed their espionage skills and strategies over tens, if not hundreds of years. The adversary here is not the simple thief, or even the brilliant teenage hacker in his basement. When the US Government has important information that they wish to keep from the North Korean Government or some other foreign Government, they explicitly prohibit the use of AES encryption.

So why then, should the commercial sector rely on AES encryption, when they face this very same adversary.

As more people and companies realize this, they become more open to the idea of utilizing some kind of Proprietary Encryption. But companies do not have agencies such as the NSA to design encryption algorithms for them. They then rely on individual companies who specialize in encryption technology to design ciphers for them.

It is here where previous ideology of encryption falls short.

In the opinion of today's experts, in order for an encryption algorithm to be any good, it needs to be made freely available to the public, for everyone to scrutinize….. For Free. The last part should be repeated….FOR FREE. Granted, if every new encryption technology took this course, and went through the years and years and years of scrutiny, you could be sure that the encryption that survived was at least somewhat secure.

But how many individuals and companies are going to invest the money, time and effort needed to develop new encryption technology just to give it away.

What if 20 years ago Pharmaceutical companies were told that they could not sell the drugs they developed, rather they were required to give them away. How many medications that people rely on today, would not be available, not because of price, but because they simply would not exist?

The harsh truth is, that Capitalism, the potential to make profits, is one of the greatest driving forces behind the development of new technology. Taking this driving force away from the development of Encryption will only make us weaker in the long run.

The current situation has created a demand for new encryption technology. And where there is demand, you can be sure there will be individuals to step up to meet these demands. It’s time that the experts take a look around and begin to find new ways and new criteria to assess new encryption technology developed in our new and changing world. They have no alternative as they will be replaced by new experts - the ones who create technological advance.