Educated Guesswork: And this, folks is why you want end-to-end encryption

« The iProduct | Main | GPS tracking and the expectation of privacy »

January 12, 2005

And this, folks is why you want end-to-end encryption

SecurityFocus reports that a 21-year-old hacker in Oregon broke into T-Mobile's systems and had access to them for at least a year.

A sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor U.S. Secret Service e-mail, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities, SecurityFocus has learned.

The key thing to notice here is that he had access to e-mails and photos. Now, the idea with photos and e-mails is that they're sent between people's cell phones and/or computers. There's basically no reason that T-Mobile's systems need to have access to this data at all. It's not like T-Mobile employees need to be able to read it to provide you with decent customer support. All that T-Mobile's systems need to do is move the data from point A to point B.

A similar situation obtains with normal Internet mail systems. If someone breaks into your mail server, they can read all your un-downloaded e-mail¹. In most cases your mail server doesn't have to have access to the e-mail contents either (the exception here is when your mail server does spam and virus filtering).

The problem isn't insoluble. We have the technology to encrypt messages between people's handsets and computers, though we're having a terrible time deploying it for a number of reasons. That said, it's worth noting that a lot of the reasons that it's difficult to deploy end-to-end encryption is that it's difficult to establish keys between people in two unrelated mail systems. However, that's not a problem when you're sending traffic from one T-Mobile handset to another. T-Mobile could arrange for end-to-end encryption between handsets fairly easily. Enough incidents like this and they may actually deploy it.

^1. Technically speaking, it's like this. All the mail that you haven't downloaded lives on the server. Pretty much all IMAP clients as well as some POP clients leave all mail--even that you've already read--on the server.

Posted by ekr at January 12, 2005 7:20 PM | Filed under: