Sunday, December 05, 2004

Saying stupid things...

Do you remember the dawning sense of horror you had when you first heard about Google Groups? Full USENET archives all the way back to 1981, every stupid thing you said in public preserved for posterity. Well it's worse than that, these days all the stupid things you say in private are being archived. At least, if you're in Korea anyway...

The Korean Times is reporting that the Korean government have requested that wireless operators keep records of all text messages sent over their networks and the operators, depsite privacy fears from their customers, are bowing to government pressure. Of course we all know, or at least should know, that text messages aren't secure from prying eyes. But until now the prospect of widespread archiving of text messages hasn't really been discussed. Unless you were already being investigated by the police, or the security services, what you'd said in the past probably wasn't going to hang around to haunt you. Now, every single drunken text message could be sitting out there, waiting. Maybe the Americans have the right idea after all.

Of course, that's only if you happen to be in Korea? Does anyone know what the policy of the major operators in the UK is on this issue? No, nor me...

The only integrated text message encryption application I can find is Fortress SMS. It claims to implement 128 bit RC4, but the application appears to be closed source so there really isn't any way to check this, you just have to trust the vendor. However the flaws in RC4 are well known, and I'm not sure I trust a vendor who provides a "A Comparison of Fortress Mail Encryption and X.509 based Public Key Encryption for Secure Email Exchange" but doesn't raise or address these concerns.

If I'm going to encrypt something I'd prefer to use a public key encryption scheme over something like RC4. Perhaps it's time I pulled Applied Cryptography off the shelf and sat down and wrote something that isn't to do with astronomy for a change.