The photographers who wrote this open letter on more right than they realize. Not only are features like encryption desirable but ultimately they are going to be absolutely necessary in ways beyond belief today.
Many have pointed out various problems from a technical standpoint but these are just minor nuances that can and ultimately will be overcome. Things like key management have and are now being worked out. The concept that quantum computers will instantly render all encryption obsolete is untrue. Quantum computers can be used in theory to attack certain public/private encryption systems. This mostly has to do with key management and key sharing. Encryption systems used on files and for the actual data that is being transmitted are really not any more susceptible to quantum computer attacks than general computer attacks. It is the key sharing part where the key is shared using public/private encryption systems that is vulnerable. Having said that new public/private encryption systems are already in the works and will likely be in use before quantum computers are widely used.
Encryption gives you many things beyond someone prying into your information. It gives you authentication and protection against outside influences.
At one time encryption was thought to be local. That is to say you would encrypt the file locally and if you wished you could transfer the files. You would then have to share the key via some secure means. This is the key management part of the problem. Public/private encryption systems have helped alleviate this problem. Today they are talking about end to end encryption. The concept here is someone would send a file from point A to point Z that this information would be secure from point B to point Y for many outside intrusions. This is an old model that is already outdated by the concept of “the Internet of things”. The mantra in the future will need to be “encryption all the time at all levels for all things”. This will be required to stop the entire system from collapsing from outside influences.
As more and more things become interconnected there becomes more and more points of possible intrusion. For example if your photo files are encrypted and somebody does take your SD card if you do get the files back (assuming you have a good encryption system) you can be assured that your files have not been manipulated. In addition if the operating system on your camera is encrypted when you get your camera back you would be confident that no back doors have been planted in your camera. In turn you could also be assured that no back doors would be finding their way onto your computer. In this particular case the reason for taking your camera had nothing to do with the pictures you might have taken but only as a means to get to your computer.
For the Internet of things to work encryption will have to be universal, embedded in all things, and essentially invisible to the user. Everything that is connected to the Internet of things even something as unimportant as your doorknob on your house could be a means to get access to something else that is much more important. This may all sound paranoid but I can assure you that it is not. The attacks might not even be against you personally but some organization you work for or have some contact with. It would not necessarily even need to be state-sponsored as somebody may want to get access to some bank account for example.
There are some in law enforcement and government intelligence organizations that believe that encryption is the beginning of the end and what will follow is chaos. This is obviously untrue as their ability to look at the world electronically and so brightly is a relatively new phenomenon in history. The world worked before and as this temporary brightness of their ability to observe fades the world will continue to work as before. But if there is not universal encryption at all levels for all things at all times the Internet of things will collapse in chaos without it. So as the Internet of things is most likely inevitable (and only possible without collapsing in the chaos with encryption) than much more security in encryption is also inevitable. The sooner and more thoroughly this is embraced and accepted the less likely organizations will be drowned by the incoming tide. Some at many levels of government believe they can hold back this tide but not only will he not be able to hold back the inevitable but there attempts are doing severe damage (Sony, Yahoo, etc.) to those they say they are trying to protect.
At the time most companies do much of this in-house. But with it becoming more universal many companies/open-source organizations will spring up and will produce essentially modular products that can relatively easily and cheaply dropped into just about any product. To some extent this is already happening. Eventually there will be so many levels of encryption that nobody will even bother to try to crack it. They will of course attempt the rubber hose and lead pipe methods but even these will ultimately fail is the end user won’t even have access to the keys that they desire.
So most definitely encryption is coming, (and a heck of a lot of it) but no matter how fast it comes it can’t come fast enough.
Dean
Last edited by DAZ; 12-14-2016 at 07:50 PM.