Top

Unbreakable encryption is here to stay, despite the fierce debate surrounding it

August 23, 2018

Category:

Strong encryption of communications and data, which can both deliver security and privacy for individuals, has been in recent years a subject of public debate. Large-scale adoption of the technology made it difficult for the intelligence and law enforcement communities to perform their surveillance and investigative duties. The most important question to this day is whether encryption systems should be required to have a “backdoor” to give the government special access to encrypted information.  

Earlier this year, Federal law enforcement officials renewed a push for a legal mandate that tech companies build tools into smartphones and other devices that would allow access to encrypted data in criminal investigations.

Between security and privacy

Policymakers are currently at an impasse, due to polarized views regarding heavy data encryption. Views on the matter are diametrically opposed: according to law enforcement agencies, if the government cannot read all encrypted messages and information, crime and terror will reign. In contrast, civil liberties advocates and tech companies say that once strong encryption is compromised, we can talk about a direct attack on individual rights and public security. The solution that law enforcement seeks has generally been a blanket obligation on software or device vendors to enable the government to retrieve unencrypted data or intercept unencrypted communications. In 2015, a group of fifteen computer scientists and security experts posited that encryption backdoors “are unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm.” Giving law enforcement unrestricted lawful access may lead to abuse. Law enforcement must recognize societal mistrust regarding its ability to access data (e.g., does law enforcement follow the law, abuse power, ask for more capabilities than it needs, have more capabilities than it admits, work secretly with intelligence agencies to break encryption and so forth).

Encryption protocols help the really bad guys

According to recent official reports, terrorist groups are adopting encryption techniques on a large scale, in order to communicate securely. The phenomenon is called “going dark” and it rapidly became a source of serious concerns for the experts in digital counterterrorism. Criminal actors (including Islamist terrorists) are exploiting the technology to communicate and store information, thus avoiding detection and incrimination. FBI has expressed a “fear of missing out” on preventable crimes or prosecutable criminals, arguing that it cannot access the necessary evidence. According to FBI Director Christopher Wray, the inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an “urgent public safety issue”. He added that the FBI has been unable to access data in more than half of the devices that it tried to unlock due to encryption.

How encrypted communications work and why it is getting harder to wiretap

To prevent hackers eavesdropping on radio waves and listen in on phone calls, all cell phones use encryption to “talk” to the nearest cell tower. However, after the cell tower, phone calls are not encrypted as they traverse copper wires and fiber optic cables. It is considered too hard for nefarious actors to dig up these cables and tap into them.

Until recently, chat apps only encrypted messages as far as the servers, using what is known as SSL. That was to defeat hackers who would be able to eavesdrop on internet traffic to the servers going over the Wi-Fi at public places. Once the messages reached the servers, they were stored in an unencrypted format because at that point they were considered “safe” from hackers. This entire protocol meant that law enforcement could easily obtain the messages with a court order.

Newer chat apps encrypt the message all the way to the other end, to the recipient’s phone. This way, only the recipients with a private key are able to decrypt the message. The service provider no longer has access to the content of the messages, and can only provide authorities “metadata” – who sent messages to whom.

Telegram app was one of the earliest systems to support end-to-end encryption. These days, the feature has been added to most messaging apps, such as Wickr, Signal, and even Apple’s own iMessage. Recently, Facebook Messenger, WhatsApp, and Google announced they will be supporting Signal’s end-to-end encryption protocol.

Cross-border cooperation among law enforcement entities and compliance by global companies with multiple, differing national requirements will remain challenging features on the global battlefield of cyber warfare and terrorism. While the debate continues, one thing is sure: no single solution will solve all problems. Different solutions suited to different democratic regimes will emerge, depending on their specific institutional and cultural settings and requirements.