Encryption has made its way back into the news again. I’d like to take a little time explaining the debate, using plain English. I’m not an encryption scientist, but I could probably play one on TV.
What: There are many ways or processes to encrypt something.
In general terms, encryption takes something, text for example, and generates an unreadable form based on highly complex math. The idea being that to ‘solve the math’ and ‘unlock’ the text would be time prohibitive, so it would take longer to ‘break’ or solve than practical. Decrypting modern encryption would take every computer on earth working to solve the math longer than a human lifetime.
English: Things on the internet are transmitted in something called packets. Take that email you just sent, or that Facebook comment, or iMessage. All the text in that email (communication) is encoded into packets and sent to the address of the person or people you wrote it to. In this state, it’s basically like a post card, in that anyone with the postcard could read the message. Encryption is like a hard-to-open envelope around that postcard.
Why: People created envelopes to keep messages private.
This isn’t necessary to hide something, just keep the contents of the message private. For example, maybe you don’t want your friend or spouse to know what you’re planning for a special event or birthday. The main difference between an envelope and encryption is you can generally tell if an envelope is opened; when an encryption key is used to decode the complex math back to human-readable words, there generally isn’t a way to know. In effect, anyone with the key or the ability to solve the maths can look at the contents without your knowledge.
English: Again, you probably don’t have anything to hide — most of us don’t. The debate usually revolves around privacy (not knowing your message was decoded by someone you didn’t intend) or the ability for a third party (not you or the intended recipient) to decrypt the message in the first place.
Using the postcard/envelope analogy is overly simplistic in this case. Digital information can be intercepted by anyone, anywhere. The Internet is truly worldwide. That postcard going from point A to point B needs to be physically intercepted by a person in its vicinity. On the Internet, that person could be next door or thousands of miles away. They can also quickly and easily copy the message without leaving a trace.
Interception isn’t the only problem. It’s possible to cast a net based on people, location, protocol (the type of packet or technology being used to transmit), and copy without anyone knowing; meaning you might not be a target of ‘bad’ people but get caught up in a large scale snoop.
Example: you and your partner are thinking about going out of town. The ‘bad’ people are snooping on everyone using Apple’s iMessage; they capture your iMessage about date and time of departure. They don’t need to search individually, they dump everything into a large collection or database and have a computer search for keywords; just like you do on Google. They know your location based on the IP address of your device, and with a little know-how can find your house or apartment; discover that you’re not home. This may sound like science fiction; however, it’s remarkably easy to do with a little knowledge or even a few search engine searches.
The thing that prevents this today is that Apple’s iMessage is encrypted. Apple says it can’t even access the messages; just you and whoever sent it to.
The current debate: the government has the right to access personal communications via Amendment 5 of the United States Constitution. This is true, and I don’t think most people disagree with this. The problem becomes when there is a ‘backdoor,’ or a way for anyone other than the sender and receiver to decrypt a message. Then, encryption is severely weakened. Let’s just suppose the government gets a key to decrypt iMessage in the event of a court-ordered warrant.
Everything is legal (I’m not a lawyer and probably couldn’t play one on TV). That’s not really the issue. The issue is that if those keys are hacked or accessed by unauthorized people or ‘actors’ (think government unfriendly to the USA, or even ‘terrorists’), then ANYONE WITH A KEY CAN ACCESS the encrypted material. Even worse, what if no one knows the keys were stolen. (The government doesn’t have a good track record of securing data from breaches, neither does the private sector) Then all of our communication is essentially back to postcard, and anyone who wants to can see it. And because digital keys are easily duplicated, hundreds, thousands or even millions of keys could be made and distributed to anyone for any reason.
This is just a simple case of messages. Encryption is used nearly everywhere these days: digital tax returns, banking, health records, the list is nearly endless. Any ‘backdoor’ or way to decrypt something, inherently undermines the encryption.
This is a simplified article, and it is in no way intending to be an end-all-be-all analysis of encryption or the problems at hand. The aim is to break down the technical problem and use practical examples to help people understand and hopefully self-explore the debate.
I believe this a debate that needs to be had, and the truth is, the ‘bad’ people use encryption to hide and to do ‘bad’ things, just as ‘good’ people use it to communicate privately. The problem is, if encryption is weakened, the ‘good’ people are left exposed and the ‘bad’ people will just find another way to do ‘bad’ things; as they always have.
Originally published sometime in the past.
About the author:
Andrew lives in Portland, OR and has worked in tech for over 15 years. With a foundation in philosophy, political theory, and communications, he is an avid thinker & tinkerer, constantly learning and exploring the world around us.This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License © 2019.