THE GREAT ENCRYPTION DEBATE

Tuesday 18 April, 2017
encryption

Digital security and personal data present one of the most complicated moral dilemmas of our times.

In the wake of the attack on Westminster Bridge in March, security services have suggested that more collaboration was required from social media platforms to flag information about potential illegal activity.

Home Secretary Amber Rudd has called for greater cooperation from the digital world, with messaging apps coming under particular scrutiny. In an interview with the BBC, Ms Rudd suggested that such sites must not “…provide a secret place for terrorists to communicate with each other.”

It’s easy to understand why such an argument has been put forward, as messaging clients allow users to communicate instantly, with their communications encrypted. This means security services could not intercept or “hack” interactions between potential criminals.

At a time of increasing tensions over national security, any piece of information could be key to preventative measures, and so it is seen as a black hole in security strategy.

There are plenty of counter arguments, ranging from a libertarian right to secrecy, to the requirements for encryption in our day-to-day lives. How can we understand the debate?

What is encryption?

Encryption software is a security program that scrambles information as it is input, and then unscrambles it as it is output. When you send a message via a chat application, that message is effectively “translated” securely into a code, which can only be translated back into readable text by a “key” held on the phone of the receiver.

Text gets entered, sent, scrambled, received, unscrambled and finally viewed the same way as it was originally sent. Any detail of the message is then deleted from the platform’s servers, so only the senders and recipients have the unscrambled text.

This is known as “end-to-end encryption”, and means that it’s very difficult for messages to be intercepted or hacked by third parties. Platforms can and do collaborate with authorities to explain who was contacted by whom and when, but the contents of messages are not.

Why is this controversial?

While encryption software brings security, it also makes it a very hard place to track any kind of illegal activity. The government already has the ability to monitor emails and text messages with the relevant warrants, and may yet get further powers to access browsing history and mobile data post-Brexit, if they decide to revive the Investigatory Powers Act of November 2016.

Messaging applications aren’t covered, because their data is encrypted. To allow the security services access to these messages, the platforms would have to provide a separate decryption key for the security services – known to the sceptics as “a back door” – something the platforms have been unwilling to do.

There have already been high-profile cases of governments challenging tech giants over data encryption. In the wake of the Charlie Hebdo attack and the San Bernadino shooting there were vocal challenges to Silicon Valley to create access ways in their applications and messaging services for use by national security.

In both cases the companies refused. There have also been vocal supporters of encryption in the UK, not least from father of the world wide web, Tim Berners-Lee.

They should be forced to do that, right?

This is where things get difficult. There are legitimate concerns about a right to privacy, but there are also fundamental concerns about what government access/a back door would mean.

The most forceful argument is around security. End-to-end encryption means data has one way in and one way out. Creating a “back door” means there is a potential vulnerability for hackers to exploit. As technology magazine WIRED put it, “if you (break encryption) to go after one target, it is broken for everyone.”

Encryption software isn’t only used for messaging services either, it’s a fundamental of internet shopping, banking, medical and business transactions. Every time you send details to a bank servers, they’re encrypted. All your online credit card transactions, balance transfers and smart money details are encrypted.