What Price Should Be Paid For Encryption?

28th March, 2017 by

The UK has been subjected to another attack. Five people were killed and fifty more were injured due to a car racing down Westminster Bridge towards the House of Parliament. This news rocked the UK, and the government and security services are jittery. Everyone wants answers and wants them now. So what’s a quick win?

No one assumed the immediate answer would be to crucify encryption on social media. Ideas of data security and the wide availability of encrypted messaging were soon identified as the main component within this tragic case. But is encrypting such a risk that we should avoid this almost unbreakable way of sending and receiving information?

The Sun’s headline on Monday 27th of March, “Tools of Terror: How terrorists use encrypted messaging apps to plot atrocities and recruit jihadi foot soldiers was vitriolic and bound to raise some alarms. Their lead article went on to say:

If only it was that simple. Exactly how can encryption be infiltrated? The answer seems to be you either have encryption and are protected, or you don’t. The Guardian published a great article and provided the ultimate infographic too for anyone in doubt about encryption.

From the Guardian 27th March 2017

The issue is that we all need encryption and most of us utilize it every day.  

Who wants their Whatsapp messages hacked? Who wants banking encryption opened by the back door? Obviously we all don’t want to see a repeat of the Westminster attack but bleating on about encryption will not prevent another one.

What has to be guarded against is a knee jerk reaction. If we build in some kind of hack (then it wouldn’t be truly encrypted) then all communications are vulnerable.

Who needs encryption?

If you use the argument that innocent people going about their day-to-day lives shouldn’t want their messages encrypted; so what’s the big deal? This poses additional problems, as much of what we do from day to day requires a certain level of security. How would business manage? How would security services cope? How would bankers and health professionals and anyone who has data passed between two points arrive unharmed?

David Wells former GCHQ and now part of SRM Intelligence said today: “Most fundamentally the challenge of encryption prevents easy access to the messages within. Obviously, metadata is available like the who and the when but not the what of the content.

Terrorists do use encryption and talked explicitly about the importance of encryption, but they don’t use anything consistently. They utilize different platforms. Therefore it’s not a static problem but an evolving issue.”

End-to-End encryption means the platforms themselves cannot read the messages traveling across their systems. This prevents any prying eyes spying or tampering with the data we send across the web. Many independent applications have adopted this method to create secure message transmission from smartphones and desktops. Whatsapp became encrypted in 2014. iMessage, Signal, and Threema, who advertise themselves as: “Seriously secure messaging as standard,” soon followed suit.

There are many reasons why the public is drawn to encrypted messaging, especially those who are involved in sensitive communication such as politics, activists and far too many others to name. Not to mention that in an age when a mistaken text or photo can live on through the internet, it pays to be careful.

Individuals and businesses aren’t the only concerned party when looking at encryption. The internet has been built to include encryption as a built-in feature when sending data packets to and from servers. Tcpcrypt and SSL certificates are encrypted agents that work behind the scenes of websites and ecommerce vendors to keep credit cards and other sensitive information safe from malicious activities.

Encryption is a security backbone of the World Wide Web.

George Danezis Professor of security and privacy engineering at UCL says that much of the internet is secured by this method of security. It’s used for protecting servers on the internet, banking or other communication. In the last few months, the majority of traffic has been encrypted not because of fears of privacy violation but because of cybersecurity and national security. Therefore, encryption is a vital component we’ll find it hard to live without.

David Wells says it’s a question of balance: “The benefits for law enforcement isn’t worth the negative challenge. Access via the provider isn’t the only way to access this subset of unwelcome communication.”

What we do know is that this argument will rumble on for the foreseeable future. But ask yourself, are you really willing to sacrifice encryption for the majority for the sake of a small minority? Data security has become a hot button topic but remains to be an individual right when considering personal privacy within technical communications.

What are your thoughts? How secure should your information be?