Why is everyone so bothered about encryption?

The UK’s Home Secretary Sajid Javid recently attended a meeting of the UK, USA, Canadian, Australian and New Zealand security services. On his return he spoke to the press about encryption, among other things, saying:

Many of the same means of encryption that are being used to protect personal, commercial and government information are also being used by criminals, including child sex offenders, terrorists and organized crime groups to frustrate investigations and avoid detection and prosecution.

This continues a trend in the past few years of those in elected or public office, politicians, judiciary, police and security services, attacking the concept of “encryption”. As a tech professional this concerns me and many of my contemporaries, but I am led to wonder how it affects my friends, family and associates whose daily work is not consumed by bits and bytes.

Indeed a common strategy by those seeking to implement what otherwise may be controversial policies is to confuse, bamboozle and otherwise exhaust the average citizen, in an effort to reduce their chance of complaining. Dropping in the fact that this technology can aid pedophiles and criminals is no accident either, and should be a red flag to anyone thinking the government is trying to make a reasonable point.

However, given that we’ve generally accepted the ability of the state (so the argument goes) to open our post or listen to a conversation (with some sort of oversight) it can be hard to see why digital communications need or have different protections.

What the heck is this word?

Encryption can be hard to understand so here’s a classic, if simplified example. We’re organising a surprise birthday party for our friend, but he happens to be our postman. He’s not going to open our letters but he’s known to try and read them through the envelope. So I write my message like this:

Gur Terl Zner, 7cz, Sevqnl

Hard to understand right? This is an example of ROT13, possibly the simplest encryption scheme — every letter is moved 13 characters forwards, looping from z to a. “Decrypted” we get

The Grey Mare, 7pm, Friday

ROT13, or indeed any other number of rotation, is trivial to break in a few circumstances. If you have enough text, the fact that characters in English are not evenly distributed (lots of “e”s, very few “q”s, every word having at least one vowel) can let you break the encryption just by reading it. Further, if you ever see a decrypted message you can instantly work out what’s happening and apply that to all the messages you previously saw, breaking the secrecy of entire conversations.

This “encryption” isn’t really what we’d call encryption nowadays — it’s more like encoding. What people realised with early attempts to hide secret information by transforming it, is that the way you transform it can’t be the key to the secrecy of the system — most systems can be worked out eventually.

Modern encryption instead uses a “key”, and then a public, known process to take secret information and make it unreadable unless you have this key.

The Grey Mare, 7pm, Friday

We can apply the key “abc123” and do a process known as XOR; turning each character in our message into it’s digital (binary) representation, and then combining it mathematically (binary is just numbers, remember) with the same format of our key. We get this:

/6lGi4ZRzrgD5qBRzu0DnLFOh+Fl2ahHyrg=

Now that’s harder to work out right!

It actually turned out that XOR was eventually easy to break through a technique called brute force (computers trying lots of keys until the message makes sense) and since early encryption there’s been a constant back and forth between cryptographers designing systems and cryptanalysts trying to break them. A number of modern encryption systems are currently thought to be unbreakable by modern computing power even given thousands or millions of machines and many years.

This is cool but why do I care?

You never needed to encrypt your post, you never encrypted your landline telephone calls, why start now?

Well firstly you probably started using encryption when you first got a mobile phone. If I want to read your mail I need to break into the post office, or to listen in on your landline calls I need to tap into a wire, but your mobile phone calls were the first time you openly broadcast information about yourself in a way that was easy to intercept by pretty much anyone. Fortunately mobile networks cottoned on to this fact pretty sharpish and so each subsequent generation of mobile technology has had improved encryption, shielding your messages from prying ears between your device and the local mobile cell.

In this scenario though, someone with legal power over your mobile network (like the government) can still listen to your calls — the information is encrypted at your device, and decrypted by your phone network before they transmit them onwards. So your calls and texts are private, but only if your network (and the network you’re calling) keep them so.

The internet expands this greatly — now a message from your phone or laptop may pass through systems owned by your service provider (like BT), by national infrastructure, by international connections, by search engines, hosting companies, coffee shops, your mate’s phone… you get the idea. At this point it’s no longer really effective for each communication step to encrypt at one end and decrypt at the other — you don’t want every service on the path from you to that pair of new shoes to get a sneak peak at your credit card details!

So we have to go further to protect that information, the much maligned (by governments) “end-to-end” encryption. This commonly uses a technique called “public key encryption”, whereby your super secret key can have a safe public version made from it by the power of Maths™ (I won’t go into details but it involves really really big prime numbers). You share the public key and anybody can use it to send you a message that only you can read. So, that website you’re bulk buying Fredos from shares its public key with all its customers (it’s what that “https” thing means up there in the address bar) to send their card details, but only it can read them even if you are tethering to Darren’s iphone.

End-to-end encryption is used by websites and apps to protect information sent from your device to their business no matter how many services it passes through on the way; it’s also now available in WhatsApp, Signal and other messaging services, isolating your data not only from the networks it travels through, but also from the service provider itself — WhatsApp can’t read your messages even if they wanted to.

This is why calls to “backdoor” end-to-end encryption (so certain approved people can access it) sound so silly to those acquainted with it — this isn’t some algorithmic password system that you can hook some extra government approved code into, it’s the law of maths, and even somebody who publishes code with a backdoor, can’t stop the fact that code already exists to implement these math functions without a back door.

OK I get some of the uses, but does WhatsApp really need it?

This is the next argument — sure, we all want our banking and online purchases to be protected, fraud costs industry, the economy and tax payers billions per year. But all that other stuff you send around online, messages to friends, complaints to your electricity supplier, emails to the head teacher… those can be read by people with a warrant right?

The problem really comes down to two factors: the necessity of online communication, and the ease of mass storage.

When online communication was a convenience, you could pick and choose what got shared online. In today’s world, someone who chooses never to use a computer system is not only likely to be cut off socially, but also will find civic life very hard. From our tax returns through to insurance, MOTs and booking medical appointments most of our lives get broadcast, bit by bit, via the internet. The hard part then is working out what could possibly be sensitive — what meets the required rubber stamp level to allow it to be encrypted?

A few years ago the department store Target got into trouble after it used historical purchasing data of a customer to match with general trends and predict that they were pregnant. The company’s response was to mail them pregnancy product vouchers — the company’s error was that they were mailing a 15-year-old girl whose father opened the post, complained to the company about mistargetting, was told that they were fairly sure of the prediction and confronted the girl to find that yes she was, in fact pregnant. More recently the Cambridge Analytica scandal showed that mass collection of personal data could be used to influence elections on a national and international scale — and that’s just data which was shared freely.

As more of the internet turns into a giant data aggregation machine the repercusions to the individual become stranger and harder to predict. Revelations by Edward Snowden showed that security services didn’t tend just to care about targeted intercept but about a general sweep of all broadcast information, storing it for potential future analysis.

Numerous high profile leaks from tax services, intelligence agencies and networks (remember the TalkTalk hack?) show that even those who are meant to have your data might not be trusted with it — so do we really want WhatsApp, Facebook, Gmail, Outlook to have full read access to every message we send? For BT, Sky, Virgin to have full read access to our web traffic?

Data can be gathered accidentally or intentionally; it can be leaked due to malicious actors or plain incompetence (and often both on different sides). The more we live our lives online the more crucial it is that we only send the data we want to the people we want to have it — and that they subsequently have access to the best ways to protect it, especially if it needs to be transmitted on.

Can we do more?

In fact rather than just stopping the conversations about back-dooring or removing encryption maybe we need to go further — how about an encryption scheme that protects our data even once we have sent it on to a third party? So you could genuinely share data for a limited time with a single person. Technically that sounds infeasible — but for all the calls of the industry to employ its might to give governments access to their citizen’s information, is it not time for that pressure to be applied in defence of those same citizens?