Cloud Hosting

In the early 1990s, the USs National Security Agency developed the so-dubbed Clipper Chip. This was intended as a backdoor bypassing encryption to allow the United States government to intercept messages.

The concept intended to use an outlet called key escrow, where specialist government encryption chips unique to each device could intercept data as and when the government requested it. Very quickly, however, the concept ran aground.

In a simple explanation, the project was defunct within a few years of the US government trumpeting its development and despite both the George H.W. Bush and Bill Clinton administrations touting its potential. Noted computer security researcher Matt Blaze discovered a serious flaw in the chips security features, while many US citizens raised concerns about privacy and the chips vulnerability eventually lead to the concept being shelved altogether.

Twenty-something years may have seen technologys advances become ever-more sophisticated and several political shifts occur in the interim, but a lot of the arguments in the debate over encryption remain the same. It has also played out in debates in the West on whether or not the more open Internet can be reconciled with security, and whether or not encryption can ever be breached just for one individuals communications.

Last year, the debate on encryption was a big story in the United States. Apple and the FBI were involved in a long-running argument in data on an iPhone 5C recovered from the site of a mass shooting in California at the end of 2015.

That case eventually went away after months of debate, with the Washington Post alleging that the FBI ultimately recruited some professional hackers to break into the phone on their behalf. But it lead to an interesting debate along the way on the ubiquity of encryption, and the impracticality of whether or not it simply can be breached for one phone.

In the last few decades, the incorporation of encryption in communication can be seen everywhere online. Internet communications all use it on some level, and strong encryption allows things we take for granted, like online shopping, banking, e-mail, accessing health records or credit scorers, and the majority of all messaging apps, with some of the big examples being WhatsApp, Telegram and Facebook Messenger.

Apples argument in the case last year, which is backed by the majority of technology companies and people in the computing industry, is that it is not technically possible to breach one device using its operating system without creating a vulnerability that affects every phone using a set Apple operating system. It is not inconceivable that if such a vulnerability was created, it may well end up in the hands of hackers, and furthermore, that after being asked to just use it once, there would be repeated requests for more use.

The encryption debate has had a curious recent demonstration when a coded hack of the older Windows XP by the NSA ended up in the hands of hackers, who duly ended up unleashing it worldwide on unprotected XP systems used by such diverse people as Britains NHS, the German rail network, Spanish phone giant Telefonica, FedEx, the Russian Interior Ministry, and several locations in Asia.

It may well be that the majority of computers turned out to be more secure than billed in the initial hack, and that Microsofts decision to stop supporting XP in 2014/15 did not help, but its highly unlikely even risking incidents like this happening with their newer technology would be a sell for technology companies to their users or shareholders.

Nevertheless, the encryption argument is still being made. Its presence has been heardahead of this weeks UK election, which is coming in the wake of repeated terrorist atrocities in Europe, including Saturdays awful events in London Bridge and adjacent Borough Market.

Arguments over encryption have long been bought up by the Conservative Party in arguing that strong encryption enables terrorists to hide their secrets, but the arguments have been more focused of late. In this year, they were bought up by Home Secretary Amber Rudd in March in the wake of the Westminster Bridge attacks, and calls to lower encryption surfaced again after Manchester & London Bridge.

The problem with the encryption debate as far as the Tory Party argues it is the question of motivation. Namely, how much of what is motivating them to make the argument over ending encryption is to keep British citizens safe from terror, and how much of their motivation is because they wanted to weaken encryption anyway.

In their manifesto, which was released before the two most recent attacks, the Conservatives pledged to toughen up internet regulation in such a way that technology journalists and experts compared their proposals to the so-dubbed Great Firewall of China in effect, the method where China seals its internet users in a self-contained corner of cyberspace.

The talk directed towards the likes of Facebook was either comply or be banned, which wouldnt be a great advert for the UKs attempts to position itself at the forefront of technical innovation, and given the ready availability of proxy or VPN networks, may not succeed anyway. In all truth, what would also happen for the counter-terror squad is that they would have to sift through thousands and thousands of messages to find the ones theyre looking for, and those looking to keep their messages encrypted will most likely find new apps to use anyway when the ones they were using have backdoors added.

In the governments defence, the argument on encryption is not a black and white issue, and technology companies can do more to help the fight against the spread of extremist ideology online. It is also true the likes of Facebook and Google do hold severe unchecked power over the world power that has grown massively in the last 10-20 years, and which seems to continue without stopping.

But the idea that encryption is to be the fall guy when everyday consumers rely on these tools to keep their personal data safe and to use the internet in confidence, and that the internet can be replaced by a state-regulated version, is not really a strategy thats ultimately going to work.

It is true the counter-terror plans need new options to reduce and eventually end the threat posed by groups like ISIS. But broadly speaking, weakening encryption is an easy idea to pitch, but too hard a one to really make work for the goals intended for it.

Read more from Charles Crook

Read this article:
OP-ED: Diluting encryption is more trouble than its worth - CitiBlog (blog)