The news that Interpol is about to condemn the spread of strong encryption is just the latest salvo in the crypto wars, a decades-long controversy between proponents of strong encryption, law enforcement and investigative bodies over the widespread use of encryption by technology companies. The central tenet of the law enforcement argument is that strong end-to-end encryption hinders the investigation and prosecution of crimes when suspects use it on their personal devices. For their part, privacy and human rights advocates contend that there is no mechanism that (both) protects the security and privacy of communications and allows access for law enforcement.
Encryption is the encoding of information such that only authorized parties may access it at the messages final destination. One of the earliest examples of encryption and the most cited in literature on the subject is the Caesar cipher, a substitution cipher where each letter of a message is shifted 3 characters.
The Caesar cipher relied more on the secrecy of the method of encryption rather than the key, and can easily be cracked by observing the frequency of the letters.
In the 20th century, notable uses of encryption and - more pertinently - codebreaking have had major historical impacts. This includes the Zimmerman telegram of World War I, in which Germany urged Mexico to invade the United States if Washington were to join the war against it. The ability of the British to break the German code and the leaking of the contents of the telegram was instrumental in turning American public opinion against Germany and lead to the US entering the war on the side of the Allies.
Later, during World War Two, a British team led by mathematician Alan Turing broke Germany's Enigma code. By some estimates this shortened the war by two years and saved 12 million lives.
While all encryption methods used up until the Enigma machine relied on the concept of security through obscurity, modern cryptography is based on the opposite: security through transparency.
The plans for Enigma were very well concealed and breaking it was not easy. Marian Rejewski at Polands Cipher Bureau and later Alan Turing and his team at Bletchley Park had to build a computer to help break the codes at scale. Modern cryptographic methods are based on well-known mathematical theorems that are practically unbreakable with current technologies.
For instance, multiplying two prime numbers together is an easy problem. The result is what is called a semi-prime number. Now finding out which two prime numbers were multiplied in the first place to achieve a semi-prime number is computationally difficult: the only way for the current generation of computers is a trial and error process that can take centuries, depending on the length of the semi-prime number. The widely used RSA 2048 encryption method, for example, would take a classical computer 300 trillion years to crack (although quantum computers may one day do the job a lot faster).
Facebook Messenger, WhatsApp and other communication apps use an implementation of public key cryptography called end-to-end encryption. Only the end users have access to the decrypted data; the service provider, like Facebook, doesnt. As such, it is theoretically impossible for the company to hand over decrypted data to the authorities.
This is the crux of the debate. It is what has led law enforcement to ask that end-to-end encryption not be rolled out by Facebook, or that 'backdoors' be introduced to aid in surveillance or data recovery.
A first example of this was the San Bernardino terrorist attack of 2015, in which the FBI wanted Apples assistance to open one of the assailants phones. Apples refusal led the FBI to file a case with the US District Court for the Central District of California to compel Apple to aid FBI efforts. The request was eventually withdrawn when an Israeli company found and exploited a vulnerability in the phone to decrypt the data on behalf of the Bureau. While the data revealed nothing about the plot, the case brought widespread criticism of the company for profiting from vulnerabilities in its phone operating system that cybercriminals, terrorists and rogue nations can buy, find and exploit too. Best practice in the cybersecurity industry is for researchers to report these vulnerabilities to the software editor or device manufacturer; this is called responsible disclosure.
A second example of this was this years "Ghost protocol" proposed by UK intelligence agency GCHQ to avoid weakening encryption, which revolved around transferring messages sent by a suspect over WhatsApp or iMessage to a law enforcement agent without notifying the suspect. This was met with vigorous opposition from tech firms.
Privacy advocates do not argue the need for law enforcement to be able to investigate crimes such as child exploitation and terrorism. The general objection from them and other parties interested in keeping messages private is that any weakening of encryption for the benefit of investigators also benefits those with more nefarious intent. They argue that 'backdoor' or exceptional access by law enforcement amounts to the introduction of a weakness to security systems that can be exploited by criminals. This unintended consequence of the desire to provide better protection to, for instance, exploited children, victims of terrorism or human trafficking also exposes regular users to exploitation from cybercriminals by giving these groups a built-in way to access their information.
In 2015 at a talk at West Point, then Vice-Chairman of the US Joint Chiefs of Staff, Admiral James A. Winnefeld, said: I think we would all win if our networks were more secure. And I think I would rather live on the side of secure networks and a harder problem for Mike [then NSA Director Mike Rogers] on the intelligence side than very vulnerable networks and an easy problem for Mike.
The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.
Platform activities focus on three main challenges:
Strengthening Global Cooperation for Digital Trust and Security - to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future - to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.
The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forums investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.
For more information, please contact firstname.lastname@example.org.
In Europe, the EU Cybersecurity Agency and Europol issued a joint statement on this topic, recognizing the hurdles of strong encryption in police work, but also acknowledging that weakening encryption technologies for everyone was not the way forward. Rather, they called for research and development efforts to find technical solutions to decrypt communication, all under judiciary oversight.
As the crypto wars continue to seek to strike the correct balance between the needs of law enforcement for access to information to conduct investigations and the need for vulnerable populations to free speech and the general public to have financial and personal information protected, the ultimate decisions will be weighed by those with a view of the entire ecosystem.
License and Republishing
Adrien Oge, Project Lead, Cyber Resilience, World Economic Forum
Marco Pineda, Head of Security and Innovation, Centre for Cybersecurity, World Economic Forum
The views expressed in this article are those of the author alone and not the World Economic Forum.
- Review: SecureDrive BT, the encrypted external SSD you can unlock with Face ID - 9to5Mac - January 19th, 2020
- EncryptOnClick is a freeware tool that can encrypt files and folders - Ghacks Technology News - January 19th, 2020
- Trump and Comey Are United Against Encrypted Communications - Reason - January 19th, 2020
- Police Scotland to roll out encryption bypass technology - Glasgow Live - January 19th, 2020
- Encryption battle reignited as US govt at loggerheads with Apple - Times Now - January 19th, 2020
- Hardware Encryption Market Set To Register A CAGR Growth Of XX% Over The Forecast Period 2017 2025 - Fusion Science Academy - January 19th, 2020
- Malware Obfuscation, Encoding and Encryption - Security Boulevard - January 14th, 2020
- Microsoft CEO says encryption backdoors are a terrible idea - The Verge - January 14th, 2020
- Debate over access to encryption isn't going away - Washington Examiner - January 14th, 2020
- Over two dozen encryption experts call on India to rethink changes to its intermediary liability rules - TechCrunch - January 14th, 2020
- Encryption Software Market Booming by Size, Trends and Top Growing Companies- IBM Corporation, Sophos, Ciphercloud, Pkware, Mcafee - BulletintheNews - January 14th, 2020
- Hardware-based Full Disk Encryption Market Analysis With Key Players, Applications, Trends And Forecasts To 2025 - Instanews247 - January 14th, 2020
- Mobile Encryption Market Insights and Technology 2020, Forecasts to 2026 - Broadcast Offer - January 14th, 2020
- Garda needs new technology for online child abuse investigations - The Irish Times - January 14th, 2020
- IoT Security Solution for Encryption Market Research, Recent Trends and Growth F - News by aeresearch - January 14th, 2020
- Apple made a rare appearance at tech's biggest conference and defended encryption on the iPhone - Business Insider - January 8th, 2020
- Encryption Software Market to cross USD 20 Bn by 2026: Global Market Insights, Inc. - Yahoo Finance - January 8th, 2020
- Data Encryption Software Market Size by Top Leading Key Players, Growth Opportunities, Incremental Revenue , Trends, Outlook and Forecasts to 2025 -... - January 8th, 2020
- WidePoint Partners with KoolSpan to Offer End-to-End Encryption for Phone Calls and Text Messages - GlobeNewswire - January 8th, 2020
- Encryption Software Market 2020 Size, Growth By Top Companies, Forecast Analysis To 2027 - Citi Blog News - January 8th, 2020
- How to cope with a FileVault recovery key disappearing while you write it down - Macworld - January 8th, 2020
- Doing these 10 things on WhatsApp may land you in jail - Gadgets Now - January 8th, 2020
- Holistic encryption is one of the keys to California Consumer Privacy Act risk management - Continuity Central - January 6th, 2020
- Encryption Software Market 2020 Size, Share Metrics, Growth Trends and Forecast to 2026 - Food & Beverage Herald - January 6th, 2020
- New Informative Report of IoT Security Solution for Encryption Top Key Players are Cisco Systems, Intel Corporation, IBM Corporation, Symantec... - January 6th, 2020
- Maastricht University gets almost all of its Windows systems encrypted by ransomware - 2-spyware.com - January 6th, 2020
- Homomorphic Encryption Market Analysis, Industry Size, Application Analysis, Regional Outlook, Competitive Strategies And Forecasts (2020 2027) -... - January 6th, 2020
- The Week in Ransomware - January 3rd 2020 - Busy Holiday Season - BleepingComputer - January 6th, 2020
- Keep Your Business Secure From Online Threats - BBN Times - January 6th, 2020
- State Department Adds ITAR Definitions in Interim Final Rule for Activities that Are Not Exports, Reexports, Retransfers or Temporary Imports -... - January 6th, 2020
- Global Hardware-based Full Disk Encryption (FDE) Market Executive Summary and Analysis by Top Players 2020-2027: Seagate Technology PLC, Western... - January 6th, 2020
- Clop Ransomware Now Kills Windows 10 Apps and 3rd Party Tools - BleepingComputer - January 6th, 2020
- Scientists in Scotland help develop worlds first encryption system that is unbreakable by hackers - The Independent - December 21st, 2019
- Apple Bows Down To Google As 2019 Most Trustworthy Recognition - International Business Times - December 21st, 2019
- Facebook , Apple being threatened by US senators over data encryption - Gizmo Posts 24 - December 21st, 2019
- How To Secure Microsoft Windows 10 In Eight Easy Steps - Forbes - December 21st, 2019
- Examine Mobile Encryption Market expected to obtain $2,917.9 million by 2022 - WhaTech - WhaTech - December 21st, 2019
- Facebook's end-to-end encryption will enhance user privacy but its not good news for law enforcement - Firstpost - December 21st, 2019
- Future of Encryption Software Market Reviewed in a New Research Study 2019-2025 - Daily News Reports 24 - December 21st, 2019
- Fortanix expert on how European companies are taking back control of their data in the cloud - Intelligent CIO ME - December 21st, 2019
- What's that? Encryption's OK now? UK politicos Brexit from Whatsapp to Signal - The Register - December 20th, 2019
- NYPD radio encryption most likely wont happen in 2020 but will soon - amNY - December 20th, 2019
- If You Think Encryption Back Doors Won't Be Abused, You May Be a Member of Congress - Reason - December 20th, 2019
- The decline of passwords, the rise of encryption and deepfakes cybersecurity predictions for 2020 - BetaNews - December 20th, 2019
- Facebook's Push for End-to-End Encryption Is Good News for User Privacy, as Well as Terrorists and Paedophiles - Nextgov - December 20th, 2019
- Internet of crap (encryption): IoT gear is generating easy-to-crack keys - The Register - December 20th, 2019
- What Is Snatch Ransomware and How to Remove It - Guiding Tech - December 20th, 2019
- Hardware-based Full Disk Encryption Market Executive Summary, Introduction, Sizing, Analysis and Forecast To 2025 - Market Research Sheets - December 20th, 2019
- NYPD Eyeing Encrypted Radios to Protect Criminal Investigations - Officer - December 20th, 2019
- Volunteer firefighters, EMTs worry they won't have NYPD radio access to help public - amNY - December 20th, 2019
- What We Learned About the Technology That Times Journalists Use - The New York Times - December 20th, 2019
- The Senate Judiciary Committee Wants Everyone to Know It's Concerned About Encryption - EFF - December 14th, 2019
- The Defense Department Says It Needs the Encryption the FBI Wants to Break - Free - December 14th, 2019
- Congress wants to regulate encryption for big tech - The Burn-In - December 14th, 2019
- Facebook says it won't break end-to-end encryption - TechRadar - December 14th, 2019
- Encryption spat sees backdoor back-and-forth between tech firms, Congress - TelecomTV - December 14th, 2019
- Michael Hayden Ran The NSA And CIA: Now Warns That Encryption Backdoors Will Harm American Security & Tech Leadership - Techdirt - December 14th, 2019
- Large, diverse coalition of civil society groups tell the US, UK and Australian governments not to ban working encryption - Boing Boing - December 14th, 2019
- U.S. Attorney Justin Herdman of Ohio says agents need access encrypted devices, apps for the sake of public s - cleveland.com - December 14th, 2019
- Google makes it safer to text on Android phones, but end-to-end encryption is still MIA - PCWorld - December 14th, 2019
- Priti Patel bids to create end-to-end encryption apps' back door - The National - December 14th, 2019
- Encryption can't put tech giants beyond the reach of the law, Minister says - The Age - December 14th, 2019
- Chrome 79 includes anti-phishing and hacked password protection - Naked Security - December 14th, 2019
- Hardware Encryption Technology Market : Analysis and In-depth study on market Size Trends, Emerging Growth Factors and Forecasts to 2027 - Downey... - December 14th, 2019
- Encryption back on the congressional agenda - Politico - December 9th, 2019
- Police radios blocked from the public in southeast Denver metro area - The Denver Post - December 9th, 2019
- Encryption Software Market Innovations, And Top Companies - Forecast To 2029| Microsoft, Sophos Ltd., Check Point Software Technologies Ltd. -... - December 9th, 2019
- Did You Hear That? Securing Communications in 2019 | Insight for the Connected Enterprise - No Jitter - December 9th, 2019
- 'Government broke their promise': Labor seeks to amend encryption legislation - Sydney Morning Herald - December 9th, 2019
- Global Hardware-based Full Disk Encryption Market 2019 Innovation and Technological Developments, Industry Analysis & Outlook 2023 - Weekly News... - December 9th, 2019
- 80% of all Android apps encrypt traffic by default - We Live Security - December 8th, 2019
- Keybase moves to stop onslaught of spammers on encrypted message platform - Ars Technica - December 8th, 2019
- Labor says it will fix encryption laws it voted for last year - ZDNet - December 8th, 2019
- Nick Clegg to be summoned to Parliament to give evidence on Facebook encryption - Sunriseread - December 8th, 2019
- This startup just solves the data privacy problem by making it possible to search encrypted data in the cloud - TechStartups.com - December 8th, 2019
- Encryption Software Market to Discern Magnified Growth During 2017-2027 - Weekly Spy - December 8th, 2019
- Millions of Private Text Messages Have Been Exposed: Here's How to Encrypt Messages on iPhone and Android - Tech Times - December 8th, 2019
- Biometric Data Encryption Device Market : Analysis and In-depth study on market Size Trends, Emerging Growth Factors and Forecasts to 2018 to 2028 -... - December 8th, 2019
- Certbot Leaves Beta with the Release of 1.0 - EFF - December 8th, 2019
- Terrific News for Android OS Users 80% Android apps encrypting traffic by default - Digital Information World - December 8th, 2019