The news that Interpol is about to condemn the spread of strong encryption is just the latest salvo in the crypto wars, a decades-long controversy between proponents of strong encryption, law enforcement and investigative bodies over the widespread use of encryption by technology companies. The central tenet of the law enforcement argument is that strong end-to-end encryption hinders the investigation and prosecution of crimes when suspects use it on their personal devices. For their part, privacy and human rights advocates contend that there is no mechanism that (both) protects the security and privacy of communications and allows access for law enforcement.
Encryption is the encoding of information such that only authorized parties may access it at the messages final destination. One of the earliest examples of encryption and the most cited in literature on the subject is the Caesar cipher, a substitution cipher where each letter of a message is shifted 3 characters.
The Caesar cipher relied more on the secrecy of the method of encryption rather than the key, and can easily be cracked by observing the frequency of the letters.
In the 20th century, notable uses of encryption and - more pertinently - codebreaking have had major historical impacts. This includes the Zimmerman telegram of World War I, in which Germany urged Mexico to invade the United States if Washington were to join the war against it. The ability of the British to break the German code and the leaking of the contents of the telegram was instrumental in turning American public opinion against Germany and lead to the US entering the war on the side of the Allies.
Later, during World War Two, a British team led by mathematician Alan Turing broke Germany's Enigma code. By some estimates this shortened the war by two years and saved 12 million lives.
While all encryption methods used up until the Enigma machine relied on the concept of security through obscurity, modern cryptography is based on the opposite: security through transparency.
The plans for Enigma were very well concealed and breaking it was not easy. Marian Rejewski at Polands Cipher Bureau and later Alan Turing and his team at Bletchley Park had to build a computer to help break the codes at scale. Modern cryptographic methods are based on well-known mathematical theorems that are practically unbreakable with current technologies.
For instance, multiplying two prime numbers together is an easy problem. The result is what is called a semi-prime number. Now finding out which two prime numbers were multiplied in the first place to achieve a semi-prime number is computationally difficult: the only way for the current generation of computers is a trial and error process that can take centuries, depending on the length of the semi-prime number. The widely used RSA 2048 encryption method, for example, would take a classical computer 300 trillion years to crack (although quantum computers may one day do the job a lot faster).
Facebook Messenger, WhatsApp and other communication apps use an implementation of public key cryptography called end-to-end encryption. Only the end users have access to the decrypted data; the service provider, like Facebook, doesnt. As such, it is theoretically impossible for the company to hand over decrypted data to the authorities.
This is the crux of the debate. It is what has led law enforcement to ask that end-to-end encryption not be rolled out by Facebook, or that 'backdoors' be introduced to aid in surveillance or data recovery.
A first example of this was the San Bernardino terrorist attack of 2015, in which the FBI wanted Apples assistance to open one of the assailants phones. Apples refusal led the FBI to file a case with the US District Court for the Central District of California to compel Apple to aid FBI efforts. The request was eventually withdrawn when an Israeli company found and exploited a vulnerability in the phone to decrypt the data on behalf of the Bureau. While the data revealed nothing about the plot, the case brought widespread criticism of the company for profiting from vulnerabilities in its phone operating system that cybercriminals, terrorists and rogue nations can buy, find and exploit too. Best practice in the cybersecurity industry is for researchers to report these vulnerabilities to the software editor or device manufacturer; this is called responsible disclosure.
A second example of this was this years "Ghost protocol" proposed by UK intelligence agency GCHQ to avoid weakening encryption, which revolved around transferring messages sent by a suspect over WhatsApp or iMessage to a law enforcement agent without notifying the suspect. This was met with vigorous opposition from tech firms.
Privacy advocates do not argue the need for law enforcement to be able to investigate crimes such as child exploitation and terrorism. The general objection from them and other parties interested in keeping messages private is that any weakening of encryption for the benefit of investigators also benefits those with more nefarious intent. They argue that 'backdoor' or exceptional access by law enforcement amounts to the introduction of a weakness to security systems that can be exploited by criminals. This unintended consequence of the desire to provide better protection to, for instance, exploited children, victims of terrorism or human trafficking also exposes regular users to exploitation from cybercriminals by giving these groups a built-in way to access their information.
In 2015 at a talk at West Point, then Vice-Chairman of the US Joint Chiefs of Staff, Admiral James A. Winnefeld, said: I think we would all win if our networks were more secure. And I think I would rather live on the side of secure networks and a harder problem for Mike [then NSA Director Mike Rogers] on the intelligence side than very vulnerable networks and an easy problem for Mike.
The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.
Platform activities focus on three main challenges:
Strengthening Global Cooperation for Digital Trust and Security - to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future - to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.
The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forums investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.
For more information, please contact firstname.lastname@example.org.
In Europe, the EU Cybersecurity Agency and Europol issued a joint statement on this topic, recognizing the hurdles of strong encryption in police work, but also acknowledging that weakening encryption technologies for everyone was not the way forward. Rather, they called for research and development efforts to find technical solutions to decrypt communication, all under judiciary oversight.
As the crypto wars continue to seek to strike the correct balance between the needs of law enforcement for access to information to conduct investigations and the need for vulnerable populations to free speech and the general public to have financial and personal information protected, the ultimate decisions will be weighed by those with a view of the entire ecosystem.
License and Republishing
Adrien Oge, Project Lead, Cyber Resilience, World Economic Forum
Marco Pineda, Head of Security and Innovation, Centre for Cybersecurity, World Economic Forum
The views expressed in this article are those of the author alone and not the World Economic Forum.
- What is On-the-Fly Memory Encryption? - Electropages - August 8th, 2020
- AFP says it made three requests for assistance in breaking encryption in 2019-20 - iTWire - August 8th, 2020
- Blue Canyon Technologies Tapped to Build QETSSat Encryption Satellite - Via Satellite - August 8th, 2020
- Encryption Software Market Report to Share Key Aspects of the Industry with the Details of Influence Factors- 2024 - Owned - August 8th, 2020
- Exorcist Ransomware and CIS Exclusion - Security Boulevard - August 8th, 2020
- Beyond Krk: Even more WiFi chips vulnerable to eavesdropping - We Live Security - August 8th, 2020
- Comprehensive Analysis on Endpoint Encryption Software Market based on types and application - The Daily Chronicle - August 8th, 2020
- This hardware-encrypted USB-C drive is rugged, inexpensive, and can run Windows - TechRadar UK - August 8th, 2020
- Zoom's COO is not concerned by app bans in India, says end-to-end encryption for all by year end - Economic Times - August 8th, 2020
- Jihadi Use Of Bots On The Encrypted Messaging Platform Telegram - Middle East Media Research Institute - August 8th, 2020
- Thoughts on encryption legislation - and the real 'link' between 5G and coronavirus - Cloud Tech - July 21st, 2020
- Twitter Urged To Beef Up Encryption 07/20/2020 - MediaPost Communications - July 21st, 2020
- Encryption Software - Market Share Analysis and Research Report by 2025 - CueReport - July 21st, 2020
- Encryption Management Solutions Market 2020 Global Share, Growth, Size, Opportunities, Trends, Regional Overview, Leading Company Analysis And... - July 21st, 2020
- Research Report on Data Encryption Service Market by Current Industry Status, Growth Opportunities, Top Key Players, and Forecast to 2025 -... - July 21st, 2020
- Bill That Mandates Cyber Backdoors Will Leave Front Doors Wide Open - CPO Magazine - July 21st, 2020
- These encrypted iStorage hard drives and flash drives are the ultimate peace of mind for your data - Boing Boing - July 21st, 2020
- Virtual and face-to-face connect to coexist: Zoom COO - Fortune India - July 21st, 2020
- Facebook's Rolling Out Touch ID and Face ID Lock Options for Messenger - Social Media Today - July 21st, 2020
- Global Cloud Encryption Technology Market Expeted To Reach xx.xx mn USD With growth Rate of xx by 2025| Pandamic Impact Analysis : Gemalto, Sophos,... - July 21st, 2020
- Encryption Software Market 2020 Comprehensive Analysis With Top Trends, Size, Share, Future Growth Opportunities & Forecast By 2027 - Connected... - July 21st, 2020
- Cryptocurrencies Have 'No Way' to Comply With US Anti-Encryption Bills - CoinDesk - CoinDesk - July 17th, 2020
- Encryption Key Management Market: Find Out Essential Strategies to expand The Business and Also Check Working in 2020-2027 - Jewish Life News - July 17th, 2020
- Email Encryption Market Worth $9.9 Billion by 2025 - Exclusive Report by MarketsandMarkets - PRNewswire - July 17th, 2020
- Encryption Software Market Overviews With Key Players, Size Growth Drivers As Well As Industry Challenges Opportunities To 2027 - Connected Lifestyle - July 17th, 2020
- Encryption Software Market 2020 | Covid-19 Impact Analysis and Industry Forecast Report Till 2024 - 3rd Watch News - July 17th, 2020
- Encryption Software Market 2020 Overview by Size, Share, Financial Services, Applications, Sales Data and Investment Opportunities till 2025 - Apsters... - July 17th, 2020
- Flash drives and hard drives with military-grade encryption on sale - Mashable - July 17th, 2020
- Hardware Encryption Market: Size, Share, Analysis, Regional Outlook and Forecast 2020-2025 - Express Journal - July 17th, 2020
- IoT Security Solution For Encryption Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News - July 6th, 2020
- Endpoint Encryption Software Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News - July 6th, 2020
- Global Hardware-based Full Disk Encryption (FDE) Market Report 2020 by Key Players, Types, Applications, Countries, Market Size, Forecast to 2026... - July 6th, 2020
- Explained: WhatApp calls End-to-End Encrypted, but what does it mean for you? - India Today - July 6th, 2020
- The booming business of encrypted tech serving the criminal underworld - Telegraph.co.uk - July 6th, 2020
- Hardware Encryption Devices Consumption Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News - July 6th, 2020
- Network Encryption Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News - July 6th, 2020
- Encryption Software Market Worth $20.1 Billion by 2025 - Exclusive Report by MarketsandMarkets - Yahoo Finance - June 18th, 2020
- Zoom says free users will get end-to-end encryption after all - The Verge - June 18th, 2020
- Zoom To Offer End-To-End Encryption For Video Calls, Trials To Start In July - NDTV - June 18th, 2020
- Encryption Software Market 2020-2025: Types, Services, Cost Structure, Application, Statistics, Emerging Trends And Regional Analysis - Owned - June 18th, 2020
- Zoom to offer end-to-end encryption for all users, trial to begin in July - Reuters India - June 18th, 2020
- Cloud Encryption Market Will Generate Massive Revenue In Future- A Comprehensive Study On Key Players - Surfacing Magazine - June 18th, 2020
- Global Cloud Encryption Gateways Market Research with COVID-19 After Effects - Cole of Duty - June 18th, 2020
- Encryption Software Market 2020 By Trends, Demand, Business Opportunities, Development Factors, Applications, Overview with Competitive landscape... - June 14th, 2020
- IMPACT OF COVID-19 ON Encryption Key Management Software RESEARCH, GROWTH TRENDS AND COMPETITIVE ANALYSIS 2020-2026 - Cole of Duty - June 14th, 2020
- Move over Zoom, this encryption company just released the first fully end to end encrypted conferencing solution #105518 - New Kerala - June 14th, 2020
- Cloud Encryption Software Market to witness high growth in near future - GroundAlerts.com - June 14th, 2020
- Three secure ways to surf the internet - Gadgets Now - June 14th, 2020
- Will Zoom Bring Encryption to the People Who Need It Most? - EFF - June 13th, 2020
- Encryption Software Market Size Scope and Comprehensive Analysis by 2028 - 3rd Watch News - June 13th, 2020
- Federal-grade encryption from the comfort of home - GCN.com - June 13th, 2020
- Hardware-based Full Disk Encryption Market Growth Prospects, Revenue, Key Vendors, Growth Rate and Forecast To 2026 - Jewish Life News - June 13th, 2020
- Congress introduces EARN IT Act, which would end encryption programs but violates the Constitution - NationofChange - June 13th, 2020
- IBM kit wants to keep your data encrypted while in use - ITProPortal - June 13th, 2020
- Commercial Encryption Software Market Growth Prospects, Revenue, Key Vendors, Growth Rate and Forecast To 2026 - Jewish Life News - June 13th, 2020
- Nearly 500,000 say Congress shouldnt kill encryption with the EARN IT Act - The Daily Dot - June 13th, 2020
- COVID-19, Security and WFH: Myths and Misconceptions - Security Boulevard - June 13th, 2020
- Privacy News Online | Weekly Review: June 12th, 2020 - Privacy News Online - June 13th, 2020
- Global Optical encryption Market Insights and Forecast 2020 to 2025 - Jewish Life News - June 13th, 2020
- Hong Kong is number one in Asia for enterprise encryption, with customer personal information the top data protection priority, reports nCipher... - May 27th, 2020
- Are social giants morally obligated to break encryption? - ACS - May 27th, 2020
- Facebook plot to encrypt ALL chats will help child abusers to hide, former police chief warns - The Sun - May 27th, 2020
- Encryption Software Market To Expand At A Robust 14.27% Cagr Of 2020 | Sophos,McAfee,Check Point Software Technologies,Proofpoint,Trend Micro - 3rd... - May 27th, 2020
- Encryption Software Market Forecast Revised in a New Market Expertz Report as COVID-19 Projected to Hold a Massive Impact on Sales in 2020 | Long-term... - May 27th, 2020
- Global Homomorphic Encryption Market Analysis 2020-2025: by Key Players with Countries, Type, Application and Forecast Till 2025 - Cole of Duty - May 27th, 2020
- COVID-19 Impact ON AES Encryption Software Market: Size, Market Analysis, Application, Growth Drivers, Trends, status and Research Report by 2025 -... - May 27th, 2020
- Cloud Encryption Software Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19 Impact | Top... - May 27th, 2020
- Global Encryption Key Management Market 2020 Insights, Key Player's Competition, Trends, Sales, Revenue, Supply, Demand, Growth Analysis and Forecast... - May 27th, 2020
- Starting to look at email security. Looking for guidance - Encryption Methods and Programs - BleepingComputer - May 25th, 2020
- Global Cloud Encryption Technology Market Projected to Reach USD XX.XX billion by 2025- Gemalto, Sophos, Symantec, SkyHigh Networks, Netskope etc. -... - May 25th, 2020
- Impact of Covid-19 on Cloud Encryption Technology Market is Expected to Grow at an active CAGR by Forecast to 2025 | Top Players Gemalto, Sophos,... - May 25th, 2020
- Zoom will seek public feedback on plan for stronger encryption - The Indian Express - May 16th, 2020
- Encryption Software Market Research Report 2020 By Size, Share, Trends, Analysis and Forecast to 2026 - Cole of Duty - May 16th, 2020
- Almost half of organisations have been reported to the ICO for a potential data breach - ResponseSource - May 16th, 2020
- VPN Tunnels explained: what are they and how can they keep your internet data secure - TechRadar - May 16th, 2020
- The Week in Ransomware - May 15th 2020 - REvil targets Trump - BleepingComputer - May 16th, 2020
- WhatsApp Video Calls Will Soon Support 50: This Is Why 8s The Limit For Your Security - Forbes - May 16th, 2020
- How to Use Encryption for Defense in Depth in Native and Browser Apps - InfoQ.com - May 14th, 2020
- Analyzing Encrypted RDP Connections - Security Boulevard - May 14th, 2020
- Analysis on Impact of COVID-19-Global Cloud Encryption Software Market 2020-2024| Increasing Use of In-built Cloud Encryption Solutions to Boost... - May 14th, 2020