Monday, January 1, 2018

Why Encryption Really, Really Matters

We've visited the author of this essay, Bruce Schneier, a few times, usually with lighthearted headlines for deadly serious problems.
From Demos Quarterly, Nov. 1:

Encryption’s curse is also its blessing
Bruce Schneier considers the value of encryption and the risks of backdoor access by governments and law enforcement. Ultimately, he argues, we need to develop better investigative tools.

The Internet has become vital to society, and attacks against it have serious consequences. Denial-of-service attacks against popular platforms costs millions. Ransomware affects hospitals. Privacy violations threaten to undermine our democracies. And the Internet of Things means that vulnerabilities in computer systems can allow attackers to crash cars, disable medical devices, and otherwise affect both life and property.

It is against this backdrop that we need to debate the value of encryption and the dangers of backdoors. Currently, some politicians in the US, the UK, Australia, and other countries are trying to pass laws limiting the effectiveness of encryption. Citing police investigative needs, they want encryption products in their own countries to have a mechanism to give police officers access to encrypted content – messages and stored data – without the knowledge or consent of the user. It’s a myopic and short sighted idea that 1) won’t have the desired effects, and 2) will make us all much less safe.

I’ll take the second point first. Encryption is a powerful security tool. It secures our data and communications against eavesdroppers such as criminals, foreign governments, and terrorists. We use it everyday to hide our cell phone conversations from eavesdroppers and our Internet purchasing from credit card thieves. Dissidents in China and many other countries use it to avoid arrest. It’s a vital tool for journalists to communicate with their sources, for NGOs to protect their work in repressive countries, and for attorneys to communicate with their clients. Governments around the world use encryption to protect themselves against foreign espionage.

The never-ending litany of attacks illustrates how important computer and Internet security is, on a personal and national level. Anything that forces companies to create alternate access mechanisms that bypass the user will only exacerbate the risks. As technologists, we can’t build an access system that only works for people of a certain citizenship, or with a particular morality, or only in the presence of a specified legal document. If the FBI can eavesdrop on your text messages or get at your computer’s hard drive, so can other governments. So can criminals. So can terrorists.

And while it’s data that encryption primarily protects today, encryption will be essential to protect our physical safety tomorrow. Computers are permeating everything from airplanes and automobiles to toys and home appliances, from drones to nuclear power plants. We need technology companies to make encryption ubiquitous, and to design it to be as bulletproof as possible. This is for our own security and safety.

Now to return to the first point. Criminals and terrorists use tools like WhatsApp and iMessage to prevent authorities from eavesdropping on their communications and accessing their data. If those tools were weakened to allow for surreptitious access, those same criminals and terrorists would use something else....MORE
Previously:

Another Job the Robots Will Be Taking: Safecracker
The Internet of Things Is A Surveillance Nightmare
"How Hackers Hijacked a Bank’s Entire Online Operation"
"Click Here to Kill Everyone"