The SC Blog

Are we ignoring the collateral damage of encryption?

As the encryption debate rages on, and governments around the world press to get greater surveillance power, SC's Roi Perez asks if the industry is ignoring the collateral damage of the encryption debate.

Are we ignoring the collateral damage of encryption?
Are we ignoring the collateral damage of encryption?

It's becoming hard for me to be pragmatic when it comes to surveillance.

I understand the basics of how asymmetric encryption works and how it protects internet communications for legitimate reasons such as online transactions and HTTPS.

I'm the person who, perhaps impotently, complains about his civil liberties being infringed when it comes to things like the Investigatory Powers Bill. If the government wants to see what I'm doing they should get a warrant.

As cryptographer Bruce Schneier explains on his blog: “We are seeing government pushback against encryption. Many countries, from states like China and Russia to more democratic governments like the United States and the United Kingdom, are either talking about or implementing policies that limit strong encryption. This is dangerous, because it's technically impossible, and the attempt will cause incredible damage to the security of the Internet.”

It's a rosy sentiment, undoubtedly. But it's getting harder for me to think of it as so black and white anymore.

Yes, I understand that encryption isn't something you can just turn on and off, only allowing it for the good guys and not the bad guys. I understand that if the government does manage to get some powers such as backdoors, they will only want more – and these powers would potentially be open to abuse themselves. These points were well worn during  the Apple v FBI case earlier this year.

And yes, I'm completely onboard with the idea that if you're living under or reporting on an despotic regime, you should be able to access the kind of exceptional privacy which encryption can allow.

If we even needed one, Fred Ghahramani, founder of Just10, provides an excellent example of legitimate use of encryption. Government surveillance is a sensitive topic for him.

Ghahramani grew up in Khomeini-era Shia-run Iran as a Sunni muslim. “Growing up in Iran, I was looked at as fifth column scum, as I was seen to be the wrong kind of ethnic minority,” he said.  

As a child he would have to start phone conversations explaining he was a child, and certainly not trying any “funny business”.

Clearly, that's not OK. However, I just don't think it's a black and white situation any more.

We're in now in a position where our technology has far surpassed anything we may have once imagined. There are half a billion people on Whatsapp alone, asking their spouses what's for dinner, with end-to-end encryption.

Now this isn't the problem, and in a way probably a good thing. People send all sorts of things through chat apps nowadays, and I think it will, in the long run, promote a best-practice kind of mindset.

However, this isn't an Enigma machine situation where there were approximately 100,000 machines in the wild, and once the war was over we could just round them up and destroy them all.

Everyday we hear cases of how criminals and terrorists are using encryption to cloak their activities.

Mashable recently reported how ISIS is now using encrypted messaging app groups to sell sex slaves. This was brought to light by Yatzidi activists who are trying to end this horror.

A British study conducted in early 2015 claimed that up to 80 percent of the darknet activity on TOR was related to child pornography.

The FBI says  that on average, there's  at least one new site promoting child sexual abuse every day. Once one goes down it's quickly replaced, stronger and more secure than the last.

We know that ISIS have been using Telegram channels to recruit some of the most vulnerable - angry, young teenagers - to come to Raqqa and ‘fight for the caliphate'. They are lured in by a sense of community and self-respect; qualities often absent from where they grew up.  

Despite these cases, I'm not for one second even trying to suggest we rid ourselves of encryption because of its misuse.

And I don't have the answer here. I haven't thought up a new kind of technology which allows for atrocities like this to be fought against properly. I don't know if it's possible to still use encryption safely, while still allowing law enforcement to stop things like this from happening.

But perhaps we can get past some of the demagoguery punctuating this argument and look for solutions that address both sides of the issue.

Make no mistake, these are issues that cannot be dismissed as easily as some in the tech community would like.

We have to ask the question: Can we have safe encryption for legitimate use while enabling law enforcement to do their job?

It's a discussion we should be having in our industry, as the ‘collateral damage' happening now is the responsibility of all of us, and no less important than reliable encryption.

 

-------------------------------------------------------------------------------------------------------------------

SC Opinion and blog articles express the opinions of the authors and are not necessarily the view of SC Magazine.  We welcome comment and opposing viewpoints and are happy to act as a forum for discussion of important issues in the industry.

close

Next Article in The SC Blog