Encryption is under attack. Here’s why that matters

whatsapp.png

(Christian Wiediger, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Adrien Ogée, Project Lead, Cyber Resilience, World Economic Forum & Marco Pineda, Head of Security and Innovation, Centre for Cybersecurity, World Economic Forum


The news that Interpol is about to “condemn” the spread of strong encryption is just the latest salvo in the crypto wars, a decades-long controversy between proponents of strong encryption, law enforcement and investigative bodies over the widespread use of encryption by technology companies. The central tenet of the law enforcement argument is that strong end-to-end encryption hinders the investigation and prosecution of crimes when suspects use it on their personal devices. For their part, privacy and human rights advocates contend that there is no mechanism “that (both) protects the security and privacy of communications and allows access for law enforcement”.

What is encryption?

Encryption is the encoding of information such that only authorized parties may access it at the message’s final destination. One of the earliest examples of encryption – and the most cited in literature on the subject – is the Caesar cipher, a substitution cipher where each letter of a message is shifted 3 characters.

 

The Caesar cipher relied more on the secrecy of the method of encryption rather than the key, and can easily be cracked by observing the frequency of the letters.

In the 20th century, notable uses of encryption and – more pertinently – codebreaking have had major historical impacts. This includes the Zimmerman telegram of World War I, in which Germany urged Mexico to invade the United States if Washington were to join the war against it. The ability of the British to break the German code and the leaking of the contents of the telegram was instrumental in turning American public opinion against Germany and lead to the US entering the war on the side of the Allies.

Later, during World War Two, a British team led by mathematician Alan Turing broke Germany’s Enigma code. By some estimates this shortened the war by two years and saved 12 million lives.

While all encryption methods used up until the Enigma machine relied on the concept of security through obscurity, modern cryptography is based on the opposite: security through transparency.

The plans for Enigma were very well concealed and breaking it was not easy. Marian Rejewski at Poland’s Cipher Bureau and later Alan Turing and his team at Bletchley Park had to build a computer to help break the codes at scale. Modern cryptographic methods are based on well-known mathematical theorems that are practically unbreakable with current technologies.

For instance, multiplying two prime numbers together is an easy problem. The result is what is called a semi-prime number. Now finding out which two prime numbers were multiplied in the first place to achieve a semi-prime number is computationally difficult: the only way for the current generation of computers is a trial and error process that can take centuries, depending on the length of the semi-prime number. The widely used RSA 2048 encryption method, for example, would take a classical computer 300 trillion years to crack (although quantum computers may one day do the job a lot faster).

What’s the issue?

Facebook Messenger, WhatsApp and other communication apps use an implementation of public key cryptography called end-to-end encryption. Only the end users have access to the decrypted data; the service provider, like Facebook, doesn’t. As such, it is theoretically impossible for the company to hand over decrypted data to the authorities.

This is the crux of the debate. It is what has led law enforcement to ask that end-to-end encryption not be rolled out by Facebook, or that ‘backdoors’ be introduced to aid in surveillance or data recovery.

A first example of this was the San Bernardino terrorist attack of 2015, in which the FBI wanted Apple’s assistance to open one of the assailant’s phones. Apple’s refusal led the FBI to file a case with the US District Court for the Central District of California to compel Apple to aid FBI efforts. The request was eventually withdrawn when an Israeli company found and exploited a vulnerability in the phone to decrypt the data on behalf of the Bureau. While the data revealed nothing about the plot, the case brought widespread criticism of the company for profiting from vulnerabilities in its phone operating system that cybercriminals, terrorists and rogue nations can buy, find and exploit too. Best practice in the cybersecurity industry is for researchers to report these vulnerabilities to the software editor or device manufacturer; this is called responsible disclosure.

A second example of this was this year’s “Ghost protocol” proposed by UK intelligence agency GCHQ to avoid weakening encryption, which revolved around transferring messages sent by a suspect over WhatsApp or iMessage to a law enforcement agent without notifying the suspect. This was met with vigorous opposition from tech firms.

Privacy advocates do not argue the need for law enforcement to be able to investigate crimes such as child exploitation and terrorism. The general objection from them and other parties interested in keeping messages private is that any weakening of encryption for the benefit of investigators also benefits those with more nefarious intent. They argue that ‘backdoor’ or exceptional access by law enforcement amounts to the introduction of a weakness to security systems that can be exploited by criminals. This unintended consequence of the desire to provide better protection to, for instance, exploited children, victims of terrorism or human trafficking also exposes regular users to exploitation from cybercriminals by giving these groups a built-in way to access their information.

What leaders are saying

In 2015 at a talk at West Point, then Vice-Chairman of the US Joint Chiefs of Staff, Admiral James A. Winnefeld, said: “I think we would all win if our networks were more secure. And I think I would rather live on the side of secure networks and a harder problem for Mike [then NSA Director Mike Rogers] on the intelligence side than very vulnerable networks and an easy problem for Mike”.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact info@c4c-weforum.org.

In Europe, the EU Cybersecurity Agency and Europol issued a joint statement on this topic, recognizing the hurdles of strong encryption in police work, but also acknowledging that weakening encryption technologies for everyone was not the way forward. Rather, they called for research and development efforts to find technical solutions to decrypt communication, all under judiciary oversight.

As the crypto wars continue to seek to strike the correct balance between the needs of law enforcement for access to information to conduct investigations and the need for vulnerable populations to free speech and the general public to have financial and personal information protected, the ultimate decisions will be weighed by those with a view of the entire ecosystem.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Eurozone: How can 200 banks find €400 billion?

Amazon, a pair of shoes and my Data Privacy walks away

An Easter Special: Social protection of migrants in Europe as seen through the eyes of European youth

COVID-19 is threatening the lives of migrant children held in US custody

“None of our member states has the dimension to compete with China and the US, not even Germany!”, Head of EUREKA Pedro Nunes on another Sting Exclusive

A ‘charismatic leader’ dedicated to making the world a better place for all: officials bid farewell to former UN chief Kofi Annan

Tackling the toxic norms that hold women back in Asia

A Sting Exclusive: “Our ambition is by 2020 Indonesia to become an emerging power of World’s Maritime Access”, reveals the Chargé d’Affaires at the Embassy of Indonesia in Brussels, treating WEF, ASEAN and EU-Indonesia relations on the eve of the World Economic Forum East Asia 2015 in Jakarta

World Mental Health Day is a chance to listen to those with the condition – the biggest experts of all

5 amazing schools that will make you wish you were young again

This Japanese concept will help you see the world – and learn – in a different way

Is Haiti better prepared for disasters, nine years on from the 2010 earthquake?

WHO working to save lives following powerful earthquake in Albania

How to give start-ups a head-start

What is carbon offsetting?

EU to spend €135.5 billion in 2014 or 6.5% less than this year

ECB’s Draghi favours a cheaper euro to serve all Eurozone countries

How the world can gear up for the fight against cancer

Health spending set to outpace GDP growth to 2030

Here’s how retailers can encourage more sustainable behaviour

UN human rights chief denounces grave ‘assaults’ on fundamental rights of Palestinian people

Africa is set to get its first vertical forest

UN health agency identifies 5-year-old Congolese boy as first confirmed case of Ebola in Uganda

GSMA Mobile 360 Series – MENA in Dubai, in Association with The European Sting

We need to rethink neuroscience. And you can help us

rescEU assets mobilised to help Greece fight devastating forest fires

JADE visits Lithuanian Junior Initiatives

Stop cooperation with and funding to the Libyan coastguard, MEPs ask

Progress made in UN talks to end Yemen war, Envoy lauds ‘positive and serious spirit’

COVID-19: ‘Top priority’ must be on containment, insists WHO’s Tedros

UN rights chief ‘deeply concerned’ over Jehovah’s Witness sentencing in Russia

Available mental health services: is it only about professionals or institutions?

International community makes important progress on the tax challenges of digitalisation

AIESEC @ European Business Summit 2015: The power of an individual and how we can awaken Europe’s Youth

European Commission calls on national political parties to join efforts to ensure free and fair elections in Europe

Climate change will shrink these economies fastest

Tuesday’s Daily Brief: #GlobalGoals progress, essential meds, updates from Cox’s Bazar, Sudan and DR Congo

UN lauds special chemistry of the periodic table, kicking off 150th anniversary celebrations

Why sustainable packaging is good for profits as well as the planet

COVID-19: MEPs free up over €3 billion to support EU healthcare sector

Moscow’s Eurasian Union lost significance after the crisis in Ukraine

Egypt urged to free prominent couple jailed arbitrarily since last June: UN rights office

Only international actions can settle the world’s ‘enormous and diverse cross-border challenges’, Qatar tells UN Assembly

Will we join hands for a tomorrow without antimicrobial resistance?

More ambition needed for EU recovery instruments, says majority of MEPs

New Zealand has unveiled its first ‘well-being’ budget

Will the Greek economy ever come back to growth?

The global economy is woefully unprepared for biological threats. This is what we need to do

Germany may prove right rejecting Commission’s bank resolution scheme

Bolivia: UN underlines support for ‘credible, transparent and inclusive’ election

In an era of global uncertainty, the SDGs can be our guide

UN rights office calls on Zimbabwe Government to end ‘crackdown’ in response to fuel protests

How is the global economy fairing 11 years after the financial crisis?

Nairobi summit: Women’s empowerment a ‘game changer’ for sustainable development

Food safety: New rules to boost consumer trust approved by MEPs

Ebola cases rising in DR Congo, but UN health agency cites progress in community trust-building

We can solve climate change – if we involve women

Six children among 53 confirmed fatalities after Libya detention centre airstrikes: Security Council condemns attack

New chapters in EU-China trade disputes

More Stings?

Advertising

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s