Encryption is under attack. Here’s why that matters

whatsapp.png

(Christian Wiediger, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Adrien Ogée, Project Lead, Cyber Resilience, World Economic Forum & Marco Pineda, Head of Security and Innovation, Centre for Cybersecurity, World Economic Forum


The news that Interpol is about to “condemn” the spread of strong encryption is just the latest salvo in the crypto wars, a decades-long controversy between proponents of strong encryption, law enforcement and investigative bodies over the widespread use of encryption by technology companies. The central tenet of the law enforcement argument is that strong end-to-end encryption hinders the investigation and prosecution of crimes when suspects use it on their personal devices. For their part, privacy and human rights advocates contend that there is no mechanism “that (both) protects the security and privacy of communications and allows access for law enforcement”.

What is encryption?

Encryption is the encoding of information such that only authorized parties may access it at the message’s final destination. One of the earliest examples of encryption – and the most cited in literature on the subject – is the Caesar cipher, a substitution cipher where each letter of a message is shifted 3 characters.

 

The Caesar cipher relied more on the secrecy of the method of encryption rather than the key, and can easily be cracked by observing the frequency of the letters.

In the 20th century, notable uses of encryption and – more pertinently – codebreaking have had major historical impacts. This includes the Zimmerman telegram of World War I, in which Germany urged Mexico to invade the United States if Washington were to join the war against it. The ability of the British to break the German code and the leaking of the contents of the telegram was instrumental in turning American public opinion against Germany and lead to the US entering the war on the side of the Allies.

Later, during World War Two, a British team led by mathematician Alan Turing broke Germany’s Enigma code. By some estimates this shortened the war by two years and saved 12 million lives.

While all encryption methods used up until the Enigma machine relied on the concept of security through obscurity, modern cryptography is based on the opposite: security through transparency.

The plans for Enigma were very well concealed and breaking it was not easy. Marian Rejewski at Poland’s Cipher Bureau and later Alan Turing and his team at Bletchley Park had to build a computer to help break the codes at scale. Modern cryptographic methods are based on well-known mathematical theorems that are practically unbreakable with current technologies.

For instance, multiplying two prime numbers together is an easy problem. The result is what is called a semi-prime number. Now finding out which two prime numbers were multiplied in the first place to achieve a semi-prime number is computationally difficult: the only way for the current generation of computers is a trial and error process that can take centuries, depending on the length of the semi-prime number. The widely used RSA 2048 encryption method, for example, would take a classical computer 300 trillion years to crack (although quantum computers may one day do the job a lot faster).

What’s the issue?

Facebook Messenger, WhatsApp and other communication apps use an implementation of public key cryptography called end-to-end encryption. Only the end users have access to the decrypted data; the service provider, like Facebook, doesn’t. As such, it is theoretically impossible for the company to hand over decrypted data to the authorities.

This is the crux of the debate. It is what has led law enforcement to ask that end-to-end encryption not be rolled out by Facebook, or that ‘backdoors’ be introduced to aid in surveillance or data recovery.

A first example of this was the San Bernardino terrorist attack of 2015, in which the FBI wanted Apple’s assistance to open one of the assailant’s phones. Apple’s refusal led the FBI to file a case with the US District Court for the Central District of California to compel Apple to aid FBI efforts. The request was eventually withdrawn when an Israeli company found and exploited a vulnerability in the phone to decrypt the data on behalf of the Bureau. While the data revealed nothing about the plot, the case brought widespread criticism of the company for profiting from vulnerabilities in its phone operating system that cybercriminals, terrorists and rogue nations can buy, find and exploit too. Best practice in the cybersecurity industry is for researchers to report these vulnerabilities to the software editor or device manufacturer; this is called responsible disclosure.

A second example of this was this year’s “Ghost protocol” proposed by UK intelligence agency GCHQ to avoid weakening encryption, which revolved around transferring messages sent by a suspect over WhatsApp or iMessage to a law enforcement agent without notifying the suspect. This was met with vigorous opposition from tech firms.

Privacy advocates do not argue the need for law enforcement to be able to investigate crimes such as child exploitation and terrorism. The general objection from them and other parties interested in keeping messages private is that any weakening of encryption for the benefit of investigators also benefits those with more nefarious intent. They argue that ‘backdoor’ or exceptional access by law enforcement amounts to the introduction of a weakness to security systems that can be exploited by criminals. This unintended consequence of the desire to provide better protection to, for instance, exploited children, victims of terrorism or human trafficking also exposes regular users to exploitation from cybercriminals by giving these groups a built-in way to access their information.

What leaders are saying

In 2015 at a talk at West Point, then Vice-Chairman of the US Joint Chiefs of Staff, Admiral James A. Winnefeld, said: “I think we would all win if our networks were more secure. And I think I would rather live on the side of secure networks and a harder problem for Mike [then NSA Director Mike Rogers] on the intelligence side than very vulnerable networks and an easy problem for Mike”.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact info@c4c-weforum.org.

In Europe, the EU Cybersecurity Agency and Europol issued a joint statement on this topic, recognizing the hurdles of strong encryption in police work, but also acknowledging that weakening encryption technologies for everyone was not the way forward. Rather, they called for research and development efforts to find technical solutions to decrypt communication, all under judiciary oversight.

As the crypto wars continue to seek to strike the correct balance between the needs of law enforcement for access to information to conduct investigations and the need for vulnerable populations to free speech and the general public to have financial and personal information protected, the ultimate decisions will be weighed by those with a view of the entire ecosystem.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Dangerous Trumpism in the Middle East with an anti-European edge

Scores killed in ‘barbaric’ attack on Mali village, UN chief urges restraint, calls for ‘dialogue’ to resolve tensions

How to fight back against misinformation and polarization

Responding to the anger

A Sting Exclusive: “Europe needs decisive progress for stronger cybersecurity”, EU Commissioner Gabriel highlights from Brussels

Afghanistan: UN envoy urges further extension of ceasefire with Taliban, as Eid ul-Fitr gets underway

JADE Spring Meeting 2015- Europe’s Junior Entrepreneurs together for 4 days of networking, workshops and forward thinking

Customs Union: Fake and potentially dangerous goods worth nearly €740 million stopped at EU customs in 2018

UN rights expert ‘strongly recommends’ probe by International Criminal Court into ‘decades of crimes’ in Myanmar

In this Tokyo cafe, the waiters are robots operated remotely by people with disabilities

MEPs adopt plan to keep 2020 EU funding for UK in no-deal Brexit scenario

Green light for VAT overhaul to simplify system and cut fraud

“The markets have moved on renewables, policy makers must keep up”, A Sting Exclusive by Erik Solheim, Head of UN Environment

Do not take the EP’s consent on MFF for granted, says Budget Committee Chair

Why our future relies on more inclusive and transparent innovation

International World Summit Award calls for outstanding digital applications with impact on society from 178 UN member states

Eurozone’s bank resolution mechanism takes a blow

Fair and Simple Taxation: Commission proposes new package of measures to contribute to Europe’s recovery and growth

‘Step backwards’ for Bosnia’s autonomous Serb region as assembly reneges on Srebrenica genocide report

Here’s what keeps CEOs awake at night (and why it might be bad news for your next job)

Further reforms in Sweden can drive growth, competitiveness and social cohesion

Medical workforce migration in Europe – Is it really a problem?

COVID-19: What the evidence so far means for containment

Women lose most from the climate crisis. How can we empower them?

Why protesters disrupted London Fashion Week

The growing cyber-risk to our electricity grids – and what to do about it

What companies gain by including persons with disabilities

EU leads the torn away South Sudan to a new bloody civil war

What happens after you recover from coronavirus? 5 questions answered

#TwitterisblockedinTurkey and so is Erdogan

In aftermath of Libya airstrike deaths, UN officials call for refugees and migrants to be freed from detention

UN envoy commends successful conclusion of Guinea-Bissau presidential election

Zero carbon buildings are possible following these four steps

COVID-19: Maintaining the teaching experience for students whilst delivering teaching virtually

Why economic growth depends on closing the interview gap

The European Commission and EU consumer authorities publish final assessment of dialogue with Volkswagen

Children in crisis-torn eastern Ukraine ‘too terrified to learn’ amid spike in attacks on schools

Japan to invest in euro values

Subsidiarity and Proportionality: Task Force presents recommendations on a new way of working to President Juncker

Athens urged to fast track asylum seekers amid island shelters crisis – UNHCR

Accountability for atrocities in Myanmar ‘cannot be expected’ within its borders – UN investigator

GSMA Mobile 360: Connecting Cities, Connecting Lives, Connecting Europe

Why the next 4 months are crucial to the future of the ocean

Venezuela: MEPs call for free and fair elections in the crisis-torn country

Algeria must stop arbitrary expulsion of West African migrants in desert: UN migration rights expert

The ECB proposes a swift solution for SMEs’ financing

Questions & Answers on vaccine negotiations

ECB to support only banks not Peoples

UN chief highlights action across borders for ‘stable and prosperous Eurasia’

Will we join hands for a tomorrow without antimicrobial resistance?

Spread Her Wings: Let Her Fly

FIFA and UN kick off healthy living campaign, to harness global game’s ‘huge potential’

Corporate tax remains a key revenue source, despite falling rates worldwide

REACT-EU: EU support to mitigate immediate effects of the COVID-19 crisis

Warsaw wins 2020 Access City Award for making the city more accessible to citizens with disabilities

Turbocharging scientific discovery: with bits, neurons, qubits – and collaboration

FROM THE FIELD: India’s plastic waste revolution

Parliament’s interparliamentary delegations established

Black babies more likely to survive when cared for by Black doctors, suggests new study

The climate and COVID-19: a convergence of crises

More Stings?

Advertising

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s