Encryption is under attack. Here’s why that matters

whatsapp.png

(Christian Wiediger, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Adrien Ogée, Project Lead, Cyber Resilience, World Economic Forum & Marco Pineda, Head of Security and Innovation, Centre for Cybersecurity, World Economic Forum


The news that Interpol is about to “condemn” the spread of strong encryption is just the latest salvo in the crypto wars, a decades-long controversy between proponents of strong encryption, law enforcement and investigative bodies over the widespread use of encryption by technology companies. The central tenet of the law enforcement argument is that strong end-to-end encryption hinders the investigation and prosecution of crimes when suspects use it on their personal devices. For their part, privacy and human rights advocates contend that there is no mechanism “that (both) protects the security and privacy of communications and allows access for law enforcement”.

What is encryption?

Encryption is the encoding of information such that only authorized parties may access it at the message’s final destination. One of the earliest examples of encryption – and the most cited in literature on the subject – is the Caesar cipher, a substitution cipher where each letter of a message is shifted 3 characters.

 

The Caesar cipher relied more on the secrecy of the method of encryption rather than the key, and can easily be cracked by observing the frequency of the letters.

In the 20th century, notable uses of encryption and – more pertinently – codebreaking have had major historical impacts. This includes the Zimmerman telegram of World War I, in which Germany urged Mexico to invade the United States if Washington were to join the war against it. The ability of the British to break the German code and the leaking of the contents of the telegram was instrumental in turning American public opinion against Germany and lead to the US entering the war on the side of the Allies.

Later, during World War Two, a British team led by mathematician Alan Turing broke Germany’s Enigma code. By some estimates this shortened the war by two years and saved 12 million lives.

While all encryption methods used up until the Enigma machine relied on the concept of security through obscurity, modern cryptography is based on the opposite: security through transparency.

The plans for Enigma were very well concealed and breaking it was not easy. Marian Rejewski at Poland’s Cipher Bureau and later Alan Turing and his team at Bletchley Park had to build a computer to help break the codes at scale. Modern cryptographic methods are based on well-known mathematical theorems that are practically unbreakable with current technologies.

For instance, multiplying two prime numbers together is an easy problem. The result is what is called a semi-prime number. Now finding out which two prime numbers were multiplied in the first place to achieve a semi-prime number is computationally difficult: the only way for the current generation of computers is a trial and error process that can take centuries, depending on the length of the semi-prime number. The widely used RSA 2048 encryption method, for example, would take a classical computer 300 trillion years to crack (although quantum computers may one day do the job a lot faster).

What’s the issue?

Facebook Messenger, WhatsApp and other communication apps use an implementation of public key cryptography called end-to-end encryption. Only the end users have access to the decrypted data; the service provider, like Facebook, doesn’t. As such, it is theoretically impossible for the company to hand over decrypted data to the authorities.

This is the crux of the debate. It is what has led law enforcement to ask that end-to-end encryption not be rolled out by Facebook, or that ‘backdoors’ be introduced to aid in surveillance or data recovery.

A first example of this was the San Bernardino terrorist attack of 2015, in which the FBI wanted Apple’s assistance to open one of the assailant’s phones. Apple’s refusal led the FBI to file a case with the US District Court for the Central District of California to compel Apple to aid FBI efforts. The request was eventually withdrawn when an Israeli company found and exploited a vulnerability in the phone to decrypt the data on behalf of the Bureau. While the data revealed nothing about the plot, the case brought widespread criticism of the company for profiting from vulnerabilities in its phone operating system that cybercriminals, terrorists and rogue nations can buy, find and exploit too. Best practice in the cybersecurity industry is for researchers to report these vulnerabilities to the software editor or device manufacturer; this is called responsible disclosure.

A second example of this was this year’s “Ghost protocol” proposed by UK intelligence agency GCHQ to avoid weakening encryption, which revolved around transferring messages sent by a suspect over WhatsApp or iMessage to a law enforcement agent without notifying the suspect. This was met with vigorous opposition from tech firms.

Privacy advocates do not argue the need for law enforcement to be able to investigate crimes such as child exploitation and terrorism. The general objection from them and other parties interested in keeping messages private is that any weakening of encryption for the benefit of investigators also benefits those with more nefarious intent. They argue that ‘backdoor’ or exceptional access by law enforcement amounts to the introduction of a weakness to security systems that can be exploited by criminals. This unintended consequence of the desire to provide better protection to, for instance, exploited children, victims of terrorism or human trafficking also exposes regular users to exploitation from cybercriminals by giving these groups a built-in way to access their information.

What leaders are saying

In 2015 at a talk at West Point, then Vice-Chairman of the US Joint Chiefs of Staff, Admiral James A. Winnefeld, said: “I think we would all win if our networks were more secure. And I think I would rather live on the side of secure networks and a harder problem for Mike [then NSA Director Mike Rogers] on the intelligence side than very vulnerable networks and an easy problem for Mike”.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact info@c4c-weforum.org.

In Europe, the EU Cybersecurity Agency and Europol issued a joint statement on this topic, recognizing the hurdles of strong encryption in police work, but also acknowledging that weakening encryption technologies for everyone was not the way forward. Rather, they called for research and development efforts to find technical solutions to decrypt communication, all under judiciary oversight.

As the crypto wars continue to seek to strike the correct balance between the needs of law enforcement for access to information to conduct investigations and the need for vulnerable populations to free speech and the general public to have financial and personal information protected, the ultimate decisions will be weighed by those with a view of the entire ecosystem.

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Gender equality: an issue much talked about but less acted upon

Vaccinations and the movement of anti-vaccers

How India’s new consumers can contribute to a $6 trillion opportunity

Draghi reveals how failing banks will be dealt, may cut interest rates soon

Banks worth $47 trillion adopt new UN-backed climate, sustainability principles

‘No justification’ for attacks against civilians, UN envoy says on mounting cross-border violence in Gaza

The experience economy is booming, but it must benefit everyone

The smartest cyber investment is collective action. Here’s why

A Sting Exclusive: Disaster risk resilience, key to protecting vulnerable communities

UN experts urge India to align new anti-trafficking bill with human rights law

German opposition win in Lower Saxony felt all over Europe

‘Young people care about peace’: UN Youth Envoy delivers key message to Security Council

Eurozone set to abandon monetary and incomes austerity and adopt growth friendly policies

Rich economies not a promise of education equality, new report finds

Saving the whales is more important than planting trees to stop climate change. This is why

European research priorities for 2021-2027 agreed with member states

Brexit casts a shadow over the LSE – Deutsche Börse merger: a tracer of how or if brexit is to be implemented

Mediterranean migrant drownings should spur greater action by European countries, urge UN agencies

The new EU “fiscal compact” an intimidation for all people

‘Democratic aspirations of the Sudanese people’ must be met urges Guterres, following military removal of al-Bashir from power

Future of our planet hinges on action by today’s youth – UN deputy chief

Most fish consumers support a ban on fishing endangered species, poll finds

Rural Bangladesh has already embraced renewable energy. Here’s what the rest of the world can learn

Iran-US attack in Iraq: Guterres pledges ‘active engagement’ in further de-escalation efforts

Back to the Basics: Primary Healthcare

D-Day for Grexit is today and not Friday; Super Mario is likely to kill the Greek banks still today

All States have ‘primary responsibility’ to protect against hate attacks

How to rebuild trust and integrity in South Africa

Nearly two-thirds of children lack access to welfare safety net, risking ‘vicious cycle of poverty’

Questions and Answers on issues about the digital copyright directive

Central Asia: the European Union matches political commitment with further concrete support

The refugee crisis brings to light EU’s most horrible flaws and nightmares

The European Green Deal sets out how to make Europe the first climate-neutral continent by 2050, boosting the economy, improving people’s health and quality of life, caring for nature, and leaving no one behind

Why financial services can kickstart Africa’s digital economy

Global ageing is a challenge – and an opportunity

European Globalisation Adjustment Fund, who gets it and who pays the bill?

Progress in medical research: leading or lagging behind?

Consumer product quality: MEPs take aim at dual standards

Parallel downfalls of Merkel and Deutsche Bank threaten Germany and Europe

The cost of healthcare is rising in ASEAN. How can nations get the most for their money?

Cash-strapped cities must look to private partners

Will Turkey abandon the refugee deal and risk losing a bonanza of money?

Why business can no longer turn a blind eye to poor vision

First do no harm. Why healthcare needs to change

Global climate change: consequences for human health in Brazilian cities

Poor Greeks, Irish and Spaniards still pay for the faults of German and French banks

This tech company is aiming to plant 500 billion trees by 2060 – using drones

European Employment Forum 2013 and not European Unemployment Forum 2014

‘We need to stand up now’ for the elderly: urges UN rights expert on World Day

A small group of world leaders are standing together against inequality

How privacy tech is redefining the data economy

Brexit preparedness: EU completes preparations for possible “no-deal” scenario on 12 April

Beyond self-regulation: dealing with Europe’s consumption problem

You can make a difference in North Korea. Here’s how

Climate emergency: City mayors are ‘world’s first responders’, says UN chief

UN chief condemns student abductions in north-west Cameroon

How and why Mercedes fakes the EU fuel consumption tests

‘The green economy is the future,’ UN chief says in Beijing, urging climate solutions that strengthen economies, protect the environment

UK: Customs Union with EU or a longer delay of Brexit

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s