Encryption is under attack. Here’s why that matters

whatsapp.png

(Christian Wiediger, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Adrien Ogée, Project Lead, Cyber Resilience, World Economic Forum & Marco Pineda, Head of Security and Innovation, Centre for Cybersecurity, World Economic Forum


The news that Interpol is about to “condemn” the spread of strong encryption is just the latest salvo in the crypto wars, a decades-long controversy between proponents of strong encryption, law enforcement and investigative bodies over the widespread use of encryption by technology companies. The central tenet of the law enforcement argument is that strong end-to-end encryption hinders the investigation and prosecution of crimes when suspects use it on their personal devices. For their part, privacy and human rights advocates contend that there is no mechanism “that (both) protects the security and privacy of communications and allows access for law enforcement”.

What is encryption?

Encryption is the encoding of information such that only authorized parties may access it at the message’s final destination. One of the earliest examples of encryption – and the most cited in literature on the subject – is the Caesar cipher, a substitution cipher where each letter of a message is shifted 3 characters.

 

The Caesar cipher relied more on the secrecy of the method of encryption rather than the key, and can easily be cracked by observing the frequency of the letters.

In the 20th century, notable uses of encryption and – more pertinently – codebreaking have had major historical impacts. This includes the Zimmerman telegram of World War I, in which Germany urged Mexico to invade the United States if Washington were to join the war against it. The ability of the British to break the German code and the leaking of the contents of the telegram was instrumental in turning American public opinion against Germany and lead to the US entering the war on the side of the Allies.

Later, during World War Two, a British team led by mathematician Alan Turing broke Germany’s Enigma code. By some estimates this shortened the war by two years and saved 12 million lives.

While all encryption methods used up until the Enigma machine relied on the concept of security through obscurity, modern cryptography is based on the opposite: security through transparency.

The plans for Enigma were very well concealed and breaking it was not easy. Marian Rejewski at Poland’s Cipher Bureau and later Alan Turing and his team at Bletchley Park had to build a computer to help break the codes at scale. Modern cryptographic methods are based on well-known mathematical theorems that are practically unbreakable with current technologies.

For instance, multiplying two prime numbers together is an easy problem. The result is what is called a semi-prime number. Now finding out which two prime numbers were multiplied in the first place to achieve a semi-prime number is computationally difficult: the only way for the current generation of computers is a trial and error process that can take centuries, depending on the length of the semi-prime number. The widely used RSA 2048 encryption method, for example, would take a classical computer 300 trillion years to crack (although quantum computers may one day do the job a lot faster).

What’s the issue?

Facebook Messenger, WhatsApp and other communication apps use an implementation of public key cryptography called end-to-end encryption. Only the end users have access to the decrypted data; the service provider, like Facebook, doesn’t. As such, it is theoretically impossible for the company to hand over decrypted data to the authorities.

This is the crux of the debate. It is what has led law enforcement to ask that end-to-end encryption not be rolled out by Facebook, or that ‘backdoors’ be introduced to aid in surveillance or data recovery.

A first example of this was the San Bernardino terrorist attack of 2015, in which the FBI wanted Apple’s assistance to open one of the assailant’s phones. Apple’s refusal led the FBI to file a case with the US District Court for the Central District of California to compel Apple to aid FBI efforts. The request was eventually withdrawn when an Israeli company found and exploited a vulnerability in the phone to decrypt the data on behalf of the Bureau. While the data revealed nothing about the plot, the case brought widespread criticism of the company for profiting from vulnerabilities in its phone operating system that cybercriminals, terrorists and rogue nations can buy, find and exploit too. Best practice in the cybersecurity industry is for researchers to report these vulnerabilities to the software editor or device manufacturer; this is called responsible disclosure.

A second example of this was this year’s “Ghost protocol” proposed by UK intelligence agency GCHQ to avoid weakening encryption, which revolved around transferring messages sent by a suspect over WhatsApp or iMessage to a law enforcement agent without notifying the suspect. This was met with vigorous opposition from tech firms.

Privacy advocates do not argue the need for law enforcement to be able to investigate crimes such as child exploitation and terrorism. The general objection from them and other parties interested in keeping messages private is that any weakening of encryption for the benefit of investigators also benefits those with more nefarious intent. They argue that ‘backdoor’ or exceptional access by law enforcement amounts to the introduction of a weakness to security systems that can be exploited by criminals. This unintended consequence of the desire to provide better protection to, for instance, exploited children, victims of terrorism or human trafficking also exposes regular users to exploitation from cybercriminals by giving these groups a built-in way to access their information.

What leaders are saying

In 2015 at a talk at West Point, then Vice-Chairman of the US Joint Chiefs of Staff, Admiral James A. Winnefeld, said: “I think we would all win if our networks were more secure. And I think I would rather live on the side of secure networks and a harder problem for Mike [then NSA Director Mike Rogers] on the intelligence side than very vulnerable networks and an easy problem for Mike”.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact info@c4c-weforum.org.

In Europe, the EU Cybersecurity Agency and Europol issued a joint statement on this topic, recognizing the hurdles of strong encryption in police work, but also acknowledging that weakening encryption technologies for everyone was not the way forward. Rather, they called for research and development efforts to find technical solutions to decrypt communication, all under judiciary oversight.

As the crypto wars continue to seek to strike the correct balance between the needs of law enforcement for access to information to conduct investigations and the need for vulnerable populations to free speech and the general public to have financial and personal information protected, the ultimate decisions will be weighed by those with a view of the entire ecosystem.

Advertising

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Nagasaki is ‘a global inspiration’ for peace, UN chief says marking 73rd anniversary of atomic bombing

Malaysia can show the way towards a holistic model for human rights

Rohingya cannot become ‘forgotten victims,’ says UN chief urging world to step up support

6 facts to know about EU alternative investment funds

What washing your hands can teach you about global change

Here’s why the tech sector could be the next target for Chinese investment in Africa

New UN rights report paints bleak picture in eastern DR Congo

The unpleasant truth of plastic straws

Guterres hails historic Convention banning violence and harassment at work

Tuesday’s Daily Brief: funding for Palestine refugees, families today, tech surveillance

This man is sleeping out in the Davos cold to make a point about homelessness

Future-proofing the European banking market – removing the obstacles to exit

This graphene battery can recharge itself to provide unlimited clean energy

Avocado: the ‘green gold’ causing environment havoc

Around 23 million boys have married before reaching 15; ‘we can end this violation’ says UNICEF chief

How smarter machines can make us smarter humans

EU budget: Regional Development and Cohesion Policy beyond 2020

This NATO experiment used fake Facebook accounts to trick soldiers into sharing sensitive information

The remote doctor, can it ever work?

UN agency warns conditions around Yemen’s key port city of Hudaydah still ‘very bad’, as staff rush to deliver aid

Mediterranean and Black Seas: Commission proposes fishing opportunities for 2020

UN and Red Cross chiefs appeal for end to use of explosive weapons in cities

The Junior Enterprise concept: Business & Education

Close to final agreement on the EU Banking Union

Commission: Raising the social issues that can make or break the monetary union

Impact investment favours expats over African entrepreneurs. Here’s how to fix that

5G networks: to slice or not to slice?

Who should pay for workers to be reskilled?

‘Antagonistic gestures and accusations’ drown out Kosovo dialogue hopes, Security Council hears

Aid stepped up to Syria camp; new arrivals say terrorists blocked their escape

From UN Assembly podium, Central African Republic leader appeals for lifting arms embargo

More women and girls needed in the sciences to solve world’s biggest challenges

A ship with containers at the port of Rotterdam. (Copyright: European Union. Source: EC - Audiovisual Service. Photo: Robert Meerding)

US follows the EU in impeding China market economy status in WTO

Poland: €676 million worth of EU investments in better rails and roads

Blockchain is becoming key for global trade – but is that a gift for hackers?

UN chief pays tribute to ‘enduring contributions’ to regional, international diplomacy of Oman’s late Sultan Qaboos

It’s getting harder to move data abroad. Here’s why it matters and what we can do

European Court rules that ECB’s OMT program of 2012 is OK; not a word from Germany about returning the Greek 2010 courtesy

UN ‘stands in solidarity’ with cyclone-hit India – Secretary-General Guterres

As fighting in Libya escalates, so does number of children ‘at imminent risk of injury or death’

Somalis ‘will not be deterred’ by Friday’s terror attacks – UN chief

Brexit casts a shadow over the LSE – Deutsche Börse merger: a tracer of how or if brexit is to be implemented

The experience economy is booming, but it must benefit everyone

EU Summit consumed by the banks

Yemen: Recent uptick in fighting contradicts desire for peace

100 years after Polish independence, 5 reasons to be cheerful for the future

GSMA head urges regulators to help Europe regain leadership

Taxes on polluting fuels are too low to encourage a shift to low-carbon alternatives

Mergers: Commission approves Assa Abloy’s acquisition of Agta Record, subject to conditions

EU humanitarian budget for 2020 to help people in over 80 countries

Meet the robot fighting back against coral reef destruction

From philanthropy to profit: how clean energy is kickstarting sustainable development in East Africa

EU unfolds strategy on the Egypt question

Chart of the day: These countries have the highest share of electric vehicles

These are the world’s healthiest nations

Global Citizen-Volunteer Internships

Why the answer to a more sustainable future could lie within the platform economy

Youth Entrepreneurship Issue of the month: JEN, organisers of JADE October Meeting, on why JEs should come together

‘No-deal’ Brexit preparedness: European Commission takes stock of preparations and provides practical guidance to ensure coordinated EU approach

Paris, Rome, Brussels and Frankfurt to confront Berlin over growth and the Athens enigma

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s