No end to end-to-end encryption

Tuesday 01 December 2015

Sorry folks, but that cat’s out of the bag and putting it back in isn’t an option, even if we wanted to.

I’ve recently written on the heat that companies offering strong encryption as part of their services are getting, in the wake of security threats and especially the terror attacks in Paris. End-to-end encryption means that no one except sender and recipient are able to read messages, including the companies that provide the hardware, platforms and apps, like Apple. Various governments have expressed their concerns about this, arguing that it gives criminals a ‘safe place’ to operate online. It's a subject of perennial interest to bitcoiners, who naturally favour free speech and limits on the power of the state.

 Security

One person's privacy is another's security threat

Read also: Islamic State’s $3 million bitcoin wallet

It’s true that end-to-end encryption does make it extremely difficult for security services to access communications, which is why they’ve talked about all kinds of ‘solutions’ to the problem, from putting back doors in the algorithms to banning the use of such encryption, so that they can still gain access to the messages in question if they want (and, they invariably stress, through the right legal process).

But the fact is, it doesn’t matter. None of these solutions will work, for the simple reason that none of them can work. And that’s because the problem isn’t ultimately about rights and laws, it’s about maths and software.

Too easy to do

It is extremely easy to create software that will encrypt and decrypt messages using public key encryption - an extremely powerful technique that is used in bitcoin itself. All of the recent noise about Apple and Google is just the government starting somewhere easy. The reality is that terrorists don’t really use WhatsApp or these common platforms much; they download one of the many thousands of programs that are freely available for the job.

You can’t stop people using these, because they’re all over the place. It’s not a question of stopping a company offering a particular service, it’s about eradicating software from the web - software that is very easy to make and even easier to share.

How easy? Well, I’m no hotshot developer but I can cobble together a few simple lines of Python - and that’s all it takes. If even I could come up with something after an hour of research and tinkering - albeit something pretty rudimentary - then imagine what someone competent could do. That’s what it makes no sense to even try banning this stuff. It would be like trying to ban long division or calculus. Or like trying to ban bitcoin, when the software is out there on a hundred thousand different computers, any one of which can upload it to a new site for everyone else to copy.

The genie is out of the bottle; you can’t un-discover the maths that makes secure communication possible. We might as well get used to it.


comments powered by Disqus