Why we need to start thinking about encryption as math
AUSTRALIA’S controversial plan to introduce anti-encryption laws is now at the center of a global debate on striking a balance between national security and privacy. It’s an age-old dilemma, but what’s perhaps more interesting is how it has had the unintentional effect of launching the world into a conversation about the nuances of encryption technology.
When discussing encryption, Prime Minister Malcolm Turnbull, whose government is pushing for the aforementioned laws, said an encryption “backdoor” was “a flaw in the software program that perhaps the developer… is not aware of, and that somebody who knows about it can exploit.”
Listening to him, one gets the sense of their lack of fluency in the technology of encryption; Turnbull himself told Fairfax he’s “not a cryptographer”.
Their incoherence on the issue suggests Turnbull and his attorney-general, George Brandis, like many others, don’t understand how exactly encryption works. They have stated they’re looking for “lawful access” and the obligation technology companies have to cooperate with enforcement efforts.
However, as many commentators have pointed out, the truth is much less simple than it sounds.
Kevin Yeung, a consultant with global technology company ThoughtWorks, said there were multiple options technology companies and governments could consider, including outlawing encryption, providing governments with exclusive encryption keys and implementing backdoors.
Each of these is pretty terrible, according to Yeung, for their own reasons: outlawing encryption would fundamentally weaken our ability to protect our information, while handing an encryption key to government authorities would become a major target for hackers.
“We could give the key to the government, but that makes the government a magnet for hackers,” Yeung said to Tech Wire Asia.
“We know historically, governments are not great at keeping secrets either.
If the key is compromised, it’s chaos for everyone, everywhere.”
The implementation of “backdoors” would have the general effect of weakening the overall structure of an encryption outfit. The majority of encryption implemented by technology companies is end-to-end, which means even the companies don’t have access to the key required to unscramble messages between individuals, effectively locking out third parties seeking access.
— Oliver L (@eey0re) July 4, 2017
However, as Yeung explains, the encryption deployed by operators can’t be tweaked without ruining the overall architecture of an encryption program, thus weakening the capabilities of an encryption software to protect information from malware actors.
“Encryption weakening is not going to work because modern day encryption is based on mathematics,” Yeung said.
Much like mathematics, if you collapse a single aspect of an equation, you collapse its entirety. Encryption’s logical structure is built upon the assumptions made in mathematics, not the least because encryption itself is based on the mathematical discipline of factorization of huge numbers.
“It’s built off factoring large numbers, which can’t be easily done.”
Modern day numbers are hard to factorize, in a way small numbers like, say, 24 aren’t, thus making it technically unfeasible for hackers to decrypt these codes fast enough. Should tech companies begin introducing “backdoors” or downplaying the effectiveness, they run the risk of exposing their users to all kinds of cybersecurity issues.
“You can’t make it good for some people and bad for others.” – Yeung
The rhetoric being employed by politicians at the moment is exposing a fundamental misunderstanding about how encryption works and could be detrimental to many parts of our digital life. Yeung said if the ability to encrypt information was lost, we’d lose things like e-commerce, blockchain technology, and autonomous transportation.
“It’s terrible idea, I’m not sure its going to work,” he said. “There’s a few ways governments can make it work, but the stuff Turnbull wants to target are Facebook and WhatsApp, companies based in the United States.”
“If the Five Eyes countries band together, it’s going to be interesting.”
- Australia moves towards mass surveillance with facial recognition database
- Nearly 1,600 Aussie retailers face collapse as Amazon’s arrival looms
- Australia: Amazon pushes further into APAC with new warehouse, country manager
- Why you should worry democracies are turning against tech companies
- Australia proposes laws to compel technology companies to disclose encrypted messaging