Bastian Heinlein

@bahe007

Forbidding Strong Encryption Is Dumb and Dangerous! Here’s why!

Hopefully our encryption will never look this old (https://static.pexels.com/photos/277574/pexels-photo-277574.jpeg).

You still remember when the FBI wanted access to the iPhone in the San Bernedino case? It may seem like a story from a long time ago, but it was 2016, not even two years. These days we have to stand up for encryption again and again, because a lot of people want to abandon it for infamous or at least unsophisticated reasons.

So, who wants to forbid, bypass or weaken encryption?

1. Amber Rudd, British Home Secretary

Chris McAndrew [CC BY 3.0 (http://creativecommons.org/licenses/by/3.0)], via Wikimedia Commons

During an interview with the BBC she made her point of view clear: “But on this situation we need to make sure that our intelligence services have the ability to get into situations like encrypted WhatsApp”. While she doesn’t clearly say it, her demands require to end secure encryption and replace it with encryption that can be bypassed, maybe with a backdoor, if they’d become reality.

2. David Cameron, Former British PM

By Tom Evans [OGL 3 (http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3)], via Wikimedia Commons

He demanded that there “should be no means of communication” that “couldn’t be read” by government in a speech. As end-to-end encryption or secure encryption in general doesn’t allow access to the encrypted material, these techniques can’t go conform with his opinions, therefore, in his world, a truly secure communication can’t happen.

3. Thomas de Maizière, German Home Secretary

By A.Savin (Wikimedia Commons · WikiPhotoSpace) (Own work) [FAL or CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons

The Home Secretary joined the ranks of British conservatives demanding the end of secure encryption during a speech, when he said that German authorities “must have the ability to encrypt or bypass encryption”.

4. Donald Trump, President of the United States

By Gage Skidmore from Peoria, AZ, United States of America — Donald Trump, CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=56646275

While the San Bernedino case was still important, Donald Trump stood in solidarity with James Comey and the FBI and their demands to get access to iPhones. He even called for an iPhone boycott and started to use an iPhone some months later.

5. Barack Obama, Former President of the United States

By Center for American Progress Action Fund from Washington, DC — Barack Obama at Las Vegas Presidential Forum, CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=3337481

Even the liberal Barack Obama wanted backdoors in encryption in 2016: “I suspect the answer is going to come down to how do we create a system where the encryption is as strong as possible, the key is as secure as possible, it is accessible by the smallest number of people possible, on a subset of issues we deem is important.”

Why do they want to forbid, bypass or weaken encryption?

Officially: To protect the citizens from terrorism

All five argue (more or less) same: They want to protect the citizens from terrorism, allow security agencies to investigate as deep as possible in cases of terrorism and prevent terrorism in the future.

A similiar argument is that they want to prevent the existance of even more legal vacuums in the internet that could occur through strong encryption and the unability of law enforcement agencies to investigate there.

Inofficially: Politics.

But it’s not as easy as that. Abolishing strong encryption is a great topic for election campaigns as well. At least for conservative parties, like the Tories, CDU or Republicans it is a great way to come up with easy solutions for the terrorism problem.

Young electors tend to vote more liberal, like in Great Britain, during the last election 63% of all adults between 18 and 34 years old voted for the left Labour party, on the other hand 59% of all adults older than 55 years voted for the Conservatives.

A German survey revealed that older people tend to be more afraid of terrorism, with 57% of adults between 50 and 64 years old saying they’re afraid in oppsite to just 36% of the between 18 and 29 years old adults.

Therefore, it’s a great option for conservative parties to offer their voters an easy solution to their fear of terrorism.

Who else doesn’t like encryption?

Cyber criminals

Cyber criminals are the ones profiting directly from insecure connections and servers: they would need much less effort then nowadays to make money with illegal actions like blackmailing or identity theft as they wouldn’t have to come around encrypted servers or communication.

By the way, they usually don’t attack the encryption directly because they are this secure, but the implementation of the encryption in the applications that use it.

Foreign intelligence services and companies

Industrial espionage causes losses around 50–100 billions Euros solely in Germany each year. That’s at least 1/34 of the German GDP. An important part are so-called “Advanced Persistent Threats”, technologically highly advanced and elaborated cyber attacks. A reason why they have to be this advanced is a strong encryption of data on company servers. Therefore, it’d helpful for foreign companies to access (almost) unencrypted data from companies. The ones profiting would be the countries encrypting their data.

Dictators

An important characteristic of a dictatorship is total surveillance of the citizens in order to find people trying to raise up against the system. Hence, it’s great for dictators if there is no more encryption or at least less development of new, secure encryption.

Why we shouldn’t forbid, weaken or backdoor encryption

Encryption protects consumers

The more information companies have about their customers, the scarier it becomes. Data gives companies hints about traits, disabilities or psychologically disorders that could be exploited by companies in order to sell more products or making them addicted to their products. End-to-end encryption, if properly implemented, allows a secure communication that can’t even be read by the company providing this service, e.g. Apple can’t read messages sent over Messages as they are securely encrypted.

Encryption protects citizens

Having access to almost unlimited data about every citizen would open the possibility for a dictatorship. It’d be the requirement to turn a democracy into a fake democracy or even a dictatorship. Without quantum encryption it’s not possible to notice if a message was unencrypted or copied by anyone during its way to the recipient. Therefore, the government would have potentially unlimited access to data about all the citizens (if they were willing to act illegally), which is nothing a liberal democracy should promote.

Encryption protects our democracy!

Encryption protects us from cyber criminals

Think about what you share via WhatsApp, Messages, Facebook Messenger or Snapchat. That’s private data meant only for you and your communication partners. Some of it is maybe even an opportunity for cyber criminals to blackmail you, if they had access to this personal data.

Identity theft is another important topic: We save our passwords in password managers, have personal information stored in the cloud and most of us use PayPal or similar services. That’s a great opportunity for cyber criminals to steal your identity, at least if everything was stored unencrypted and easily accessible.

Encryption protects the global economy

According to adweek.com, e-commerce generates 1.2 billion dollars every 30 seconds. This amount of transferred money is protected by strong encryption preventing cyber criminals, foreign intelligence services and terrorist from throwing us into chaos.

Encryption protects our government communication

Yes, governmental agencies use encryption as well, and honestly, it doesn’t seem like they are aware of this. Foreign countries are very interested in breaking this encryption in order to get access to e. g. defense plans.

The only reason why most of the cyber incidents could happen because of a wrong implementation of encryption and not a wrong encryption is that there are lots of people at work trying to crack it. Encryption is based on math and to prove it’s secure, you essentially have to prove that it is not not secure. To do that, you need a lot of highly educated persons willing to do that.

If nobody has a benefit from secure encryption except the government, probably almost nobody will think about it, therefore, forbidding encryption for companies or private person would make it less secure for all, including the government.

In the end, it’s not only a question of deciding between security against terrorists and freedom, but also one of deciding between security and insecurity.
Topics of interest

More Related Stories