In March, FBI director James Comey painted an emotional picture for a Congressional hearing, promising widespread use of encryption would cause a dystopia. Encryption, Comey said, is the domain of “those who rape, defraud, assault, or even kill.” Ever since, US intelligence officials frequently have demanded back-doors, or “golden keys” to read any messages sent with devices made by companies such as Apple who have recently implemented stronger encryption practices by default in response to the Edward Snowden leaks. These demands demonstrate a fundamental misrepresentation of modern encryption and its purpose in society, and the scare-tactics that have accompanied these demands show the continued willingness of the American intelligence community to confuse, lie, and bully the public into submitting to their flawed and oppressive surveillance tactics.
To understand the problems surrounding the FBI’s attack on encryption standards, a simple understanding of what encryption is (and what it isn’t) is important. Modern encryption methods such as RSA or PGP rely primarily not on software or technological innovation, but on well-established and proven mathematical principles. In grade school math classes, we might have learned to send secret codes with a Caesar cipher, which involves encoding a message by shifting each letter a fixed length down the alphabet. While Julius Caesar may have confused enemy spies with his encodings, depending on the number of characters in the alphabet, there are a only a handful of possible values for letter shifts, or keys, and a modern computer could try them all and find a “brute-force” solution in a matter of seconds. To solve this problem, mathematicians and computer scientists turned to number theory, specifically the properties of prime numbers. In 1977, MIT mathematicians developed a system called RSA, using large prime numbers to create encryption and decryption keys that had considerably more possible solutions than a simple cipher. These numbers –most security experts recommend they be 512 digits long –can be combined to build keys so secure that it would take even the fastest computers thousands of years to find them.
Understanding the mathematical details of modern encryption is not required to use it safely–in fact, this is one of its major benefits–but what is important is that modern encryption be thought of not as a malleable software product, but as the result of calculations based upon some of the most fundamental laws of mathematics. When intelligence agencies demand a ‘golden key’ to decrypt all the data on a given system, they might as well be decreeing that one plus one is allowed to equal two, so long as it doesn’t endanger national security. Encryption with some kind of public master key just simply isn’t encryption anymore, and this fact makes the FBI’s demands extremely dangerous for many reasons.
Let’s assume that every encrypted service makes a golden key. These strings of bits can decrypt almost all digital communication in the world – communication between cell phones, banks, protesters, dissenters, governments, anything previously considered secure could be read and analyzed. There would be only a handful of files, composed of a few thousand 1s and 0s, that could smash political dissent, open bank accounts, and expose any private network instantly. Any private network of course, except the US government’s. And if those keys were stolen? There is no failsafe in the case of a leaked or stolen encryption key. We can’t turn off math because “the bad guys” are doing the same math.
When the FBI says they want golden keys, what they are really asking for is an end to privately-available encryption. These demands are an attempt to strip people of the right to secure their digital possessions and communications. Comey threatens the American public with impending rape and murder if we do not surrender our right to encryption, but in the 21st century, encryption-breaking golden keys actually leave the public defenseless against all manner of theft and violence that can be perpetrated by having access to our secure data. Living day-to-day safely has become impossible without sound encryption, and so has any method of political dissent. Intelligence agencies demand that we centralize an encryption weakness and then trust them to protect us with it, yet every law enforcement agency, from city police to the NSA, already use their considerable technological capabilities to commit egregious civil rights violations, often in violation of their own laws. The FBI wants certain math to be criminalized, a demand that is at best irresponsible and at worst an almost totalitarian attempt at suppressing dissent in the US and around the world.
(Title image via).
No Comments