Q&A: The importance of encryption

1.       What is encryption and why is it important? 

Encryption is the process of making content unintelligible to anyone or any device without the proper keys to unlock that content. It is important because every time we use a device on the internet we leave a digital footprint that is accessible to those that either want to monetise this information and or those that wish us harm (e.g. terrorists, hackers etc). Encryption, if implemented the right way, puts you back in control over who you allow to view what information.

2.        Is encryption a good thing or a bad thing?

Encryption is an important tool. The important point is to ensure that it is implemented in such a way that it can’t be used for bad purposes, only for good. The abuse of this tool may result in actions that are evil. Equally, if your medical provider is using encryption to store your health records, then it’s a very good thing. It’s down to society to implement encryption responsibly.

3.       Why should ordinary people be bothered with encryption?

Do you leave the doors of your home unlocked and open? We all expect privacy in our homes unless the law has been broken and even then enforcement agencies require a court order to enter. The internet does not offer the same level of privacy that we enjoy in our homes. Our data is under continual scrutiny by advertisers. Our pictures are misappropriated. Our private messages are put into the public domain. Encryption offers a means to redress the balance, and restore online privacy.

 4.       What are the dangers of building government backdoors into encryption products?

There are numerous risks:

·         a  ‘bad person’ could gain access to the backdoor and hence all your data;
·         backdoors make systems more complicated and increase the risk of errors in what honest users are doing;
·         backdoors can threaten the democratic process. Imagine for instance an internet voting system; to have secret ballot voting it is essential that government does not have a backdoor.
·         interoperability across borders. Do backdoors match each other, will overseas customers want to buy products with a foreign government’s backdoors in it, and the list goes on.

Rather than a seemingly ‘big brother’ approach to gaining access to personal data that could be deemed as ‘always on’, the appropriate solution should be transparent. By using a system of legitimised key escrow, authorities have the necessary powers to gain access to specific information, while ensuring an individual’s privacy is intact.

 A system like this is just an online implementation of the already accepted process of law enforcement requiring a warrant to gain access to a person’s home.

5.       Why is there so much debate about encryption and privacy at the moment?

There are two very strong themes. First, terrorist groups are using encrypted messages to organise their activities. Second, we're seeing a growing number of vital public services being hit by cyber attacks. In short, there is a significant cyber threat to national security.

 UK Home Secretary Amber Rudd has stated it is "unacceptable" that internet companies should, "provide a secret place for terrorists to communicate with each other," and has met with technology companies with a view to obtaining access to encrypted messages. This has alarmed many members of the technology community, who have pointed out that any weakening of encryption standards could seriously undermine the UK's ability to compete in online services. Many ordinary citizens are also alarmed about the possible prospect of mass, indiscriminate snooping. No one has yet put forward a balanced solution – so the debate continues.

6.       Should there be a limit to online privacy? 

This is a question for civil, legal and ethical authorities and the answer would vary across the globe. There may be a disparity in government policy across differing countries the access of personal information. What is important is ensuring a uniform technical solution, globally together with the unified interoperable government policy.

7.       Is there a way to balance people’s privacy and the need for government intervention?

Yes. The use of well-known and accepted cryptographic cyphers with acceptable policy controls and legitimised key escrow is the answer. This enables internal and cross-border laws to be balanced with civil rights.

 After considerable search and thought, Scentrics offers a solution using acceptable and recognised cyphers and has made them accessible to developers through their SDK.

8.       What is the next stage to encryption and privacy?

There is a change happening in the way that society views online privacy. For the first time there is a viable, low cost technical solution that is scalable to the masses. It makes the service of privacy simple. A one click solution. It leverages the already existing assets in the ecology of the internet and thereby does not intrude on asking the user to invest in assets to make this work. Considering the heightened sensitivity of this issue amongst all areas of society – we see the world adopting this technology to have control over their ‘digital personas’ (in other words our digital footprint).

Importantly this will deliver the right balance of protecting civil ethics and national security. A legacy infrastructure that we know to be the internet which was never born to cope with the current challenges it faces now must incorporate this new IP within its skeleton just as it did some 28 years ago by allowing for a hypertext protocol which we all know and cherish as the world wide web.

Jerome Mohammed, Operations Director, Scentrics
Image Credit: Yuri Samoilov / Flickr