Julius Caesar was known to have used cryptography to send out secret messages during his time. The Roman statesman would take the last three letters of the alphabet (x,y and z) and move them up to make them the first three letters of the alphabet. Thus, when compared to the original organisation of the letters, each letter has essentially moved three steps along, so that ‘X’ becomes ‘A,’ ‘B’ becomes ‘Y’ and so on. With this system, coded messages could be sent back and forth veiling its content to those unaware of the clever rearrangements and scrambling of letters in place.
This complex system, what the world recognises as encryption, is one of the major, and indeed one of the most secure, ways in which data is protected from spies, hackers and unwanted snoopers, and is not a new phenomenon. Encryption consists of a mathematical algorithm that scrambles plain text into an indistinguishable form known as cypher text. This then can only be decoded by the selected devices intended to receive or permitted to view the encrypted data.
Encryption is what is used to secure messages as they are sent and received between two devices or more. More specifically, the mechanism used is what is called end-to-end encryption, of which Apple implements in all of its IOS devices.
This process consists of a device, be it a smartphone or a tablet, generating unique public and private keys which are capable of decrypting and as well encrypting messages. Public keys can be shared with and viewed by other users and devices, whereas private keys remain on the individual devices and are never unveiled.
When two devices communicate to each other via text message, the combined use of both private and public keys create a temporary shared public key, which is erased and regenerated frequently to ensure that the conversation cannot be decrypted later on. This shared key is used to encrypt the message while in transit, and the public keys are used to confirm the legitimacy of that shared key. An unwanted snooper or any other third party can, thus, see messages have been exchanged but cannot see its content.
The only way third parties can unveil the contents of those messages is by accessing the data through what is known as a backdoor, of which there are two types. The first is where the company responsible for designing the security mechanisms in the first instance provide a list of private keys to law enforcement agencies, essentially giving them access to any encrypted data. However, the problem with this is that if the list were to fall into the hands of the bad actors online, which is likely given the pernicious digital environment that exists, personal data could be stolen, corrupted, deleted and more; the list goes on.
Alternatively, another, and perhaps even worse kind of backdoor, involves deliberately creating weaknesses in the encryption formula or code through which agencies can exploit to access data anytime they need it. Again, the flaw of this method is that it exposes users to the inevitable and omnipresent dangers of cyberspace, as hackers may eventually find this opening and exploit it as they please.
Thus, this is the dilemma law enforcement, security agencies and governments all over the world face. They have the genuine intention of establishing greater security and safety for citizens yet face unprecedented formidable obstacles. There is the difficulty of getting tech companies to comply since any of the backdoor methods can put everyone in danger even when only specific data is meant to be accessed. In addition, they flirt with stepping on civil liberties. In this debate, privacy is the central issue; smartphones, tablets and devices of the modern digital age contain so much sensitive information in one singular place, and so it understandable why privacy advocates and data protection agencies alike are concerned about governments having access to such a gold mine of information. But encryption, which is improving constantly, has made it difficult for security agencies to access the data before implications on user privacy are even fully considered.
The attacks in Paris and the San Bernardinho shootings from last year have added fuel to the fire. It has brought up the question as to whether security should come before privacy or vice versa. This has split regulators globally on the issue; Europe remains committed to preserving privacy and protecting citizens from any governments attempting to abuse their powers and alternatively the US is more concerned about fighting terrorism and so favours measures designed to bolster national security though such positions have softened after the Snowden revelations in 2013. The UK stands somewhere in-between, recognising the value of both ideas, though, as a close ally of the US, perhaps is more fond of the national security argument. However, the imperfections of the proposed surveillance laws in the UK have been highlighted by DPAs as well as MPs and lawyers, which will make it difficult to pass. The bill alludes to the use of backdoors, which suggests that perhaps the UK government is being forgetful of the malicious hackers which will pounce on the vulnerabilities of such proposals.
Another possible alternative to the dangerous backdoors is the creation of supercomputers powerful enough to unscramble the complex numbers and keys veiling data. As ideal as this may be, it may not be as easy as that; the construction of such a computer would require those with the skills and expertise, as well as the resources and money to embark on such a project.
It may be better to focus on obtaining the skills and resources for a different objective, one of collaboration. It would perhaps be better for governments to work with those who already have the resources, skills and knowledge in the relevant industries; the private sector. Those from the tech industry, working with governments, politicians and lawmakers, educating each other on the issues they face and working together to come to better solutions would certainly be better for the outlook of technology and society. If there is to be any chance of continuing to benefit from the great innovations in technology which have had such drastic impacts, then collaboration like this is absolutely necessary.
Though it remains to be seen whether this can be achieved. For now, short-sighted legislation and aggressive lawsuits cause the debate to become even more polarised. Hopefully, it will eventually result in greater unity, making technologies like encryption less of menace.