To Encrypt or Not to Encrypt

SpyVsSpyWe are seeing a major policy tug-of-war about privacy on the Internet. On one side are law enforcement and national security agencies that want to be able to monitor everything that happens on the web. On the other side are those that value privacy the most. This is not a new debate and has been going on since the 90s.

Encryption has been around for a while, but it’s generally believed that agencies like the NSA have cracked most existing encryption schemes and are able to readily decipher communications between most parties on the web.

Recently, Michael D. Steinbach, assistant director of the FBI’s Counterterrorism Division, testified to Congress that the FBI has no problem with encryption as long as the government still has access to the underlying data. He thinks that encryption between people is a good thing to keep personal data from being intercepted by bad guys on the web, but he still thinks that there are law enforcement and national security concerns that are more important than individual privacy concerns. The real concern is that encryption will allow criminals and terrorists to go ‘dark’ and evade detection or monitoring.

But the revelation that the NSA is spying on everybody has really upset the technology community that run the Internet. The  vision of the Internet was to be a place for the free exchange of information and many technologists believe that widespread surveillance squelches that. And very few people like the idea that the government knows your every secret. And so we see companies that are working to find ways to make communications private from snooping—including from the government.

Apple is the largest company to take a stance and they have initiated end-to-end encryption on the iPhone. The way they have done this only the sender and receiver of a communication can unlock a given message and Apple is not maintaining any way to crack the encryption themselves. This means that Apple is unable to reveal what is inside customer communications even if served with a court order. I am guessing that one day this is going to be put to a legal test and I can picture laws being passed that stop companies like Apple from doing this. And I am sure Apple will fight back, so ultimately this might have to be determined by the Supreme Court.

But there are other groups working on a privacy solution that even laws might not be able to touch very easily. One such company is Ethereum. This is a crowd-funded group in Europe who is building upon the early work with bit coins to build a decentralized communications system where there is nobody in charge because there is no centralized network hub – there is no company like Apple at the core of such a network. In such a hubless network it’s much harder for the government, or even companies like Google and Facebook to spy on you.

This requires the establishment of peer-to-peer networks that is a very different way of structuring the web. Today the basic web structure is based upon software sitting at specific servers. Things are routed today because there is a massive database of DNS addresses that list where everything can be found.

But Ethereum is taking a totally different approach. They have built apps that find space on millions of customers’ computers and servers. Thus, they are located everywhere, and yet at no specific place. Ethereum is using this distributed network and building upon the block-chain technology that underlays bit coin trading. The block-chain technology is so decentralized and so secure that nobody but the sender and receiver can know what is inside a communications chain.

Ethereum isn’t really a company, but rather a collective of programmers that intend to disband once they have established the safer communication methods. And they are not the only ones doing this, just one of the more visible groups. This creates a huge dilemma for law enforcement. There is a huge amount of web traffic dedicated to nefarious purposes like drug trafficking and child pornography, without even considering terrorists groups. Governments have had some limited success in shutting down platforms like Silk Road, but the systems Ethereum and others are building don’t have a centralized hub or a place where the system can be stopped.

I have no doubt that the government will find ways to crack into these systems eventually, but for now it seems like the privacy advocates are one step ahead of them, much in the same way that hackers are one step ahead of the web security companies.

I don’t know how I feel about this. Certainly nobody benefits by enabling huge rings of criminals and terrorists. And yet I get angry thinking that the government is tracking everything I am doing online. I’ve read all of the sci-fi books that explore the terrible consequences of government abuse due to surveillance and it’s not pretty. I am sure that I am like most people in that I really have nothing to hide. But it still makes me very uneasy to think that we are all being watched all of the time.

5 thoughts on “To Encrypt or Not to Encrypt

  1. It is worth noting that when used properly, experts do not believe that the NSA has broken many forms of encryption. They have found numerous workarounds to effectively achieve that – as when they install backdoors in your system to see everything you do. At that point, encryption don’t much help. But that does not apply to most of us. Actually breaking strong public key encryption remains beyond the likely capabilities of any entity. For people who are interested in these subjects, a great place to start is by reading Bruce Schneier’s work.


  2. As a former Naval Intelligence Officer, I highly recommend everyone watch the German film “Das Lebens Des Anders” (The Lives of Others). Then let us know how you feel about government surveillance.


  3. “[i]t’s generally believed that agencies like the NSA have cracked most existing encryption schemes and are able to readily decipher communications between most parties on the web.”

    You have to be kidding. Take, for example, the instant messenger Threema. Are you trying to tell me the NSA can crack NaCl now?


    • The operative word there is most. According to Snowden the NSA has cracked the most widely used encryption schemes and so the majority of what’s encrypted can be read by them. However, that doesn’t mean everything and now there are dozens of new encryptions schemes being used that they are going to have a hard time cracking. The encrypters are moving back ahead of the NSA, at least for a while. It’s a constant cat-and-mouse game.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s