Crime: governments in the wrong about encryption

Governments that demand access to private content on the Internet to fight crime are completely wrong.

Encryption: good or bad ?

While governments are calling for weaker encryption to fight crime, the Internet Society is fighting to preserve encryption on the Internet. Why is this so?

Until now, this issue has only been in the hands of specialists or pseudo-specialists, because it is so technical that few understand what it is all about.
However, this right to encryption is fundamental and concerns us all: it is quite simply the right to use the Internet for private purposes. Not respecting this fundamental right could only encourage crime, to the detriment of honest citizens, companies and democratic governments. Explanation.

Everything on the Internet is public

The Internet is nothing more than a global public data exchange network, so public that everything on the Internet is public.
Anyone can send a message to say “Hey, I’m John Smith”, that’s the spam problem. Anyone can also intercept messages on the Internet that may contain payment data, for example, or worse, alter legitimate messages to change the amount and destination of funds, for example.

In short, the Internet was not designed as a “private” network: everything is public.

Private use of a public network

In everyday life, we need to exchange private messages on the Internet, whether it is a purchase or payment order, a photo to family or friends, or whatever. How do you exchange a private message on a completely public network?

It’s very simple: you encrypt the message, encoding it in such a way that only the sender and the legitimate recipients can read the message. This is the principle of encryption. And even better: thanks to encryption, it is even possible to ‘sign’ those messages, in order to ensure that they really come from the person you think they are.

This principle is widely used in e-commerce and allows you to shop securely on your favourite shopping website.
However, it is underused in e-mail, causing the many spam, phishing and other threats.

Eavesdropping rights

Governments have always had the means to intercept communications, usually in order to protect the nation and its citizens. Thus, some letters could be opened in sorting centres, or phone taps set up. This “right to listen” is generally associated, in democratic countries, with control and authorisation by the judicial authorities, in order to avoid abuse.

Today, few communications are made by letter, and phone calls are replaced by other tools such as Whatsapp, Viber, Snapchat, Telegram, Signal and many others. So it seems natural that governments would want to retain the same prerogatives as before.

But there is a fundamental difference. Postal or telephone networks are fully managed by an organisation and protected. For example, it would not be easy to intercept a postal parcel to steal its contents and replace it with a bomb.

In contrast, the Internet is an entirely public network: anyone can access anything, and it is very easy to intercept content, or even to modify it to add a virus, for example. In this context, the right to privacy (encryption) is a fundamental necessity. Without it, there would be no e-commerce, no privacy, it would be the jungle with all its dangers.

A (bad) solution: the banning of privacy

The demand of many governments, in the context of the fight against crime, is to weaken the objective of inviolability of private communications via the Internet. In other words: weaken encryption, make the “private” a bit more “public”, less protected.

This is a very bad idea. Here are two reasons among others.

  1. First, because, unlike traditional networks (post, telephone…), criminals also have access to the Internet, and sometimes even more easily than some governments. By weakening the right to privacy on the Internet, it would make it even easier for criminals to intercept confidential information from honest citizens and companies and to blackmail them.
  2. Secondly, let’s be clear: criminals on the Internet will continue to use strong encryption, while law-abiding citizens and businesses will not. The proof is in the exponential increase in cases of “ransomware”, malicious software that encrypts all your data, personal photos or business information, and demands payment of a ransom in order to provide the encryption key.

In the end, with the noble objective of fighting crime, the effect will be the opposite: to reinforce it. Only the criminals will have the right to privacy.

Which solution?

The solution to the problem of exceptional access to private data is not to be found on the public Internet, and certainly not by asking to make private messages a little more public. The mistake is not to understand the technology.

In the case of letters sent by post, interception of mail on the postal network was the only valid option, along with searches. With the telephone, it is already possible to tap either the telephone network or the phone itself. With the Internet, the only option should be to tap the devices, not the network.

The proof is in the pudding: how can radio communications be intercepted? The “Enigma” case is very telling in this respect. During the World War II, the Nazis exchanged confidential information by radio. Like the Internet, the radio network is entirely public: anyone can put on a radio receiver and hear the communications being exchanged. So how did Alan Turing crack the Enigma system used during the WWII? By asking the Nazis to encrypt their communications a little less well, or to send a copy of the codes to the British Admiralty? Of course not! Alan Turing attacked the transceiver itself, the famous Enigma machine.

With the Internet, it’s the same thing: acting at the level of the network or the data exchanged on the public network is completely inappropriate.
On the contrary, the use of encryption should be strengthened, particularly to combat issues as spam or phishing.

C.Q.F.D. (what needed to be demonstrated)

Photo by Matt Seymour on Unsplash

Leave a Reply

Your email address will not be published.