terça-feira, 12 de janeiro de 2016

Encryption, yes or no?

People have a right to privacy and to protect their lives and personal data in any way that does not compromise the lives of others. Does encryption go against that? Not a chance. Yet recently, we've been bombarded with a myriad of news stories regarding how different governments face encryption and their plans for legislation. Should we push for, or against encryption? For the greater part of the most educated people out there without any government or corporate ties, the answer is a resounding "yes" in favor of encryption. You have an undeniable universal right to protect your personal data and whatever information relates to your personal life. Encryption is needed to protect your bank account details, your medical data, your E-Mails and conversations with your friends, family and lovers. Not only that, strong encryption algorithms are a basic component of the authentication schemes that are employed to make sure that you know you are exchanging information with the correct parties, without someone else either eavesdropping on your communications or being able to corrupt them. The Dutch Government seems to understand this, so why do we see governments trying to ban or weaken encryption, under the guise of ensuring "our" protection and to fight terrorism? In two words:

Dishonesty, hypocrisy.

At the very least, incompetence, insufficient knowledge and narrow mindedness. The current trend is to spread propaganda against encryption, stating that using it is a terrorist behaviour, that terrorists use it to plot attacks. Currently, the most active voice against encryption is France, due to the recent terrorist attacks it suffered. Is banning encryption going to change anything? Not even in a million years. First and foremost, the terrorists that caused the most recent attack in France weren't even using encryption, at least, no meaningful form of it. As far as it is now known, the attacks were coordinated through unencrypted SMSs. France is currently pushing for all device manufacturers and software producers to include backdoors into the encryption algorithms so that the authorities may have a way to impose their surveillance in order to "find terrorists". Two essential and pertinent questions:
  1. Is this going benefit the citizens and keep them safe?
  2. Is this actually going to help catch terrorists and thwart their attempts to hurt us?
No and, well, definitely no. Why?
  1. Banning or weakening encryption on any devices or software is not going to do anything at all to prevent crime or terrorist attacks but it will, however, leave citizens more vulnerable to organized crime, identity theft, privacy violations and many more nightmarish scenarios than we can possibly list or (some of them) even imagine to be possible. If there is a backdoor and the government has access to it, so does everyone else with a minimum of determination.
  2. Legislating the prohibition or mandating the compromising of encryption schemes is not going to prevent terrorists from using it. Let's face it, if laws could prevent crime or terrorism, we wouldn't even be having this discussion, as all potential criminals or terrorists would be at home with their families, or at their jobs (or, in the current economy, looking for one).
Terrorist cells and organized crime groups have expert members in many fields. They are able to build nuclear bombs if they have the materials, they can be inspired enough to learn how to fly planes and crash them into high buildings - so why wouldn't they be able to build their own encryption software, something which is several orders of magnitude easier than building an A-Bomb? Even if the governments had the means to analyse in real time the contents of communications and understand if they were encrypted (and they have, to some extent), there are always ways to prevent it from being detected. Using digital steganography (or even physical steganography, if they decide to go back to using snail mail), they can hide their actual messages in pictures, music files, videos, e-books, saved games, program source code, digital utility bills, an assortment of transaction types, v-cards, social media profile data, ... if you can imagine it, someone can do it (am I giving anyone new ideas? No... this has all been done before and is still being done with considerable success).


To conclude, is there any ACTUAL, palpable reason to take encryption away from the common citizen?

NO. There is no legitimate reason to take encryption away from the common citizen. So, unless the government's (or its elements) intentions are all but honorable, having nothing to do with protecting citizens, and it is only a way to jump on that bandwagon to take advantage of the climate of fear we currently live in and push some other kind of agenda, there's no reason at all. But that's a subject for a whole other discussion.

Sem comentários:

Publicar um comentário