Encryption: do you really understand what it means?
Encryption has become a hot topic in recent months, but from my experience, remains something of a mystery in many people’s minds. I have to say that as somebody who teaches technology, which means having a good enough understanding of it to be able to explain it using accessible terminologies, I am still surprised how many people still think of it in terms of classical cipher, which is to say that with a password, an algorithm, or some kind of device, it is possible to decipher communications. I am prompted to write this in light of the case of a Brazilian judge who has ordered the country’s telecoms providers to block WhatsApp because he just cannot understand that the company cannot give him access to messages sent by alleged drug traffickers. A significant part of the general public — who usually are not precisely experts in cryptography — also believes that if the courts need to see our emails and texts they should be allowed to.
The development of Data Encryption Standard (DES) and public-key cryptography, or asymmetric cryptography, in which a pair of keys is used to encrypt and decrypt a message so that it arrives securely; along with increasingly powerful computers, means that a simple, free tool such as WhatsApp can encrypt a conversation through automatically generated keys for each of the messages we exchange, so that neither the message or the keys remains in the possession of the company managing that tool. In fact the company wants nothing to do with the data, because if it did, then it would become the weak link in the chain. The upshot is that technology is the guarantee of our fundamental right to privacy, above and beyond any restrictions our governments might try to impose.
Can you picture this? Every “Hey, dude” we send on WhatsApp, Signal, Telegram or other simple and free tools generates automatically its own set of asymmetric keys, gets encrypted to the point that you’ll need the most powerful computers on Earth working several years to try to decrypt it, and those keys get deleted immediately, so that the only way to read the message is in the original device that sent it and in the one that received it, but never in between, never along the way, not even by the company that provided the channel. You can sue the company to oblivion, but no matter what you do, they will never be able to decrypt it for you, because this is technically impossible. Does it sound like overkill? That’s exactly the way we need to understand it works nowadays.
From a purely taxonomic perspective, restrictions on the privacy of communications can be seen as unacceptable in a democracy, or it can be seen as acceptable in cases involving serious crime. It doesn’t really matter whether we reject the former and largely accept the latter: from the moment that it is technologically unacceptable, simple to use and cheap to provide end-to-end encryption, there is no sense in talking about exceptions to privacy.
In other words, lawyers and lawmakers need to understand that it is now IMPOSSIBLE to access encrypted information. It is not technologically possible to un-encrypt something. We have moved on from the Enigma machine of World War II.
And of course the government that decides to ban the use of encryption technology is simply going to persuade more people than ever of the need to use them. A judge can order Facebook to close down WhatsApp, but there are now so many other tools to encrypt communication, many of them open source and free, that it would make no sense at all to do so.
Quite simply, the availability of end-to-end encryption to the general public is a game changer. Until we see some major leap forward in technology, for the moment, the messages sent through apps such as WhatsApp cannot be retrieved. As said, technology cannot be un-invented. And the sooner we grasp this, the sooner we can all move on.
(En español, aquí)
