It feels like 2021 has just started, but we've already seen a number of new encryption recommendations and resolutions make their way through the halls of world government. While some people have suggested that recommendations aren’t legally binding, it’s the core message the latest resoltuions are trying to normalize that should worry people. To sum up their position, in order to protect everyone, no one should have strong encryption.
Why anyone would suggest that people don’t need stronger privacy protections is beyond us, but it’s currently being debated around the world. In a time when access to your information is easier than ever, lots of elected officials are trying to figure out ways to weaken your privacy protections.
This is the first piece in a series where we'll explain some of the important aspects of encryption. We'll start here with some basic implemenations, why encryption is important, and why some people think you shouldn’t have it.
What is encryption?
At its core, encryption is the process of taking readable information and scrambling it around so it’s no longer readable. For centuries, Cryptographers–people that study encryption–have created more and more complicated ways to keep secrets.
For a quick visual example of encryption in action, we’ll use one of the oldest ciphers–the set of instructions that make encryption possible–in existence, the Caesar Cipher. To encode a message, the writer and receiver would agree on a random number, then transpose the letters in the alphabet by that number. For example, if normally A=1, and B=2, etc., transposing the letters by five spaces would make A=E and B=F.
When the receiver gets their note, they decrypt the message by reversing the number of transposed spaces, setting F back to A. Using the number five again, you can quickly figure out that “Gjfwx qnpj mtsjd” means, "Bears like honey".
How encryption protects you online
Encryption protects your most important secrets, like your bank PIN, healthcare information, and anything you don’t feel like sharing with other people. The more we rely on the internet to send and receive information, the more important encryption becomes.
Without encryption, anyone monitoring the network your device is connected to can see everything you do. Every search request. Every webpage and service you connect to. All of that personal information, just out in the open.
As privacy becomes a more important concern for people around the world, companies have started to take notice and bake some level of protection into their services. HTTPS is a good example of an encryption standard that anyone with a website can use to help protect the people that connect to their site. However, HTTPS only protects you if the site owner has properly enabled encryption across the entire site, which many don’t.
This is why more tools are created everyday to protect your text messages, video calls, emails and more. There’s no such thing as a “one-size fits all” encryption solution, and that’s one of the things that makes protecting yourself difficult. It’s also one of the reasons why sweeping changes to encryption standards won't accomplish what law-makers think they will.
Why governments are calling for access to encrypted files
Globally, governments have had growing concerns about the types of encryption tools that are available to criminals. Most off-the-shelf phones come with some level of encrypted protection. Apps like Signal and Telegram are regularly used to protect conversations. Encrypted lockers allow people to safely send files back and forth. All of the consumer-grade security apps on the market help make the average person much safer online, but those same apps can be used by criminals to hide their activities.
The logic seems to be, if criminals are using encryption to hide their activities, it only makes sense to have some way to intercept the encrypted communications of criminals, like the Council of the European Union’s recommendation for “backdoors” in modern encryption techniques. There are A LOT of issues with that line of thinking, however. Perhaps the most obvious question is; if we’re going to weaken encryption to make it easier to spy on potential criminals, what would stop criminals from using the same weaknesses to spy on you?
Golden age of surveillance
It’s been argued, that we live in a “golden age of surveillance”. Countless law enforcement agencies around the world have access to tools that can break the encryption on most phones. Social media sites are happy to comply with subpoenas for information. Websites will gladly hand over connection logs if asked. It’s not an exaggeration to say that encryption isn’t keeping law enforcement agencies around the world from convicting criminals.
It’s also naïve to think that criminals won’t abandon the opensource and consumer encryption algorithms being targeted. Especially when we already know that some of the world’s largest criminal organizations have rolled their own encrypted communications systems for just that reason.
Strong encryption supports your right to privacy
We don’t know what the knock-on effects of recommendations like the Council for the EU will be. The UK, Canada and the US have all openly talked about new recommendations to change encryption, while Australia has passed legislation that allows them to compel people to weaken encryption or face fines and jail time.
This leaves tech companies with a few options, none of which will make life better for the average consumer. Security companies can:
Figure out a way to make encryption that only protects specific people at specific times, which is impossible
Remove their products from countries with anti-encryption laws on the books
Convince the general public that weakening encryption isn’t the answer so they can vote people into power that are in favour of strong encryption practices.
You can make strong encryption the standard
Encryption is only as strong as its weakest link. Traditionally that link has been people. However, if anti-encryption recommendations become laws, there’s nothing stopping criminals from using the same weaknesses to commit crime that law enforcement will use to try and stop crime. We all deserve the right to privacy, and encryption protects that right for everyone from crossing guards to Presidents.
This is where you come in, if you love privacy, and we know you do because you use TunnelBear, then learning more about “backdoor encryption” is an important part of stopping world governments from making laws we’ll all regret. Our elected officials need to know that you support strong encryption, and if they don’t, it might be time for them to look for a new line of work.
Here are some links where you can learn more about both sides of the encryption debate.
- Fortune - "I used to wiretap. This is why encryption backdoors are dangerous."
- Center for Internet and Society - "There's a new anti-encryption bill that's worse than EARN IT"
- US Department of Justice - "End-To-End Encryption and Public Safety"
- PCMag - "Attorney General Calls For 'Lawful' Backdoors Into Encryption"