Tag Archives: encryption

It’s becoming abundantly clear that politicians don’t understand encryption, and this is a problem

UK home secretary lashed out at encryption, saying that it’s not for “real people” and that only “terrorists” use it. This point of view is not only blatantly wrong, it’s also dangerous. Let’s see why.

A simple depiction of how end-to-end encryption works — only the sender and the receiver have the decryption key. No middle way is possible. Image in Creative Commons.

The duct tape that holds the internet together

In recent years, technology has often developed faster than society can keep up. Using bank cards instead of cash must have seemed like an abomination a while ago (and probably still does to some people), but it’s become the norm in most of the world. Paying for things on the internet? Seemed scary at first, now everyone’s doing it. Using a smartphone instead of a bank card probably seems highly insecure to most people, but it’s very popular in China. Cryptocurrencies like Bitcoin were disregarded as a joke until recently, but such opinions have been proven wrong by the thousands who made fortunes by buying and selling them. More often than not, the technology is there, we’re not just ready to trust it yet.

There are several reasons why this happens, but chief among them is encryption. According to Ross Anderson, a cryptography expert at the University of Cambridge, encryption is “the duct-tape that holds the internet together” — and that’s a very elegant way of looking at things. We trust encryption so much that we share our most intimate thoughts to friends on Facebook or Whatsapp. Doctors can even discuss patient care on WhatsApp. We trust the internet with our data all the time, and we also trust it with our finance details. All that is done thanks to encryption, which has slowly become an important pillar in our society — a pillar that politicians now want to tackle with through sheer ignorance.

Politicians try science. It’s not very effective

Amber Rudd in front of the Thames barrier. Image by UK Government.

In an article written in The Telegraph, British home secretary Amber Rudd has claimed that end-to-end encryption is useful only for terrorists, and is not for real people.

“Nearly every plot we uncover has a digital element to it,” Rudd writes. “Go online and you will find your own “do-it-yourself” jihad at the click of a mouse.”

She goes on to say that real people don’t need this kind of security and we should replace it with a half-encryption — kind of hidden, but allowing the government to peek in whenever it wants. Aside from being scarily Orwellian, this is also simply not possible and shows just how little the likes of Rudd understand of the process. Arguably, it’s a difficult concept to grasp, but this level of ignorance can hardly be justified.

Things can either be encrypted or not. Having a backdoor in encryption is basically having no encryption at all (if not worse). Rudd herself ponders this but slashes it with a nonsensical conclusion:

“That might be true in theory,” she writes. “But the reality is different.”

Yeah, that’s totally how things work. Sure, in politics you can lie your way to a new election, but you can’t lie your way to a new physical reality. Rudd does say that she doesn’t want to ban end-to-end encryption, but ends up asking for changes that amount to exactly that.

She isn’t isolated in this quest either. British Prime Minister Theresa May has requested the same thing and in a similar context, ad her Australian counterpart let out this gem:

“The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia.”

Rudd ends her article with a cherry on top, expressing her hope that the Silicon Valley geniuses can fix things. Seems like most interactions between politicians and scientists/engineers follow the same pattern: the former come up with impossible or severely flawed ideas, and the latter have to make things work. In the balance, this ends up affecting all of us, whether we realize it or not. We all cherish our privacy and security, or at least we should.

Paul Bernal, a senior lecturer at UEA Law School, told Business Insider via email:

“Amber Rudd’s comments are depressingly unsurprising — this is part of a bigger trend against encryption that we’ve been seeing for some time — and are based on a fundamental misunderstanding of both the technology and of privacy itself. From a technological perspective, it misses that creating an opening for law enforcement or the intelligence services creates an opening for all kinds of others — from criminals (and indeed terrorists themselves) to foreign powers, to malicious individuals.”

Why this can’t work

Companies such as Google, Facebook, and WhatsApp (now owned by Facebook) have been instrumental in developing end-to-end encryption. Basically, if you send a message to someone, it becomes almost impossible to crack without your approval. No one, not even the company can hack the message — only the sender and the recipient can access it.

This happens because alongside the message itself, the encryption algorithm generates ciphertext that can only be read if decrypted. It usually does this through a pseudo-random encryption key generated by an algorithm. The key to the decryption is only available to the sender and the receiver — so even if someone else were to intercept the message, they wouldn’t have the key to decrypt it. Basically, it would just be gibberish.

This is why what Rudd wants isn’t possible — because it just wouldn’t be encryption anymore. It’s pretty much all or nothing.

It is true that terrorists and other “baddies” take advantage of encrypted services. There’s no denying that. But to say that by forcing Facebook or Google to use half-baked security we would be fighting terrorism is wrong on many levels. For starters, many of those culpable for such atrocities were already known to intelligence staff. It’s not the mass surveillance that’s coming short, it’s the way that information is applied and enforced that needs improvement. Secondly, opening a back door into allegedly secure, private messages is just asking for trouble. MPs, business leaders, even home secretaries all use WhatsApp or similar software to communicate. If the message is accessible, it will be an invitation for hackers to see if they can breach it — and one thing we don’t have a shortage of is cyber attacks. Thirdly, who would guard the guardians? Namely, who will ensure that the government doesn’t illegally spy on its citizens? This is already happening in many parts of the world (yes, it’s probably happening to you too), do we really want to open another way of access for that?

But perhaps more importantly, you can never force all encryptors to leave the back door. As Facebook’s chief operating officer, Sheryl Sandberg, points out, we would just be pushing terrorists into darker corners, where we would know even less about them.

“If people move off those encrypted services to go to encrypted services in countries that won’t share the metadata, the government actually has less information, not more,” she said.

To make things even worse, there are open-access, free encryption services available online. What Rudd is asking for is the perfect way to make sure terrorists start using such alternatives, and this is where surveillance gets drastically harder.

This is also something that the people don’t want — not even those who voted to put Rudd and May into power. Mass surveillance is a fundamental threat to human rights, and while it’s more important than ever to tackle terrorism, it’s not here that more work needs to be done.

Still, Rudd says that “legislation is always an alternative.” It would be possible, in theory, for the UK to bring about the end of encryption. It wouldn’t even be surprising for a government led by the person who wrote a bill aptly nicknamed Snooper’s Charter, forcing Internet service providers and mobile phone companies to maintain records of each user’s internet browsing activity. After all, It would be yet another testament to how little politicians understand — or care about — the realities of a modern world. It also reads too much like a prequel to V for Vendetta to be comfortable with.

The Guy Fawkes mask, popularized by V for Vendetta.

 

Google’s AI just created its own form of encryption

Just two algorithms sending messages to each other – and you can’t peek in.

Image credits: Yuri Samoilov.

After becoming better than any human at Go — which is much harder than chess — and figuring out how to navigate London’s metro all by itself, Google’s AI is moving onto much darker waters: encryption. In a new paper, Googlers Martín Abadi and David G. Andersen describe how they have instructed three AI test subjects to pass messages to each other using an encryption they themselves created. The AIs were nicknamed Alice, Bob, and Eve.

Abadi and Andersen assigned each AI a task. Alice had to send a secret message to Bob, one that Eve couldn’t understand. Eve was tasked with trying to break the code. It all started with a plain text message that Alice translated into unreadable gibberish. Bob had to figure out the key to decode but. He was successful, but so was Eve in decoding it. For the first iterations, Bob and Alice were pretty bad at hiding their secrets, but after 15,000 attempts, they really got better. Alice worked out her own encryption strategy and Bob simultaneously figured out how to decrypt it – and Eve didn’t get it this time. Basically, they succeeded in making themselves understood, while also encrypting the content of their message. It took a while, but ultimately, the results were surprisingly good.

Of course, this is just the basic overview — the reality of how the algorithms function is much more complex. In fact, it’s so complex that researchers themselves don’t know what method of encryption Alice used, and how Bob simultaneously figured out how to decode it. However, according to Andrew Dalton from Engadget, we shouldn’t worry about robots talking behind our backs just yet as this was just a simple exercise. But in the future… well I guess we’ll just have to wait and see.

A carrier pigeon, with a cylinder attached.

WWII code found on pigeon still can’t be cracked to this day

A carrier pigeon, with a cylinder attached.

A carrier pigeon, with a cylinder attached.

In 1982, a local resident of Bletchingley, about 20 miles south of London, found the remains of a pigeon while cleaning his home’s chimney. Among the remains, the man found a red cylinder that contained a single sheet of paper marked with 27 codes, each comprised of 4 to 5 characters, delivered through the famous British Pigeon Service most likely sent from Normandy during D-Day or aftermath. What’s interesting though, is that even after thirty years and massive technological advancements, the code can not be read.

The only parts of the message that could have been deciphered so far are the note’s sender, “Sjt. W Swot,” and its code-named recipient, “xo2″ — believed to be British Bomber Command. As many as 250,000 pigeons were trained by the RAF during World World II, which were organized under a specialized unit called the National Pigeon Service. The birds showed their value on numerous occasions, especially when radio communications were down or ultra covert-operation details needed to be conveyed. A reported  32 pigeons were awarded the Dickin Medal, Britain’s highest possible decoration for valor given to animals, during the war.

The reason why the code can’t be cracked as of yet is because it’s been made using a one-time pad — a method of encryption that is difficult to crack without knowing the key.

“The advantage of this system is that, if used correctly, it is unbreakable as long as the key is kept secret. The disadvantage is that both the sending and receiving parties need to have access to the same key, which usually means producing and sharing a large keypad in advance,” Government Communications Headquarters officials said.

“This means that without access to the relevant codebooks and details of any additional encryption used, it will remain impossible to decrypt the message,” they said.

pigeon code

The pigeon in question was found in a home just five miles away from Bletchley Park, where British WWII code-breakers were stationed. The bird must have felt tired and stopped by the chimney to get warm, noxious fumes may have caused it to collapse and eventually meet its end. Most likely, the message will remain unreadable until a member of the operation, if still alive or able, might offer information towards its deciphering.

”We didn’t really hold out any hopes we would be able to read the message,” said Tony, a GCHQ historian who asked to be identified by first name only, to the BBC. “Unless you get rather more idea than we have of who actually sent this message and who it was sent to we are not going to find out what the underlying code being used was.”

 

 

Truly random numbers might be generated with quantum physics

Does flicking a dice really render a random face? The answer would be no. The dice is governed by large-scale conventional physics and its motion, and thus final position can be determined. You can’t tell where it lands just by looking at it thwirl, of course, but the fact remains it’s not random, and neither is any current computing system that operates in a sequential manner since they work through algorithms, which can all be determined. This means any computer can be hacked, no exceptions. A novel way of generating numbers set-up by Ottawa physicists, however, provides means of generating a truly random number, and with it the key to full proof anti-hacking encryption.

This has been achieved by capitalizing quantum mechanics. At a quantum scale, the motion of electrons and protons is completely and genuinely random, since it doesn’t follow a clear path of cause and effect. You basically have no idea what’s going to happen. If you can measure this somehow, than you’ve got yourself an absolutely random value.

Ben Sussman builds quantum technologies at the National Research Council and is part of the team which is currently exploring this possibility, which could provide enormous security benefits to the military or banking sector, and even, why not, personal e-mails.

“If you want to defeat an adversary who is trying to hack into your system, basically you need large quantities of random numbers,”  Sussman said.

“This has the potential to scale to extraordinarily fast rates, which is becoming more and more important as information networks expand and there are higher data rate requirements.”

How can you tap on this idea? The researchers used pulses of laser light, which only last a trillionth of a second, that were directed through a diamond. The light comes and goes through the diamond, however when it exists it’s changed, since it has to pass through quantum vacuum fluctuations, the microscopic flickering of the amount of energy in a point in space. Scientists can measure these pulses of light that emerge from the experimental set-up, measurements which are the truly random.

“As technologies depending upon random number sequences proliferate, the fact that the numbers are not really random becomes increasingly problematic,” Sussman adds.

“…a truly random number generator will provide impenetrable encryption for communications — be they military transmissions, secure banking, or online purchasing — that underpin the modern connected world.”

via