Encryption is a term used by politicians, mathematicians, and computer scientists alike. Perhaps you have heard it referred to by presidential candidates as a “problem” that needed to be solved via governmental oversight and regulation. It is feared as a type of magic that might kill our soldiers and poison the minds of our youth into joining terrorist organizations. With the overwhelming wave of negativity exuding from the public sector, you might think “Encryption” is the name of a Star Trek villain, or perhaps a cancerous off-brand cola. Thus, we must ask the question: does this perception at all match reality?
To understand the fear behind encryption, it is helpful to understand exactly how it works. The most common form exists as a two way scrambling technique that obfuscates (encrypts) information on one end and de-obfuscates (decrypts) it on the other. This information is encrypted with a key: another piece of information used as a mathematical code from which the main piece of information is encrypted and decrypted. Importantly, just as in a normal door, only that key can decrypt the information once it has been encrypted. It safely “locks” the information away from normal consumption until the person with the correct key comes to “unlock” it. The key holder then becomes an important entity with respect to the information it is controlling. When a key holder happens to be protecting time sensitive information such as plans for a terrorist attack, getting to that holder becomes extremely important. Unfortunately, such a key is usually virtual or held abstractly by a computer program that also may have generated it as well. For example, when you are purchasing that heavy faux-fur coat on Amazon needed to withstand Andrews University’s Arctic winter, your browser will generate a key, handshake securely with Amazon’s server(s), and then throw away the key once the transaction is complete. This process happens billions of times each day!
So what does a government agency do when they need to access encrypted data in order to gain information about potential security threats? After the 2015 San Bernardino shootings, the FBI needed to gain access to the deceased perpetrators’ iPhone 5C in order to determine further terrorist involvement. To do so, they asked Apple Inc. (Apple) to help them unlock the phone by creating a new kind of operating system (OS) software with a built in entry point (commonly referred to as a backdoor) that law enforcement could use to access the phone. Apple refused on the grounds that such a modification could be used by hackers to gain access to other iPhones and thus posed too high of a security risk. A legal war ensued but was abruptly ended when the FBI announced that it had succeeded to break into the phone by using a vulnerability present in older phones. The game had been won by the failure of old technology.
Let’s face it: encryption is a fixture of modern society. Unless we decide to stop using Amazon, Etsy and Netflix, encryption has become an irreplaceable part of our lives. Technology is in flux, and the titans that fight for and against us will most likely be trying to outpace each other for years to come. The clearest way forward is then to forge ahead with security research, aiming to create increasingly secure programs and identify vulnerabilities in existing ones. Encryption isn’t magic: it is a powerful tool that can be used for both good and evil. Our time will be best spent using it effectively for good, not attempting to destroy it.