Encryption of correspondence, cannot be prohibited?

Cryptography as the art of encrypting text, maintaining the confidentiality and integrity of messages has about four thousand years of development history. Much of it tells the story of a fierce battle between cryptographers, who invented ever new ways to hide the meaning of messages, and cryptanalysts who revealed their true content, a dramatic battle that had serious historical consequences. Formerly unfolding in secret laboratories and institutions, today the struggle for cryptography has taken on an even greater scale and a new character.


Military secrets

The importance of the development of encryption technologies for the military is well illustrated by the cracking of the codes of the German command by Bletchley Park specialists during the Second World War. A plot known for The Imitation Game and The Book of Ciphers by Simon Singh.



A still from the film "The Imitation Game". Benedict Cumberbatch as Alan Turing, British cryptographer who cracked the code of the German Enigma encryption machine during World War II


Ironically, computers originally designed for decryption evolved over time into computers that formed the foundations of the information economy of our time, and dealt a devastating blow to their creators.


The encryptors, having received colossal computing power at their disposal, got rid of the need to design the most complex mechanical encryptors like the Enigma machine and implemented algorithms that were previously inaccessible for use due to their complexity.


Modern ciphers are so perfect that their decryption takes an unreasonably long time, from ten years to thousands of years, depending on the complexity of the algorithm and the key length. This property of modern encryption makes it reliable protection for any information and makes the work of cryptanalysts extremely difficult.


New confrontation

Previously, strong encryption algorithms were used exclusively to protect state secrets, but in the last decade of the twentieth century, such algorithms have become ubiquitous thanks to a single person - Philip Zimmerman.


In 1991, this American programmer published a proprietary email encryption program called Pretty Good Privacy (PGP), so advanced that its encryption has not yet been cracked.Philip Zimmerman, American programmer, creator of the PGP email encryption software package


For three years, the programmer was prosecuted by the US authorities, but was acquitted. While the litigation was going on, it became clear that the genie had been released from the bottle.


All interested computer users have at their disposal a tool that can protect their messages from interception. The active development of public computer cryptography began, and with it a new confrontation arose.


Cryptologists and cryptanalysts did not stop their work, however, a struggle between civil society and the state unfolded around encryption.


The conviction of the need for encryption has found a solid foundation in the form of article 12 of the Universal Declaration of Human Rights: “No one may be subjected to arbitrary interference with his personal and family life, arbitrary attacks on the inviolability of his home, the secrecy of his correspondence or his honor and reputation.”


At the same time, purely commercial interests contributed to the active introduction of encryption. Companies have long felt the need for reliable communication channels. Encryption has increased the security of communication in the World Wide Web and acted as a catalyst for its development.


Encryption has become a significant competitive advantage for Internet companies as it enables secure money transfers, remote access to file storage, and the sale of goods online.


However, in addition to the positive, progress has a downside, like opponents of the spread of encryption, whose number in government agencies has only increased over time.


When people talk about limiting the use or prohibiting strong encryption, they usually talk about all kinds of criminals, from lone hackers to terrorist groups. In order to protect society from them, the security services must have access to citizens' correspondence, according to concerned law enforcement officers.


A good illustration of what this position leads to is a set of anti-terrorist amendments to Russian legislation known as the Yarovaya package. Despite the widespread resonance and the one hundred thousandth petition on the website of the Russian Public Initiative, it was adopted and has already partially entered into force.


Government bans are a new trend

Since July 1, 2018, the law requires "organizers of information dissemination", which include almost all Internet resources and services, from Yandex to Telegram, to store information about the facts of receiving, transmitting, delivering, processing messages, as well as data for a year. users participating in the correspondence on the territory of Russia, and upon request, transfer it to law enforcement agencies.


Similar laws apply in other countries. Everyone knows the example of China, whose residents' communication on the Internet is tightly controlled, but this country is no exception. China seems to be the most striking illustration of global trends.


After all, for example, the British authorities from the beginning of the century have required citizens to issue encryption keys under threat of criminal liability. Even in the United States, home to the world's largest Internet corporations, there is a heated debate over the right to encryption.


Society for encryption

At the international level, the United Nations is studying this issue. In a May 2015 report, the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression David Kay unequivocally assessed the human right to encrypted correspondence, describing it as an essential tool for maintaining privacy and freedom of expression.


The UN was unequivocally in favor of encryption and separately emphasized that the right to encryption can be limited only in exceptional cases, which must be reflected in laws in a clear and unambiguous manner.


This approach seems to be the most sensible and balanced, because the question of using encryption ultimately comes down to assessing the ratio of risks. Which would be wiser: to allow ubiquitous encryption and lose the ability to track terrorists by viewing correspondence, or to sacrifice the privacy of citizens?


The first seems preferable, and there are a number of reasons, organizational and technological:


it is extremely difficult to control the legality and validity of interference in the private life of citizens. A good confirmation of this thesis is the fact that the British special services have been uncontrollably collecting confidential data on the citizens of their country for 17 years ;

it is impossible to separate encryption of correspondence from other types of secure communications. Similar approaches are used to transfer files, remotely connect to computers, protect programs from being copied, and make money transfers. Limitations on encryption ultimately affect the security of all of the above. Any vulnerabilities left in encryption algorithms in order to provide special services with access to transmitted messages will sooner or later be discovered and used by other persons;

encryption tools are well known and widely available. The ban on the use of encryption of correspondence in instant messengers and other public services does not in any way change this fact. With the introduction of bans, law-abiding citizens and their data become more vulnerable, while intruders do not care about laws, they will continue to use encryption as before;

instant messengers, e-mail, voice, text, video chats on various platforms, online games, comments on millions of articles on millions of resources - it is extremely difficult to take control of all heterogeneous types of communication operating on the basis of the Internet infrastructure without disrupting its normal operation. In addition, modern technologies allow hiding not only the content of a message, but also the very fact of its transmission, for example, hiding an encrypted message in a file with a photo or audio recording.


To summarize the above is the famous quote from the developer of the RSA encryption algorithm, Ron Riveston: “It is bad to indiscriminately ban a technology just because some criminals can use it for their own purposes. Cryptography is a data protection tool, just like gloves are a hand protection tool. Cryptography protects data from hackers, corporate spies and fraudsters, while gloves protect hands from cuts, scrapes, heat, cold, and infection. The former can prevent the FBI from eavesdropping on telephone conversations, and the latter can prevent the FBI from finding fingerprints. Both cryptography and gloves are cheaper than a steamed turnip and are everywhere. "

No comments

Powered by Blogger.