After the recent terrorist attack in London it was reported that the criminal has communicated with someone shortly before using the encrypting program WhatsApp on his mobile phone. The encryption made it impossible for the investigators to inspect the communication. Soon afterwards the British Home Secretary with the unoriginal notion that encryption on the internet should be made illegal.
Yes we all would like the police investigator to know all about what the criminal is doing. However can that be achieved without substantially destroying the worl we live in?
Is it a new idea?
It is not: In the 1990‘s Phil Zimmerman in the U.S. – on his own, without any professional backing – created the magnificent encryption software PGP enabling any PC to encrypt any content in a very strong way – and made the software available to the whole world. A discussion sprang up what is more important: the increase in freedom and privacy of decent people (some of them under oppressive regimes) or the risk of abuse by organised crime. The U.S. government tried to prosecute Phil under some guise for several years but failed. It effectively admitted that encryption and secrecy is a legitimate function and the governments can do nothing about it.
In the meantime several similar cases have transpired where investigators and spies of different sorts longed for the encryption functions used by their suspects to be somehow penetratable but with no success.
How secure is contemporary encryption?
Today‘s encryption technologies available on most computers or phones are way more powerful that those that decided the outcomes of World War II. Any student of “Information Theory” learns that any cipher can be broken – it is only a question how much it will cost in terms of effort and expense. For good ciphers the cost should be astronomical.
It is not possible to make a cipher permeable for law enforcement and impermeable for others. Any back door prepared for the police investigator would drastically cripple the strength of the cipher as a whole.
An effective encryption is widely available and there are many creative ways of making one’s messages secret on the internet. There are even ways of hiding encrypted content somewhere where no one will be looking for it – like inside an image. And there is a multitude of such possibilities. If some ways are outlawed creative people will find new ones.
The architecture of the Internet is helpful in these efforts by providing users with multiple various methods of free communications and giving governments few ways of controlling that communication.
How widespread and important is encryption nowadays?
A politician has made an infamous remark on TV: “Have you ever used encryption? I have not” He was certainly unaware that he was using encryption every time he turned on his mobile phone or browsed an article on Wikipedia.
(Hint: If the address field in your web browser begins with https:// where the “s” is of importance then your browsing is encrypted)
Some time ago the Putin’s regime was trying to censor the Russian Wikipedia by blocking access to some articles it considered wrong. However because Wikipedia encrypts the web communication with its readers the “censor” could not determine which article is being transmitted and whether it should be blocked. And blocking the whole Wikipedia is something that not even Putin had the courage to do.
And the banks are very specific: They depend totally on encryption and in the best interest of their clients they tend to be very strict and picky about technology.
Can encryption be outlawed to prevent abuse by criminals and terrorists?
Should the lawmakers of some state try to forbid the usage of encryption technologies on the internet they would be starting on a path of much destruction: First of all they would have to deal with the workings of banks which are vitally dependent on cryptography and very unwilling to compromise. Next they would find themselves in opposition against the whole digital industry which would have to change the whole staus quo to comply with such a legislation.
And the terrorists? They would probably hitchhike on the work of rebelling creative individuals and soon would find new ways of hiding their communications.
So the answer is: The governments could try to regulate the encryption but will never reach their goals. Just as they could not legislate water to flow uphill.