14 Jul 2017

Encryption: It's not just for governments, it's for everybody

  • Written by 
  • submit to reddit  
Cracking the code: not a power to be used lightly Cracking the code: not a power to be used lightly Shutterstock

Quis custodiet ipsos custodes? More and more, governments seem to be calling for backdoors to be established into encryption programs in the name of public safety. Phil Rhodes thinks this is a bad idea.

Let's allow a cat to dance on the keyboard for a few seconds:

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<x+d*lmla^*ln%0]dsxx++lmln dsm0<j]dsjxp"|dc`<="" p="">

Those two lines of code implement a cryptographic system in the Perl programming language which is sufficient to give even government agencies pause for thought in their efforts to understand what people are saying to one another. It was written to be an email signature, essentially a piece of political activism intended to demonstrate that attempting to control cryptography by limiting access to the code is a cat that's long since escaped the bag. That two-liner, and the associated campaign, dates from the mid-90s. Unfortunately, governments seem not to have been kept up to date, with high-ranking politicos lining up to take a swipe at the public use of strong encryption.

In the production side of film and television, encryption is rare. Only one major equipment manufacturer routinely encrypts all files, and they don't do it for the good of the user. Movie distribution has used, and continues to use, various types of encryption, but anything that makes it even harder to make workflows work is generally worth avoiding. Because of this, it's tempting to think that changes to the legal status of strong encryption aren't likely to make much difference to people in film and TV. Even if Martin Niemöller hadn't written his famous poem, that's simply not the case.

Anyone who uses the internet regularly uses encryption. That remains true despite political soapboxing suggesting that the only reason anyone would use encryption is to hide foul play. If you buy things over the internet, have a bank account (whether or not you use internet banking) or rely on, say, insurance or a pension service, you are a happy user of encryption. Many phones encrypt things well enough that the spies had to go cap in hand to Apple for a solution.

And it's worth being absolutely crystal clear that it is quite literally impossible to put any sort of security-targeted backdoor in the sort of encryption that's used for these jobs without compromising it for all tasks. The direct corollary of this is the TSA-mandated locks on airline luggage, to which only the TSA are intended to have the key. Naturally, the master key design leaked almost immediately and the locks are now completely insecure. A backdoor into the sort of cryptography routinely used on the internet would almost inevitably suffer the same issue: make a key to the city, and all the world's robbers will dedicate themselves to obtaining it. It is a terrible idea.

The mores of professional politics have enmeshed this issue in layers of rhetoric, but at its core it is a technical issue, and one that's fairly easy to understand. The mathematics of encryption are not subject to political whim. Few would object to the idea that the communications of criminals should ideally be available to those charged with investigating crime, but that's an ideal, and there are costs to either choice, possibly costs that involve people's lives in either case.

That isn't necessarily a fact that's easy to like at a time like this, and yes, people's lives rest on these decisions. None of this is said lightly. However, as Feynman said, reality is not subject to public relations. Factoring very large prime numbers cannot be made easier by law, no matter how good a public speaker the proposer of that law is, and it would not be a good idea if it could.

Phil Rhodes

Phil Rhodes is a Cinematographer, Technologist, Writer and above all Communicator. Never afraid to speak his mind, and always worth listening to, he's a frequent contributor to RedShark.

Twitter Feed