A postcript on the encryption misrepresentation

In the latest “New Scientist” (page 11 of the print version) this heading caught my eye

“Spies may be gathering encrypted data to crack with a future quantum computer”.

It seems even though today’s 007s (and doubtless others who swim in the same waters) cannot crack certain types of strong encryption they believe one day they will. In anticipation of that moment they are “harvesting” (stealing) encrypted messages and squirreling them away.

Quantum computers could be the tool that provides the key. Usable quantum machines might be here soon. Very soon. Many of the commercial secrets, personal transgressions and goodness knows what would then become viewable and might still have some value or at any rate have the potential to cause embarrassment, loss or create danger.

I have already written about the fraudulent privacy promise being made to promote  the wider use of strong encryption but having read the New Scientist piece I thought I had better take up my virtual pen once more because here is an additional angle.

Strong encryption is being promoted as a guarantee of safe passage to whistleblowers. A subversive weapon to topple tyrants etc. You know the drill. 

I acknowledge that the use of strong encryption could provide an incremental increase in privacy, but the word “incremental” is an important qualification. It is very different from “complete” or “absolute”.

For those individuals and platforms seeking to persuade us that the wider use of strong encryption will lead inexorably to the sunny uplands, in my last blog I suggested they should try to be a bit more honest and transparent. I even suggested a strapline which I would now like to amend.

From now on all marketing materials, public statements or advertising in this space  should say something like this

“Strong encryption will provide you with a bit more privacy but don’t forget when you are online you are never really private. And pretty soon as tech advances some people will be able to read your messages anyway. You have been warned.”

It seems boffins are “working on” algorithms that are safe from quantum computers but “working on” is not the same as “have developed”.  Moreover, who is to say whether or to what extent such a solution, if it were to emerge, could and would be applied retrospectively, reaching into every pocket where the stolen data were being stored?

So my last point is a rather obvious one: when people planning to introduce strong encryption to their platforms tell you they recognise strong encryption will mean they are wilfully depriving themselves of the ability to protect children but they are doing so in order to give end users greater privacy, they are not telling the truth, the whole truth and nothing but the truth. They are spinning a line.

 

 

About John Carr

John Carr is one of the world's leading authorities on children's and young people's use of digital technologies. He is Senior Technical Adviser to Bangkok-based global NGO ECPAT International, Technical Adviser to the European NGO Alliance for Child Safety Online, which is administered by Save the Children Italy and an Advisory Council Member of Beyond Borders (Canada). Amongst other things John is or has been an Adviser to the United Nations, ITU, the European Union, the Council of Europe and European Union Agency for Network and Information Security and is a former Executive Board Member of the UK Council for Child Internet Safety. He is Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was appointed a Visiting Senior Fellow at the London School of Economics and Political Science. This was renewed in 2018. More: http://johncarrcv.blogspot.com
This entry was posted in Internet governance, Privacy, Regulation, Self-regulation, Uncategorized. Bookmark the permalink.