Privacy postponed?

Classic computers, the ones we are all using today, do not have the processing power to break strong encryption, at least not within any kind of realistic timescale. Any content that has been hidden using strong encryption can therefore only be seen by whoever has the key (who can see the metadata is another matter but let’s not over-complicate this).

Strong encryption ensures your medical records are safe from prying eyes. Your messages to your secret lovers will never be seen by anyone but them, details of your manufacturing processes cannot be filched by your competitors, your bank balances remain hidden and all the rest of it.

Once you are using strong encryption you can chill. No evil Government agency, tyrant, crime syndicate or hacker, nobody, can reach you or see what you are getting up to without your knowledge and consent.

At any rate that’s the sales pitch

I have pointed out before this is a misleading manifesto because of the imminent arrival of quantum computers. True enough nobody knows “how imminent” they are. Could one already be here and be in service but we just don’t know about it? Unlikely. Will we know when that moment arrives? Probably. However, once here, these machines will, in a matter of moments, crack any and all forms of strong encryption currently being used by us, consumers, or likely to be used by us for years to come.

Do not read New Scientist

If you are of a nervous disposition I suggest you do not read an article in the “New Scientist” of 21st May “Quantum-safe encryption delayed”. Here I learned a new acronym: SNDL. It stands for “Save Now Decrypt Later”. The point is your business competitors, foreign powers and goodness knows who else might well already be capturing encrypted data and storing it in anticipation of the moment they will be able to read it, courtesy of quantum computers’ immense power.

Turns out only eleven days before the New Scientist article appeared Google had put out a call for everyone urgently to switch to ” quantum-safe” forms of encryption. The problem is, and this was part of the point of the first article I referred to, getting the final dots and commas in place is creating difficulties with a bunch of lawyers (what a surprise).

I’m sure the legal bits will be ironed out soon enough and there will then be agreed standards for quantum-safe encryption going forward. But what about the little matter of the stuff you’ve already sent or will send before your App provider starts using quantum-safe programmes? Will the new standard be capable of being retro-fitted? What about material that has been downloaded and stored offline with an air gap?

So I am not making an argument against the deployment of strong encryption. What I am really doing is asking the messianic privacy zealots to dial it down and be more honest. They are engaged in a tactical and likely temporary fight against various legislative measures which several democratic governments around the world are bringing forward to address a series of genuine challenges being thrown up by the easy availability of strong encryption in mass consumer spaces.

But think about those people who might believe the unqualified rhetoric. The words coming from the mouths of apparent experts. They could find themselves in a very bad situation in the not too distant future. And for them that bad situation might well turn into the opposite of temporary.

About John Carr

John Carr is one of the world's leading authorities on children's and young people's use of digital technologies. He is Senior Technical Adviser to Bangkok-based global NGO ECPAT International and is Secretary of the UK's Children's Charities' Coalition on Internet Safety. John is now or has formerly been an Adviser to the Council of Europe, the UN (ITU), the EU and UNICEF. John has advised many of the world's largest technology companies on online child safety. John's skill as a writer has also been widely recognised.
This entry was posted in Default settings, E-commerce, Internet governance, Privacy, Regulation, Self-regulation. Bookmark the permalink.