The Dark Art of Encryption
28.6.2017 securityaffairs Krypto
The current crisis of encryption is in part due to a lack of intelligence. The governments of the UK and Australia are talking about bans, regulations, requirements and other legal structures to address the perceived problem of “going dark”.
The problem, inside the nutshells that are the May and Turnbull governments, is that encryption allows [evil-doer name fill in the blank here] to communicate where the legal authorities cannot monitor them. Thus, due to the lack of intelligence, the May and Turnbull governments propose to find some way to regulate encryption.
When I mention lack of “intelligence” I am not making reference to the collection of information of military or political value. I am using intelligence in the traditional form of the ability to acquire and apply knowledge. To those who have been placed, elected or seized power, understanding the technology is less important than trying to wrestle with its consequences.
Thus, for arguments sake, I will try to keep this simple for the simple minded leadership. If the value 1 represents your message and the value 4 represents the secret code key then 1 plus 4 will give you the coded message 5. To decode the secret message simply apply the reverse by subtracting the secret code key 4 from the secret message 5 and you obtain the original message 1. As shown below:
SIMPLE ENCRYPTION
1 = message
4 = code key
1 + 4 = 5 coded message
5 – 4 = 1 decoded message
The question for the political and ruling caste is – exactly how are you going to regulate that?
The obvious answer is you can’t. Thus, the dilemma the ruling elite have found. In order to stop the [evil-doer name fill in the blank here] from using encryption you must ban math and pray the bad guys have not already graduated from elementary school.
It would seem that to ban encryption is a futile effort. However, that does not seem to stop the clueless political caste from trying. It is almost like Galileo fighting the Pope. Yes, I understand the church is all powerful and can cut my head off but that still doesn’t stop the Earth from revolving around the sun.
Thus, the ruling caste has focused their bans toward the so-called providers such as WhatsApp, Telegram, Signal and others. The problem with this selected approach is that all you do is stop the general public from having the advantages of encryption while the evil-doers will simply cook up their own, something that ISIS and Al Qaeda have already done.
What does the May and Turnbull governments get out of this fruitless endeavor? Not much other than use the boogie man “technology” as a way of scooping up some of the ignorant voters into thinking they are safe… until the next attack. Simply put, they are playing on the technophobia of the public which is often mirrored in their own technophobia at failing to understand what can be explained with a first grade math problem.
In fact, even the more totalitarian minded regimes in Moscow and Beijing are rapidly growing frustrated at their inability to regulate math. It would seem that the general public in all nations are better served if the master wasn’t always clued in on everything being said behind their backs. So far the only government on Earth which seems capable to addressing the problem is North Korea where all users are registered and all computers are closely monitored.
Therein lies part two of the problem of encryption. The academic and information security communities have long kept the encryption magic in a special box away from the public. It is this form of wizard artful dodging that has created the clueless elite and even more clueless users.
Many in both technical communities act like elite snobs of their own caste, refusing to use any encryption that has not been “verified” by open source code. This is ironic since they demand the encryption code to be open and free for all to use (steal) while the computer operating systems code they are designed to run on remains proprietary and a very closely guarded secret. It is similar to demanding to know the exact molecular makeup of the ketchup for your 12 course dinner which is being prepared by a secret team of chefs using secret ingredients and classified cooking methods.
The other part revolves around the geek fad syndrome of wizards. The latest fancy of super-duper code systems has often resulted in getting people burned. The community went gaga over the Dual Elliptical Curve encryption security and even allowed the US government to turn it into a standard, little knowing that the NSA had already broken the coding system. Thus, the fad syndrome laid the foundation for a whole generation of obsolete and vulnerable hardware and software.
All this brings us back to the heart of the 12 course meal – your computer operating system. The source code to your operating system, with few exceptions, is not available and for all practical purposes remains a black-box. This box has been hacked twelve times over since last Sunday. Many of the hacks are done by the very same “intelligence” agencies now demanding the easy – but useless – solution of banning encryption.
Unfortunately, these boxes are now hooking up to all sorts of things like airplanes, the power grid, water plants, sewage facilities, the stock markets, cars and even the lowly toaster. They also hook up to things like nuclear power plants and major weapon systems like missiles, bombers, and aircraft carriers. The recent CIA hacks put on for display by Wikileaks are a clear demonstration that the digital world we have built is only as safe as the boxes and their security systems.
The only chance we have is to encrypt as much as possible or we are doomed. The only way to survive in the future may be to go dark.
“A dark world where nuclear power plants can’t be hacked is safer than a bright world in which they can,” Bruce Schneier.