Law in the Internet Society

End-to-end Encryption: The Way Forward

-- By YiShinLai - 07 Dec 2019

When Phil Zimmerman first made available to the masses Pretty Good Privacy, an end-to-end encryption program, in 1991, he seemed to have been ahead of his time. Internet, in most countries, were in its infancy stage and e-commerce as we know it today was virtually non-existent. Internet privacy was therefore virtually unheard of. Those times, people had to queue up at a bank in order to cash their pay checks in. They had to buy their groceries at their local grocer with cold-hard cash. The concept of privacy (and indeed life) then was simple. As long as nobody was tailing you, you were safe. Closing the doors and shutting the curtains to your house literally meant shutting out the world.

As the number of users of the Internet exploded throughout the latter half of the 20th century and into the 21st century, privacy was no longer confined to one’s four walls. Information flowed in and out of the house through Internet cables linked to bigger ones built by telecommunication companies. Spying no longer involved physically tailing someone. Looking at what was flowing through the cables drew the attention of commercial technology companies ready to monetize the data. For Governments, it meant control over its citizens.

Hacking as a solution to encryption

Mr Zimmerman’s foresight into the future was a thorn to any Government’s intent to surveil its citizens and those whom they had an interest in. Instead of being able to instantly intercept every message or transaction a person does on the Internet with a click of a mouse, it was significantly more difficult to find out what a person was doing behind a computer with end-to-end encryption. This was, however, not to say that it was technically impossible. With sufficient resources, Governments were still able to hack into the source, i.e. the device used by their target, by doing something called “man-in-the-middle attack” which is essentially impersonating a message recipient so that messages are encrypted to their public key instead of the one the sender intended. In cases that warrant special attention, Government agencies will attempt to crack the encryption itself.

But chief amongst the multi-faceted concerns of the Governments wanting to know more, if not everything, about its citizens is the issue of cost. Hacking into devices and decrypting an encrypted message involves significant resources, and such targeting and focused actions are not scalable. You sure can do it for 100 people, maybe even for 1000, but not millions. In short, it would take too much for Governments to use technology to battle technology. This conundrum has led Governments to take the easier option. Eliminate end-to-end encryption by first eliminating the people behind them. When that did not quite achieve the desired effect since the technology was already out on the Internet (and it was politically difficult to make people “disappear”), the Government worked to put into legislation laws that either disallow the use of end-to-end encryption or for a backdoor to be created so that only the Governments may enter for supposedly “virtuous and holy” reasons.

Encryption legislation: Law enforcement at the expense of individual privacy

Such a “solution”, as the Government terms it, has been consistently argued by them to be in the public’s interest. How would you like child sex predators, murderers or would-be rapist to prowl the Internet unmonitored, asks Big Brother. This rhetoric, started during the Clinton Administration cumulated in an attempt to affix the Clipper chipset, invented by the National Security Agency, onto telecommunication devices supposedly to help encrypt voice and data messages, which sounds good, only to be told that a backdoor was available to the Government. Instead of learning from how that proposal spectacularly flopped after companies and individuals started to boycott the chipset for its gross infringement on privacy, it is somewhat surprising that deputy attorney-general, Jeffery A. Rosen, had in July 2019, renewed calls that the Government was looking to revive the enactment of a similar program. This time, the Government knows that it has to repackage the idea out of fear that rights groups will come with spears ready to hunt. Under the guise of “attempting to control the wide powers” of big technology companies such as Google, Facebook and Apple, the Government intends to force, or in Mr Rosen’s words “cooperate with” big tech companies such as, to either hand over the keys through a Court order or to provide a backdoor to encrypted devices or data.

This puts into sharp focus the competing interests: one of law enforcement versus individual privacy. The Government argues that having data delivered to its doorstep unencrypted will have solve, prevent and predict crimes. This, in my view, is a complete fallacy. Remember how we had alluded (above) to the Government’s ability to hack into one’s computer to obtain the necessary information, and that it is all down to cost? There is therefore no reason why the Government, or its affiliates (think NSA), cannot do those if there was a real need to. Not only did the Snowden leaks show that NSA had the ability to infiltrate a target’s laptop to reading encrypted data through the control of its operating system, a more obvious example was when the Government declared that “a contractor” managed to break the passcode to the iPhone of the San Bernardino shooter after attempts to harangue Apple to give up its backdoor failed.

Using encryption to protect our privacy by increasing the cost of our data

What then do all these mean for us and our privacy? One way to protect our privacy from tech companies and the Government is for us to make it as costly as possible for them to get our data. Only when it no longer makes economic sense for profit-driven companies to collect them will they hopefully give up spying on us. While there are many things we can do, at the very basic level, we should start by encrypting all our online interactions.

More applications, similar to those we regularly use, must come with end-to-end encryption. Alternatives to services that regulate social life has to offer the same (or better) user experience. It has to acclimatize to a style of use which is consistent with the current ecosystem of technology In recent times, some applications with end-to-end encryption have started to spring up and are fast gaining popularity. They range from messaging apps such as Wicker and Signal, to search engines such as DuckDuckGo? , and web browsers such as Tor (which can automatically change your public IP and the Internet circuit every 10 seconds literally making it seem like you are serving the Internet from all over the world). While these big technology companies, like the Government, may still be able to get into your phone if they want to, it is more assuring that they are, at the very least made to work for it.

Not using applications with no end-to-end encryption and moving to applications which has it (and no backdoors) would hopefully send a clear signal to the tech companies that what we want is for our data to be protected. If done at a sufficient scale, it will force big tech companies to re-think how data is being collected, and fundamentally re-shape their business models. Indeed, applications like WhatsApp? and Google Duo have incorporated end-to-end encryption not because they want to (since it would hurt their revenue not being able to spy on you) but because they see people starting to move out to other applications such as Telegram which offers encryption. However, such a shift requires a significant volume of users acting in tandem. It would require a collective awareness as to how our data is being pilfered every time we are on the Internet, and a realization that such a practice is inherently harmful to us, something not everyone cares about.

Changing the mindset of the masses to start using encryption

How then do we change the mindset of the masses? In some parts of the world, perhaps re-education camps may be the answer. There, the “right way of thinking” will constantly be imbued into the psyche of people who “cannot think for themselves” through indoctrination, repetition, and discipline, with the hope that they can change. But what about a society where its people pride itself on being able to supposedly weigh the advantages and disadvantage before choosing what is best for themselves? Education do not seem to work since we still down bottles of Coca-Cola knowing full well that the high amount of sugar is unhealthy for us. We still smoke cigarettes knowing it will cause lung cancer. We still drink alcohol knowing it will cause kidney failure. Maybe governmental action through legislation? No, since individual privacy has never been the Government’s priority, and not when the relationship between Facebook and the White House cannot be described better than with the word cozy.

For the love of. For the love of his children, a father stops smoking. For the love of life, we stop consuming excessive sugar. What inherently is most important to you when it comes to privacy? For the love of being able to use the Internet for exactly the purpose you want to without being distracted by advertisements. For the love of saving time by not having to watch ads before a YouTube? video starts. For the love of exchanging information freely with another person without fearing being spied on. What is your for-the-love-of on the Internet? Because that may be taken away from you soon if you do not start protecting it.


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.

Navigation

Webs Webs

r1 - 07 Dec 2019 - 06:20:17 - YiShinLai
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM