Business Unusual

Who should be allowed access to your encrypted data?

Following the deaths on Westminster Bridge in London on 22 March and the news that the attacker had used WhatsApp minutes before the attack began saw the UK Home Secretary call for access to encrypted messages to be made available to authorities for occasions that justify it. It is not a new call and many other agencies around the world have suggested the same.

It seems reasonable, but misses the basis of how and what encryption seeks to do. No encryption is totally secure (quantum options come the closest though). However, creating a backdoor, in effect, renders the entire system insecure.

Confused? Here is how it works...

Our privacy is safeguarded with security measures. These include physical security like a fingerprint scanner or with access control like a password. Then there is data stored on a device or the contents of a message that is transmitted. This is where encryption comes in.

You could encode your message using a cipher to change the contents in a specific way.

Consider “Safe” is our message and our cipher was to replace each letter with the next in the alphabet which makes it “Tbgf” - it is meaningless unless you know how to use the cipher to decode it.

Using a code as we did here is also not very safe. Should it be intercepted someone could try many codes until it made sense. Computers are capable of testing many types of codes very quickly to, in effect, crack it.

Encryption limits access to the contents of a message using a formula for an equation.

There are two parts: the “public key” which is the means to create the equation and the “private key” which is the only one that can solve it.

The means to create the equation is shared with anyone, which allows a message to be encrypted, but only the person that created the key pair will be able to decode it.

Encryption as is used by services like WhatsApp uses the two keys, a public and a private key, the two parts of the equation.

When you wish to send someone a message, WhatsApp encrypts it on your phone using the public key for that message. It can’t be directly unencrypted because it is a number equation that is practically impossible to solve by testing possible options.

A very simple version would be to consider the number “15” as your public key and the equation “3x5” as your private key (they are typically prime numbers), it is easy to see that 15 is equal to 3x5 which unlocks the file.

The actual numbers are much bigger, hundreds of digits long, proving them is easy, solving them is very hard (if you are a regular of Business Unusual, you will recall how the blockchain uses a similar technique).

So how would a backdoor work?

Strictly speaking if a backdoor can be created, you enable another way for anyone to workout how to decrypt that file.

Authorities would like to think they could keep that method safe, but given how many people would need to get access to it, and that it existed would be public knowledge, the system could be compromised and rather than increasing security, you effectively remove it.

The error occurs with our understanding of how locks and keys work in the real world. A lock can have more than one key, but that key can still only open that one lock.

If someone were to make a master key, you would need to make all locks the same way and that one key would open everything.

There is very little security in a system that allows for a master key, so authorities requesting a master key are not only not likely to make their citizens more safe, they are likely to make them more vulnerable.

There is a reason we should be calling for even more security because most users are unable to keep up with the functionality of their devices and this ignorance makes them more likely to be compromised by suspect apps, or people physically gaining access to their phone.

This is a basic summary of the issue and it does not address what could or should be done to limit the use of services like this by those that will break the law or cause harm.

There are no arguments to say people should not get access to cars because they could run people over because we understand the relative threat versus benefits cars provide. However, because most of us have a limited understanding of digital security it seems justified to believe the current solutions are practical ones.

So the best answer to the question posed at the beginning (who should be allowed access to your encrypted data?) remains, for now, no-one without your express permission.


Recommended

by NEWSROOM AI
Read More
Pandemic - of all potential threats, the smallest may prove the most lethal

Pandemic - of all potential threats, the smallest may prove the most lethal

Despite extensive plans, we may find ourselves in big trouble with a disease x outbreak

Could the web get any worse?

Could the web get any worse?

While things look bad, it also suggests things can only get better.

Kylie Jenner - the 22-year-old billionaire

Kylie Jenner - the 22-year-old billionaire

Using what you have to build a modern billion-dollar business

TikTok - the best free interactive social video creator

TikTok - the best free interactive social video creator

Just because it is free does not mean there is no cost though

The World in 2056 based on Blade Runner

The World in 2056 based on Blade Runner

The movie is set in November 2019 and was released in 1982, what will the world look like in another 37 years?

Fundraising in the 21st Century

Fundraising in the 21st Century

Philanthropy was coined 400 years ago and for much of it, help came from the few that had the most to assist those that didn’t.

Popular articles
SA's Zozibini Tunzi simply the best, crowned Miss Universe 2019

SA's Zozibini Tunzi simply the best, crowned Miss Universe 2019

The 26-year-old is the third South African to be crowned Miss Universe and has made the country proud.

Want to start a small business? Lessons from a successful serial entrepreneur...

Want to start a small business? Lessons from a successful serial entrepreneur...

The Money Show’s Bruce Whitfield interviews Nic Haralambous, founder (at the cost of R5000!) of funky sock company Nic Harry.

Considering emigration? Financial planner discusses the affordability of leaving

Considering emigration? Financial planner discusses the affordability of leaving

Can you afford to leave South Africa? Certified Financial Planner (CFP) Barry O'Mahony on what to consider before deciding.

'SAA’s collapse plays nicely into hands of a politically constrained Ramaphosa'

'SAA’s collapse plays nicely into hands of a politically constrained Ramaphosa'

After dithering for fear of spending political capital, SAA is now out of the President’s hands, says Pieter du Toit (News24).

'Clearly those DA councillors that voted with ANC are expecting a reward'

'Clearly those DA councillors that voted with ANC are expecting a reward'

Unisa political analyst professor Lesiba Teffo weighs in on the elections that happened on Wednesday at the Johannesburg council.

There is no Ubuntu in how Khanya Cekeshe has been treated - Thuli Madonsela

There is no Ubuntu in how Khanya Cekeshe has been treated - Thuli Madonsela

Former public protector says the eight-year sentence was too harsh and it shouldn't matter that he was not a Wits student.

‘South Africans are getting poorer and poorer because of politics’

‘South Africans are getting poorer and poorer because of politics’

SAA is a classic example, says Isaah Mhlanga, Chief Economist at Alexander Forbes Investments.

[WATCH] Couple dancing in traffic has social media talking

[WATCH] Couple dancing in traffic has social media talking

Khabazela shares tweets and Facebook posts that have gone viral.

How to make your first R1 million (after that it just becomes so much easier)

How to make your first R1 million (after that it just becomes so much easier)

Rich. Wealthy. Financially free... Call it what you will; the first million is how you get there. Warren Ingram on his book...