Éibhear/Gibiris

Update
I've added another post, intended to be read after this one, outlining how not only will government efforts to reduce the usage of encryption not work for its intended purpose, but that the real affect will be to innocent people doing innocent things.

There is yet another story in the news about how the US Government is trying to compel a voice messaging service to break the encryption on the service for the purposes of an investigation.

There are many reasons why this is a bad idea, and many explanations as to how investigative bodies like the FBI could get around such problems. I'm just going to cover one issue here: it's pointless.

There is a very long (and growing) list of strong encryption algorithms.

There are 7.5 billion people on the planet.

The cost of a computer (including the software required) to develop a system that uses any one of those algorthims – or to develop a new one – altogether can be as low a €100-€200 (or lower), and the cost to rent one from one of the cloud hosting providers can be as low as less that €1/day.

Encryption is just mathematics, so a new algorithm can be invented using a pencil and paper anyway.

There is no government in the world that can stop all those 7.5 billion people from availing of the option to spend that small amount of money to develop such critically useful software.

Telling Facebook that it can't use strong encryption doesn't stop Google from using it. Telling Google and Facebook that they can't use it doesn't stop Microsoft. Telling Facebook, Google and Microsoft doesn't stop Amazon, etc.

Telling all companies based in the US that they can't use strong encryption doesn't stop companies in Canada from doing so. And then there's France, and New Zealand, and Russia, and Zimbabwe and all the other countries in the world.

Even if you could achieve the ridiculous "ideal" of having all countries in the world pass legislation to ban strong encryption, do you really think that subversive civil liberties groups or organised criminal groups would just stop there?

Over every communications channels can be built another. For example, it's possible to put an encrypted message into a sealed envelope. Some might think that sealing the envelope is enough security, but others may want the additional protection. It's possible to send encrypted messages over SMS. It's possible to send encrypted messages in e-mail. It's possible to send strongly-encrypted messages over a channel that pretends to be encrypted but isn't because some authoritarian government has passed a law, and those messages will be as difficult to decrypt as the voice messages over Facebook Messenger currently are.

Literally, it's pointless, and also a tremendous waste of time and money. So: stop. Spend the cash on effective investigative methods, and allow innocent people to go about their business without interference.


You can't add any comments to this post. If there is something you would like to bring to my attention, please use the contact mechanisms below to get in touch.