Éibhear/Gibiris

Short example of why a magical encryption key won't work as governments might hope

There have been calls from police and other government agencies all over the world to ban the use of end-to-end encryption messaging services, in order to more easily fight against all the things that these agencies believe to be bad. I'd like to demonstrate how this won't work.

PGP is a method of encryption, typically used for e-mails. There are many software packages for computers and hand-held devices like 'phones and tablets that provide PGP encryption, but they all work largely the same.

E-mail doesn't do encryption; the vast majority of e-mails are unencrypted, and can be read by anyone with access to relevant computers and tools. To use PGP software, the user doesn't need to use a different e-mail programme as PGP comes as a plug-in component to the vast majority of the standard tools. PGP watches for the user to press Send on a new e-mail. When that happens, the PGP programme will take the e-mail text, look at who the e-mail is being sent to and create a new message as an encrypted version of the original message that only the intended recipients can decrypt. It will then replace the original message in the e-mail with the encrypted version, and then hand control back for the e-mail programme to complete sending the message.

This, too, is essentially what all those end-to-end encrypted messaging services do, except that it's not so obvious to the user.

PGP software, however, can be used on its own to just encrypt computer files in place. Many do this in order to protect themselves from so-called hackers who may gain access to their files.

Finally, as confirmed by Edward Snowden in 2013, PGP remains unbroken, and no government or other well-resourced organisation has been successful in cracking properly-used PGP.

These three facts combine to mean something very important in this "Lawful Access" discussion: no matter what legal or technical measure police and other agencies secure to get access to encrypted communications and files, for as long as PGP and other, similar, encryption technologies remain unbroken, the criminals will use them in an offline manner to circumvent these measures.

Ultimately, these measures will end up harming only innocent people, and they will still not provide the police with the form of access they would like.

You can comment on this post below, or on the matrix room here. If you want, you can "Log in" using your [matrix] ID.

All comments are subject to this site's comment policy.

About

I, Éibhear Ó hAnluain, live in Dublin, and my background is as a Software Engineer. I currently work as an Enterprise Architect in a global organisation. Visit this page to learn about all the ways you can contact me.

It is the policy of this site to ignore or rebuff all requests to host "content" from others. All third-party work presented on this site is done so to facilitate my commentary on the work, and is posted under terms that are under my exclusive control.

Creative Commons Licence
All pages and blog posts in this site are copyright © Éibhear Ó hAnluain, and are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License

All exceptions to the above notice will be noted where applicable.

Powered by o-blog.