(Photo by Rob Pegoraro/Yahoo Tech)
Encryption has been all over the headlines after recent terrorist attacks, and the discussion can quickly get cryptic. Is “crypto” a fatal weakness of the Internet? An endangered species that must be saved? You can hear heartfelt testimony for either view from both Democratic and Republican politicians.
But ultimately, encryption is just math that, like any other tool, can be used for good or ill. Let’s start with some basics about it that often get neglected in all the commentary.
Q. It was my understanding there would be no math in this story…?
A. Sorry, it’s unavoidable: Encryption works by encoding information in such a way that its recipient can decode it (without further help from its sender), but no one else can. To do that scrambling, you need to run the original data through one equation or another.
For example, to encrypt something against the prying eyes of somebody who’s really, really drunk, you could just replace each letter with one 13 places forward (so “A” becomes “N” and so on). If your eavesdropper is more capable, you’ll need something more complicated — but it’s still all equations.
Q. Okay. What makes for strong cryptography?
A. Using more complex math in an encryption algorithm only goes so far if the sender and recipient use the same key — that is, if they both plug the same secret set of digits into the encryption formula — to encrypt and decrypt. In that case, if either party loses the key, game over.
The simplified version of how encryption works. (Image: Commons.wikimedia.org)
But you don’t have to share the same key. That’s the insight behind public-key cryptography. You use one key — a public key shared with the person with whom you want to communicate confidentially — to encrypt the message. Then that recipient decrypts it using a different private key originally generated alongside the public key.
Q. Sounds really complex. How do I use this?
A. You already have by reading this story. Your browser and Yahoo Tech’s site used public-key encryption to secure their connection, based on a standard variously called SSL (Secure Sockets Layer, the original name) and TLS (Transport Layer Security, a more modern moniker). That’s why the URL in your address bar begins https instead of just http.
(For more details, see this thread at the tech Q&A site StackExchange.)
Q. Can I protect my email this way?
A. You can, but that’s not as easy. While an increasing number of e-mail services — including Gmail, Microsoft’s Outlook.com and Yahoo Mail — use encryption to protect messages as they transit the Internet, that doesn’t secure them after they arrive.
So-called end-to-end encryption requires senders and recipients to install an extra program. The best-known such software is the open-source Pretty Good Privacy. But even when used inside the refined interface of a PGP-compatible app like GPG Suite, encrypting email is tricky enough that most people don’t bother.
Let me put it this way: If this sentence’s link to my public PGP key gets me an encrypted message from a reader, that will be the first time it’s happened in many years.
Q. But if end-to-end encryption is so hard, why do I keep hearing about the risk of crypto letting criminals “go dark”?
A. Because sometimes encryption is built into apps or devices and turned on by default. Almost all computer-security types think this is a good idea, overall, even if it makes it easier for bad people to use crypto, too. (More on that in a moment.)
For example, WhatsApp activated end-to-end encryption a year ago. This feature doesn’t protect messages to and from regular mobile phone numbers but does scramble communication between the Facebook-owned service’s 900 million regular users. That amounts to a decent chunk of the global conversation.
Apple, in turn, made full-device encryption the default on iPhones and iPads with iOS 8, walling off data on them from anybody without a user’s registered fingerprint or device passcode. As an Apple white paper explains, this is fiendishly strong stuff — and because Apple has no backup key, it can’t unlock any of the hundreds of millions of devices secured accordingly.
Q. Can the government ban that kind of unbreakable encryption?
A. The government could ban U.S. companies such as Facebook and Apple from providing encryption without a “back door” that law-enforcement could use to unscramble a suspect’s chatter without his or her password or key. But security experts correctly say that such back doors would weaken security for everybody using that compromised crypto.
Meanwhile, the Feds can’t force individuals to use back-doored encryption. Nor can they stop developers elsewhere in the world from writing and shipping unbreakable crypto.
Q. Does the government understand that?
A. Unclear! Statements like President Obama’s line in Sunday’s Oval Office address about terrorists who “use technology to escape from justice” can be read as opposing encryption or asking industry to help find other ways to catch our enemies.
Q. Will law enforcement be increasingly out of luck as more people use encryption?
A. Not necessarily. Police investigators can and will try to compromise a suspect’s devices to work around encryption. As far back as 2007, the U.S. government has used court-authorized malware for that purpose.
The iPhone is more resistant to tampering, but its TouchID fingerprint sensor has been spoofed by security researchers, while the numeric passcode backing up that biometric barrier has been vulnerable to some clever brute-force attacks.
And no encrypted device is an island. An iPhone that’s been backed up to a computer or to Apple’s iCloud lets you go after its contents in either place. And you can attack the devices and accounts of a suspect’s regular contacts — encrypted messages still leave metadata such as sender and recipient addresses exposed — some of whom may not be as expert as our hypothetical criminal mastermind.
In short: Encryption is powerful math, but it’s still dependent on fallible humans.