Patrick Kerrigan

On Encryption

by Patrick Kerrigan, . Tags: Cryptography Security

Encryption is quite a hot topic these days. It's started to be vilified as "providing a safe means for criminals to communicate" by some not so familiar with the subject. There are even some proposals to ban it. While these are legitimate concerns, and ones that need to be tackled (although perhaps from a different angle), the truth is that providing a way to communicate free from eavesdropping is crucial in order to provide the services which underpin modern society. Losing this capability would nullify many of the technological advances of the last century and make the world a much more dangerous place.

What is encryption?

On a high level, encryption is transforming a message to make it unreadable to anyone but its intended recipient. This is usually accomplished with "keys" that are held by both parties to allow the transformation to be undone at the other end. Only someone who holds the correct keys can read the message.

At the lowest level, encryption is maths. Mathematical functions are applied to the message and the keys in order to produce the transformed, or encrypted message. A simple example to demonstrate this is to use multiplication and division as our encryption and decryption functions. Assuming I want to send a friend the number 10, and we both decide to use 5 as our key, we would do the following:

I encrypt my message (10) by multiplying it by our key (5)

10 × 5 = 50

I send the encrypted message (50) to my friend

My friend decrypts the encrypted message (50) by dividing it by our key (5)

50 ÷ 5 = 10

It's that simple. Anyone who observes our communication would see the number 50 and have no idea that our actual number is 10. An 8 year old can do this if they wish. It's a technology that's been around for thousands of years.

Why is it so important?

It's used everywhere. You're using it to read this. Your bank uses it to keep your money safe. Your WiFi network uses it to stop hackers stealing your credit card details from a car parked outside your house. Online shops use it for you to make payments and supply your delivery address securely.

It's not just the web that uses it though. Physical shops use encryption to send your card details to the bank so you don't have to pay by cash. Hospitals and your GP use it to securely access your medical records so that hackers can't steal them and publish them online. Public transport systems use it in order to make sure that communications and control signals between trains, aircraft and their controllers aren't tampered with.

The number of things that rely on encryption in order to keep us safe from criminals is far too high to list them all here, but you get the picture. Encryption doesn't just provide privacy, it provides safety.

What would a world without encryption look like?

For a start, there would be no credit cards or debit cards. By extension there would be no online shopping (unless you sent cash by post to the retailer to pay for your order, but that spoils the point).

The smart card you use on public transport would be useless, as would the automated ticket barriers it's used to open. Queues to board trains or check in to flights would mean extending the time you spend travelling considerably.

Your GP would have to post your medical records to the hospital whenever you need treatment, leading to even longer waiting times (unless you want them to be stolen by hackers).

Satellite and cable television would cease to exist. If mobile phones don't disappear you can guarantee your calls are being listened to by criminals wanting to sell your data to marketing companies and even other criminals. The same goes for your WiFi network.

Banks, utility services, railway signalling systems and air traffic control systems all become much more vulnerable to cyber attack, with potentially disastrous consequences. And those smart meters you've just had installed? Anyone can control them now, not just your utility company.

One thing that wouldn't change, however, is that criminals would still use encryption to communicate securely. Maths wouldn't suddenly cease to exist.

But can't we make it possible to decrypt messages sent by criminals?

"But can't we change how multiplication works?"

Unfortunately not.

The only way that would be possible is to ask everyone to use a flawed method of encryption, or to give all of their encryption keys to a trusted party. Criminals would do neither, so it would only serve to weaken the protections of the rest of society.

So is encryption good or bad?

Given that the benefits of using encryption far outweigh the drawbacks, we should be focusing our efforts on improving encryption technology to make it stronger and more resistant to attack. We depend on it more and more as society continues to embrace technology. It not only allows us to communicate with privacy, but it keeps our national infrastructure, transportation systems, banking systems and ultimately us, safe.

The examples given here may seem extreme, but they illustrate why we shouldn't make knee-jerk decisions about things that we don't understand the full consequences of. Like most things in the world of technology, encryption was introduced to solve problems, not cause them. If you want to undo something you should first understand the problems you will be re-introducing by doing so; If not, you might just end up doing more harm than good.