Law in the Internet Society

End-to-end Encryption: The Way Forward

-- By YiShinLai - 03 Feb 2020

When Phil Zimmerman first made available to the masses Pretty Good Privacy (PGP), an end-to-end encryption program, in 1991, he seemed to have been ahead of his time. Internet, in most countries, was in its infancy stage. E-commerce was virtually non-existent, and internet privacy was not thought about, much less talked about.

Not the right adjective. "Strong public-key encryption" would have been the right designation. This again gives the knowledgeable reader the uneasy feeling you're talking about something you don't know.

As an introduction, what does this paragraph do? It doesn't state your idea, and it doesn't say anything more than that Zimmerman did something long ago.

Encryption and Hacking

Mr Zimmerman’s PGP stemmed from his desire to protect Internet users from Government surveillance and interference. Internet to him was of the people, and for the people. His creation therefore made it significantly more difficult for the Government to intercept messages and transactions on the Internet. This was, however, not to say that it was impossible. In cases that warrant special attention, governmental agencies and private companies like the NSA and NSO respectively have been able to get past the encryption without actually cracking any code.

But the ability to hack into devices or decrypt an encrypted message involves significant resources and is limited by costs. Such targeted and focused actions are not scalable. It would take too much resources for Governments to hack into everyone’s computer or phone. But because Governments view internet surveillance as a form of social control, any impediment to it must be overcome. This encourages Governments to eliminate end-to-end encryption by first attempting to eliminate the people behind them. When that failed, as in Mr Zimmermann’s case, they looked to legislating laws to either disallow the use of end-to-end encryption or for a backdoor to be created that only the Governments may enter.

Law enforcement versus individual privacy

Any reliance on such legislation to access an individual’s electronic privacy is always centered on it being in the public’s interest. How would you like child sex predators, murderers or would-be rapist to prowl the internet unmonitored, asks Big Brother. Instead of learning from how the “Clipper Chipset” proposal spectacularly flopped after companies and individuals started to boycott the device for its gross infringement on privacy through “backdoors”, it is somewhat surprising that the deputy attorney-general Rosen announced that the Government was looking to revive the enactment of a similar program (though technically different) in July 2019, and recently reiterated his plan to do so after a shooting at a naval base in Florida.

The competing interests between law enforcement and individual privacy have always been a difficult question with no easy answer. The Government argues that having data delivered to its doorstep on a silver platter unencrypted will help solve, prevent and predict crimes. But why the need to help them encroach on our privacy, which is akin to shooting ourselves in the foot, when the Government is clearly aware that it has some way to hack into one’s electronic device to obtain unencrypted information? Afterall, the Snowden leaks showed that the NSA had the ability to infiltrate a target’s laptop to read encrypted data through the control of its operating system.

What the Government is really trying to do, in my opinion, is to keep banging on the gates of privacy, hoping that one day the gates burst free. Once encryption is tossed aside voluntarily by the people, the Government can start surveilling the entire population without impunity since cost is no longer an issue and political push-back will not be a worry. By controlling information, the Government will be fully equipped to perpetuate the rule of the ruling party, as in the case of China and Russia.

Using encryption to protect our privacy by increasing the cost of our data

Tech companies, like the Government, are constantly working to chip away at our privacy. Encrypting all our online interactions so as to make it as costly as possible for them to get our data is one way to stop the onslaught. If done at a sufficient scale, it will force tech companies to re-think how data is being collected, and hopefully force them to fundamentally re-shape their business models. Indeed, applications like WhatsApp? and Google Duo have incorporated end-to-end encryption not because they want to but because they see people starting to move out to other applications such as Telegram which offers encryption.

Changing the mindset of the masses to start using encryption

How then do we convince the masses that they should shift to using encrypted services? First, we need to constantly remind each other of the perils of state/commercial surveillance by keeping the discussion on its harm going. The Snowden leaks and the Cambridge Analytica scandal are good reference points. We need to find ways to drive home the point that if we do not take steps to protect our own privacy, the Government will not do that on our behalf. We need to constantly remind ourselves that if we choose to do nothing, we may one day end up becoming like China, where the Government is able to engage in propaganda and censorship with ease because it has unfettered control over the Internet.

Second, alternatives to services that regulate social life similar to those we regularly use now must come with end-to-end encryption, and offer the same (or better) user experience so as to facilitate the shift. It has to acclimatize to a style of use which is consistent with the current ecosystem of technology. Messaging apps such as Wicker and Signal, as well as search engines such as DuckDuckGo? , and web browsers such as Tor, have gained popularity but more can be done to market them. To accelerate the shift, we need the equivalent of an encrypted form of Facebook and Instagram which seem to be lacking in the market.

Third, we need to look within and ask ourselves what inherently is important to us when it comes to privacy. Do we want someone to always be able to see or know what exactly we do, where exactly we are, who exactly we meet, and what exactly we say? If the answer is no, then if we do not take steps to protect what is ours now, we should not be surprised if it is one day taken away.

"The Government," as I said last time, is not a monolith. One of the improvements that didn't happen here was a more realistic summary of the various government positions.

This draft presents the problem as though the platform companies weren't offering better messaging and data security to their users in the post-Snowden world. Keeping others from surveilling the users they surveil has become more valuable to them, and confuses their users better. Your essay can improve by considering the effect of that dynamic.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r4 - 01 Mar 2020 - 18:59:11 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM