Encryption

What is it?

Encryption is the process by which information can be securely stored, or transferred securely between two parties. It involves complex mathematics to obscure data so that it is almost impossible to read without the correct decryption keys or passwords. “End-to-end” encryption is commonly used when transferring information that needs to be kept secret over a public system such as the internet.

Critically, Encryption provides the following benefits:

  • Non-repudiation – You can be sure that only the intended sender sent that message. The message has not come from anyone else.
  • Integrity – The message has not been changed on the way to you by someone malicious.
  • Confidentiality – Nobody except you and the sender can understand the message.

Why is it important?

Without encryption the internet loses a lot of its functions:

  1. Home Finance Without being able to confirm both parties’ identities and communicate information securely, banks would unable to provide internet banking in the UK.
  2. Online Retail Without being able to transfer payment details online securely, online retailers would no longer be able to sell to UK citizens without risking high levels of fraud. Your bank will also want to avoid insecure online payments as this exposes them to fraud.
  3. Secure Communication Online messaging applications such as iMessage, WhatsApp and Facebook Messenger would not be able to work without potentially allowing third parties to view the contents of messages.
  4. All websites with logins Logging into a website without encryption would expose your credentials to anyone who is connected to your network, either by wire or wirelessly.
  5. Back to Cash All card payments and ATMs use the internet to verify payments and balance. Like Online Retail, without encryption these messages would be insecure and we would have to go back to using only cash.

What’s happening with it?

Government officials say that the internet is providing communication channels for terrorists and other malicious parties, and that being unable to break encryption is hampering investigations and allowing terrorists to plan attacks.

There has been talk of “banning” or licensing encryption, or requiring companies to create “back doors” so that government agencies can circumvent encryption to view the content of messages.

There are strong arguments against these ideas:

Banning or licensing encryption

Only allowing certain individuals to communicate securely is akin to licensing speech and could constitute a violation of the right to privacy and freedom of expression. As encryption itself is based around the use of complex mathematics, trying to ban it would be as difficult as trying to ban some mathematical functions.

Creating “back doors”

Allowing ANY party to break encryption would result in a breakdown of trust, as weak security is no better than no security.

Even if you take the position that a government will not abuse their position, the details on how to use these “back doors” will eventually reach hackers. This has already happened multiple times. The leaking of such crucial information would leave the UK population vulnerable to malicious people all over the world.

It’s important to realise that the UK does not stand on its own. If the UK government were to require a weakening of encryption this would affect any data about citizens of other countries stored or transmitted through the UK. It is highly questionable whether the governments and citizens of other countries would accept this. Encryption is only as strong as its weakest link.

The Web Matters position

Encryption is a critical component of the modern web. Without encryption, individuals, organisations and governments would be at risk of attack and exploitation from criminals and other hostile parties. Encryption enables businesses to safely offer their services online, and allows consumers to communicate securely, pay for goods/services and protect their privacy. Web Matters believes that restricting or weakening encryption is not a feasible solution for preventing terrorism or crime, and would cause considerable harm to the web and all of its users.

Source: https://github.com/web-matters/industry-issues/tree/master/encryption