It is tipped that 2016 will be the year that encryption, privacy and mass surveillance will become one of the biggest concerns in mainstream and legislative discussion.
It started long ago when we started whispering and using coded messages to communicate. No way did we want Bob in purchasing to know about the after work party next week (I don’t know a Bob in purchasing but you get the idea). We didn’t want our manager to know that we were looking for work with a competitor. As for the spouse, we wanted to keep that secret savings account for that special occasion secret (birthdays and stuff, the good kind of secret).
We all have secrets. It is in our nature to try to compartmentalise parts of our lives and privacy is one of the tools we use to keep those secrets. But what if keeping secrets could result in the loss of life? What then? Could we actually put a price on privacy that we would agree to? If keeping a secret meant a loved one died would you tell the secret? What if it was a stranger in another country? Where do we draw the line between telling and keeping secrets? Can you trust the people that know your secrets if you tell?
Digital privacy has become a big deal. Companies knowing about your habits, interests and connections make big money on knowing you and which products you are most likely to buy. We didn’t care much because we got something in return.
Then Edward Snowden showed us what some of us suspected. National security organisations all over the world were conducting covert mass surveillance and the reach was staggering. The digital world had not only given the public a tool to reach out to others all over the world but it gave governments the ability to reach deep into our lives and examine our secrets. This gave rise to a greater awareness of digital security and encryption. Big business was quick to adopt better security along with the tech savvy. Companies specialising in security made lots of money. One leader in particular made 10 million dollars in a single deal.
This leader is RSA, a company well know for it’s encryption suite within security circles. This set of tools licensed to developers called BSafe is the core component in hardening the security in personal computers and many other products. BSafe consisted of four random number generators. Random numbers are vital to creating unique encryption keys that are very hard to crack. It turns out not one (the default setting) but two of the four random number generators were not as random as they should be and this was intentional. In documents leaked by Snowden it was revealed that North America’s National Security Agency had paid RSA US$10,000,000 to incorporate the buggy random number generators and set one as the default.
Since the NSA knew that it was possible to work out the random number that was about to be spat out by the number generator it would be possible to crack the encryption of a target system and gather as much information as it wanted. Some say that this is just the tip of the iceberg as some hackers (good and bad) have demonstrated that it is possible to break many types of encryption.
Fast forward to present day and the promise of privacy is a big selling point between consumers and manufacturers. It is a consideration since we have so much of our lives online. You are not going to just leave that information lying around are you? There are criminals out there that could use your personal information for their own gain and often against you.
Debate rages on with law and security organisations stating that a back door is a vital tool to ensure the security of the citizens they are charged to protect. Opponents state that individuals have an undeniable right to privacy and manufacturers are actually developing products that simply cannot be compromised even if compelled to by law. The governments want a back door but the problem is that back door can be used by anyone.
The hitch is that in these days where the argued need for mass surveillance carries much more weight as criminal organisations and radical militants use secrecy to plan and carry out their operations while security forces are scrambling to head these operations off before they are completed.
Encryption like any other tool can be used and misused resulting in the best and worst that humanity has to offer. It is not hard to imagine that there are some very powerful people looking to strike a deal or shut down the conversation completely as we wrestle with the issues of trust this debate will touch on.
If you have nothing to hide, do you need to worry?
Should you be wrongly accused should you have access to the data collected on you?
If you trust the current people in power, can you trust their successors?
If the threat is removed would the public get back their right to privacy?
If one kind of encryption was broken would that force criminals to simply use better encryption while the rest of ignorantly live with assumed privacy?
Is it possible to find a near perfect solution that ensures the watchers are subject to reasonable checks and balances?
This year promises to be a very interesting one indeed as we may be faced to ask ourselves if we really have the right to privacy?