CL Simplex

Ethics: Encryption

Ethics: Encryption The Ethics of Encryption We briefly defined encryption recently as a set up to this post (I welcome all comparisons to the Marvel cinematic universe here.) The world has a lot of uses for encryption, and there are a lot of concerns when discussing encryption. Encryption not only involves keeping information hidden from people but it also a highly technical topic that not many people understand. What Is Encryption? Encryption is the science of scrambling information so messages can be sent over untrusted channels (carrier pigeon, the internet, etc.) to trusted recipients. You might have no recipients (you encrypt a backup hard drive) so really the intent is not important - the act of scrambling the data is at the heart of encryption. Encryption is technical. Encryption is also notoriously difficult to implement even with technically savvy individuals. It essentially exploits mathematical principals to make it difficult to determine how the information was scrambled. Here is a simple example: some things in math take more time to determine versus other problems. Suppose I ask you to multiply very large numbers together. 345 X 567 = 195615. That wasn't so bad. Suppose I turn the question on it's head. I ask you to divide 195615 into two numbers - depending on the number I tell you that actually might be really, really hard. The Role of Prime Numbers in Encryption The mathematical key is that finding prime numbers is a little difficult. The difficulty lies in their main mathematical property: prime numbers have no other factors except 1 and the original number. This means that in our "guess two numbers that multiply to equal 7", the only answer is 1 and 7. So the key is to take incredibly, monstrously large prime numbers and use them as encryption keys. While this is a vastly simplified version of what happens (for example - RSA encryption multiples two large primes together, among a couple other steps) - this math can take even modern computers long enough that information is considered safe (in some cases - billions of years of computation.) Mathematical Innovation In Encryption Because encryption is so important to the military, banking, and industry in general, a lot of time and energy gets put into both sides of encryption: breaking encryption and strengthening encryption. Consider finding prime numbers. The ancient greeks (and likely many other cultures around the same time) knew of prime numbers and their importance. The Sieve of Eratosthenes is a very old algorithm for finding prime numbers.There have been a number of recent improvements, but needless to say the math is a little advanced. Who Uses Encryption? Everyone uses encryption. Really. Everyone. If you own a smartphone and have a lock screen, then you use encryption to prevent people from accessing your device. Companies use encryption is secure information like credit card and payment data, their consumer data - like profiles, and general storage of documents, spreadsheets, etc. Governments use encryption for their militaries, law enforcement organizations, and for state secrets. Being able to keep things secret from people you do not trust has been a valuable ability since the very beginning of all civilizations. Ethical Issues In Encryption So if all of civilization uses and relies on encryption, where are the ethical issues? Like with all tools, it boils down to who uses encryption and for what reasons. There are a number of reasons "people we should pay attention to" would use encryption for their own purposes. Encryption is actively used by people looking to bypass state-level censorship and surveillance (for better or for worse. Is this person a freedom fighter or a terrorist? Can you ever tell?) On the other side are the state-level actors looking to use encryption to perform surveillance and protect their information. Media companies implement encryption techniques (DRM) to prevent people from copying/pirating their products. Ethics of Personal Encryption The crux of personal encryption is that sometimes people will use encryption to engage in illegal if not dubious activities. Explicit material involving children is a rampant online problem. However, not all activities are so clearly heinous. Consider the journalist in china using encryption to protect their identity from the government. The line between "freedom fighter" and "terrorist/extremist" is as blurry as you want. They both use encryption to achieve their means. The TOR Network Individuals use an encrypted protocol to use the internet. The TOR network is as misunderstood as it is mysterious to people. This is main technique individuals use to attempt to escape state-level detection (some people believe certain states have broken the encryption already.) Silk Road (an online black market) is likely one of the most famous "onion services". An onion service is the equivalent of a website on the TOR network. The TOR network is a really dark and fascinating place. It merits further discussion. Ethics of State Level Encryption A quote from the video game "Alpha Centauri" does a good job of illustrating the issues with state-level actors and encryption: ... the free nation gradually constricting its grip on public discourse has begun its rapid slide into despotism. Beware of he who would deny you access to information, for in his heart he dreams himself your master. The government has many very important uses for encryption. Medical records, and criminal records to name two. Access to information is something governments have attempted to hold a grip on since the first government. Governments work with large telecommunications and internet companies to expand their reach into the information the world sends everyday. There was at least one instance of a secret surveillance room inside a major telecommunications firm in the US. The crux of state-level encryption is in maintaining the balance between reasonable privacy and police state tyranny. The Concentration of State Control Since the invention of gunpowder, the state has been steadily gaining an upper hand against individuals (again - for better or for worse.) Technology is a main driving factor in the power of the state. This is one of the points in the Bertrand Russell book, The Impact of Science on Society. While this has obvious benefits like safer streets in areas with active law enforcement, it lead to situations where governments are corrupt and/or oppressive. Revolution in the Modern State Consider this US-based thought experiment: a state militia has decided to take the Second Amendment to its conclusion and attempt to overthrow the government. Assuming they have 10000 people, do you still think they can actually overthrow the US government in any meaningful manner? I do not. Personally, I enjoy the stability this brings, even if that means an authoritarian leaning society. The main point is that what we romantically remember as "freedom fighters" would not be possible in today's age: see the American revolution, and most importantly - the French revolution. The Arab Spring was relatively short lived, even with the massive proliferation of information over in the internet. State forces are deeply entrenched, fiercely loyal, well funded, and have not been idle - as "Occupy Wall Street" protesters found out. State Level Malware As control over information and digital capabilities have increased, so has the importance for governments to protect their assets while being able to disrupt others'. States have built virii and other cyber payloads designed to infect machines and bypass security or break their functionality. State Level actors have poured enough resources to innovate new encryption breaking techniques using newly discovered maths that only world class teams of PhDs could possibly have researched. The state is keenly focused on breaking the barrier of privacy we believe we enjoy. Government agencies have leveraged commercial entities to spy on citizens, bypassing the laws they purport to be upholding. The Ethics of Commercial Encryption Commercial and industrial organizations use encryption to protect their assets. iTunes, Netflix, the video games industry, constantly use encryption to make it as difficult as possible to use their products in certain ways. There are a couple issues: first of all, artificial market forces act strongly against consumers and disproportionately affect users who aren't pirating content. Secondly, large commercial entities frequently collude with governments to erode consumer privacy and weak encryption techniques. Thirdly, a lot of commercial encryption is simply poorly implemented, leaving unsuspecting consumers in the open. DRM and Content Protection Companies often have a responsibility to shareholders to protect their content, even if the protection schemes are onerous on the paying customers themselves. One of the biggest problems with DRM schemes is the artificial lifespan placed on content. Products that have been legitimately purchased can be impossible to access once a company pulls support, or goes out of business. The business model of planned obsolescence and the erosion of consumer ownership is alive and well in the digital era. While there can be clear benefits to a subscription model/DRM for some services, market incentives can shift in ways that no longer encourage firms to put out the best product possible (see content blackouts, commercials in paid streaming content, services shutting down with little to no notice, etc.) Collusion with State Agencies Business and the government are in a long term relationship, and this makes sense. We all rely on the government to keep our society stable so people can do business and live their lives. Building codes make us confident the roof isn't going to collapse on us, policing make us confident to take a walk in a park, and government laws help give us confidence companies aren't selling us defective products, or make our environment unlivable (I'm ignoring the problems here...that's a whole other blog series.) Point being - we rely on these institutions (both public and private) to keep us safe and happy. Business is all too happy to work with government to restrict freedoms. Additionally, businesses have an incentive to restrict access to information, or enforce DRM. A lot of organizations will lobby for legislation restricting access to information then tell the public they are fighting against what they lobbied for (see Net Neutrality.) Efforts to weaken encryption or install backdoors into consumer software are constant and apparent. While we promised these will only be used against the boogiemen of the internet, hackers, law enforcement and other states become aware of these backdoors and use them frequently to accomplish their goals. Encryption and the IOT The "internet of things" is the new "cloud" of business/internet buzzwords. Taking devices and connecting them to the network is becoming the latest trend in things no one needs. Due to sheer incompetence and pressures to ship as quickly as possible, devices have been shipped with glaring encryption deficiencies. This has led to millions of devices that will never be secure, ever. They're online right now and can be accessed by anyone. Encryption Encryption is a critical tool in how the world operates in a constantly-connected era. Now, as always - control over information has been an issue individuals and states continuously wrestle over. Encryption itself is not a bad thing. All the problems come with legitimate, helpful use cases. The main thing comes down to people understanding the context and why encryption is being used in particular situations. If you made it through this post, congratulations! I also readily acknowledge I could use an editor and a proofread or two. Happy Monday (or whenever you read this!)
Navigation

Tap or click on these posts to navigate to the next or previous posts.

Post Series

This post is part of a larger series. Tap or click on a post to view more in this series.