Most online communication services now are either end-to-end encrypted or follow some level of encryption by default. These privacy measures renewed government fears that technology will thwart the access of law enforcement to vital data, a phenomenon officials refer to as “going dark".
The science of encrypting and decrypting information is called cryptography. The process uses a cryptographic algorithm known as a ‘cipher’, a mathematical function that works by means of ‘keys’ which encrypt a sender’s message and are then used to decrypt it at the receiver’s end. Data that can plainly be read is known as ‘plaintext’, while data that needs to be acted upon for comprehension is called ‘cipher text’. The same type of plaintext that is encrypted with the help of different keys will result in different cipher texts. Hence, the security of one’s encrypted data depends on the strength of the cryptographic algorithm.
Note that ‘ciphers’ are very different from ‘codes’, even if they are used synonymously by laypersons. The problem of ‘going dark’ can be attributed to the use of ‘ciphers’ for encryption. In the context of ‘codes’, a set of words can be converted into another set of words. For example, ‘I love India’ can be code for ‘I stay in Patna’; the recipient only needs a codebook to decode it as such. But in the case of ciphers, individual letters can be changed to a different group of letters. ‘I love India’ can be made ‘Bcxfg ogypt fbnnop’. To decipher this, one needs to know how each letter has been transformed. This poses a challenge to enforcement agencies today.
The chats we have with our friends have a unique security code that verifies and ensures that our chats are end-to-end encrypted. The entire process of encryption and decryption of messages takes place on our devices. When we send a message, it automatically gets secured by a cryptographic lock, the key to which only rests with the recipient’s device. So without physical possession of either device, law enforcers cannot intercept the communication, irrespective of whether it comprises benign talk or constitutes a public security risk. The most popular chat platform WhatsApp has clearly stated that its encryption has “no off switch". And evidence suggests that the so-called darknet and end-to-end encrypted messages have been a haven for terrorists.
In today’s tech-driven age, encryption technologies are robust and even used by administrations to safeguard critical infrastructure and their classified communication. If private platforms that use encryption figure out a way to grant ‘backdoor access’ to law enforcement agencies or government officials, chances are that it could be exploited by ill-motivated hackers. Therefore, as critics have argued, message tracing would involve either loosening or breaking encryption.
The idea of backdoor access was put forth by security analyst Geoffrey Corn, who pointed out that law enforcers do not want access through an unsecured backdoor, but instead need the digital equivalent of a secured fortified ‘front door’ with appropriate locks and bars.
It was also found that to aim advertisements at its users, Google had the capacity to decrypt Gmail and G-chat communications, and Apple employs software that allows iCloud backups to occur in a way that they can be decrypted.
Hence, what could work are solutions for lawful access included in the very design and development of encryption mechanisms. This would be more secure than any attempt to exploit vulnerabilities after the fact. This calls for cooperation between the government and private platforms, which could increase overall security while reducing the risk of back door breaches by malefactors.
Better encryption standards are bound to complicate things further, which may force law enforcers to fight encryption with encryption. A key development in this space was Operation Trojan Shield, under which enforcement agencies from several countries developed and operated an encrypted device to spot drug traffickers, money launderers, illegal firearm hawkers, etc.
Therefore, the way forward may not be in deciding between what is more important, privacy or public safety, but rather through regulation that delicately balances the two. Technology can be an ally. Building a secured ‘front door’ should be our aim. It may help in solving cases or disrupting criminal activity.
The ‘going dark’ problem should not be ignored. Along with preserving the privacy of their people, countries should also enable authorised agencies to safeguard citizens from threats by would-be law-breakers.
Nikhil Naren is a Chevening scholar pursuing an LL.M. from Queen Mary, University of London
