cas.eliens.co

13 October 2020

Why there is no good way to dismantle encryption, and why it's a bad idea to begin with

by Cas Eliëns

Apparently, the EU is considering ways to somehow see encrypted data “without dictating technical solutions for providers and technology companies”. The reason they are considering this is apparently an attempt to prevent and combat child sexual abuse and exploitation.

Don’t get me wrong. If there is a way to reduce the amount of (child) sexual abuse and expoitation in the world, I would support it wholeheartedly. However, I don’t believe that breaking encryption helps achieve this goal.

Making encryption illegal (can you make math illegal?) won’t stop people who are already doing illegal things from using it. If a person sees no issue in sexually exploiting a child, I don’t see how they would be deterred from using encryption simply because it’s illegal.

A potential “solution” (I think encryption isn’t a problem so it doesn’t require a solution) people have offered in the past is the modification of encryption algorithms to include some sort of master key or other method with which law enforcement can access the encrypted data. I believe this approach is flawed in two ways; firstly it fundamentally breaks end-to-end encryption by introducing a third party to the transaction. On top of that, this assumes that all law enforcement agencies (assuming they would all have access, which they probably won’t) can be fully trusted all of the time.

Law enforcement can’t be implicitly trusted.

Deciding who would get access to a back-door in encryption is impossible.

Conclusion

I believe that sexual abuse and exploitation (whether it involves children or adults) is bad and we should take steps to fight it. However, breaking encryption will not solve this issue but will instead fundamentally break privacy and security.

P.S: This video by CGP Grey quite aptly describes how I feel about the idea of breaking encryption for the sake of reducing crime.

tags: privacy - security
Me