Wednesday, 25 May 2016

Encryption Technology

Recently, the FBI has been making a lot of noise about encryption in the context of terrorism and security, suggesting that they need to be able to decrypt anything. Apple has been making noise saying that's a bad idea, and lots of other individuals and organizations have been agreeing with one side or the other (though mostly agreeing with Apple). So what is the FBI asking for, and why is it a bad idea?

Well, Apple is saying that personal data should be encrypted. It should be encrypted to such a degree that they cannot access it without the user authorizing them, unless it is uploaded to iCloud. There are also backup services that are agreeing with them, saying that it doesn't make sense to have access to client data, under any circumstances. Then you get security organizations such as the FBI, NSA, CSIS, RCMP, local police, and so on, trying to get access to files in order for them to catch criminals and terrorists.

The reality is that in order to have encrypted data, you are trusting someone. Also, when data is encrypted, it isn't inaccessible, it is just difficult to access. Given sufficient time, anything can be accessed, it's just a matter of how much time and what the resulting pay off will be. Is it worth while to spend 40 computer years to decrypt a single file? If it's a personal picture, then probably not. If it's sensitive banking information, then it might be worthwhile to criminals.

There is a common encryption software called PGP, which stands for Pretty Good Privacy. It is not fantastic, but it is reasonably good. Then there are more advanced encryption algorithms, including DES, Triple DES, RSA, Blowfish, Twofish, and AES. AES is very popular among official channels, including Governments and Financial institutions. Of these, PGP is good for most things. RSA, Blowfish, Twofish, and AES and all good options for important data currently.

However, there are issues with encryption. One is the difficulty in using it. The pay off is worth it, if you need to e-mail anything even remotely secure, or if there is any danger of access to your system. The other is more theoretical. It is a result of quantum computers. Quantum computers can process data faster than traditional computers by an order of magnitudes. This is especially true in the context of encryption, for peculiar reasons that have to do with superposition of data bits, allowing them to be calculated in more complex and efficient ways. This could be the end of encryption as we know it, and require a giant step forward to provide any sort of encryption at all.