Data, security back doors and lava lamps
As the value of data continues to rise, it is all the more important to protect it. Consumers want, and increasingly need to know that their data is secure. In order to defend personal information from prying eyes, organisations encode it via encryption. Until the dot com boom, encryption was mainly used by governments and major firms. Today, it is used to safeguard passwords, payment information, addresses, other personal metrics, mobile data and any message sent across various networks. But how does it work, why is it important, and how can it evolve to meet the challenges that come with data mania?
What is encryption and why is it important?
Encryption is the process of encoding messages so they can only be accessed by authorised parties. Before data is encrypted, it can be read by anyone. Many organisations need to make sensitive data invisible to unauthorised third parties – say, for instance, a bank. Unencrypted data is referred to as ‘plaintext’, but once it has undergone encryption it becomes ‘ciphertext’. In theory, the only way to read or unlock ciphertext is with a decryption key. Encryption is either symmetric, which means it uses a single private key, or asymmetric, using a public key and a private key in conjunction. Eventually, if not already, everything will depend on data. So, it goes without saying that encryption is a vital consideration for organisations, particularly consumer facing businesses such as WhatsApp and Facebook.
What are the major challenges to encryption?
Although government involvement can benefit business, it can also be a burden. Last September, the UK government reportedly asked WhatsApp to build an encryption backdoor to bypass the barriers surrounding user data. This request was supposedly motivated by efforts to track the plotting of terrorism. WhatsApp refused, however, on the grounds that they needed to ensure the confidentiality of conversations. While WhatsApp was able to deflect the unwanted attention, companies operating in the US are less likely to enjoy this level of freedom. As stated by a panel of officials last summer, US intelligence and law enforcement agencies can force corporations to provide ‘information and assistance’. Current regulatory changes may mean that this power is revoked, but the struggle for data has caused even more friction between governing bodies and businesses. Governments, at least, are expected to act in the best interests of citizens. Hackers and cybercriminals, on the other hand, are not. The relentless wave of cybercrime is threatening to drown encryption protocols via sheer brute force, as hackers try out combination after combination to decrypt ciphertext. While advanced technology could help to put hackers off the scent, it could also become their greatest weapon. Quantum computing, for example, is notoriously good at deciphering code. In the wrong hands, it could compromise the encryption techniques widely used today. On top of that, hackers are now using encryption themselves to conceal malicious traffic.
What is being done to address these threats?
If data is to remain secure, encryption needs to get better. In other words, it needs to be as unpredictable as possible. At their San Francisco headquarters, Cloudflare has found a way to create randomness. How? Lava lamps. The company is responsible for the security of over 60 million websites, making up 10 per cent of all internet traffic. Cloudflare achieves a random data stream by capturing the patterns generated by a huge display cabinet of lava lamps called the Entropy Wall.
Even if malicious parties manage to decode ciphertext, or try to use encryption as a smokescreen, IT giant Cisco is leveraging machine learning to detect suspicious activity. This approach, known as Encrypted Traffic Analytics, is supported in the Cisco hardware used by 50,000 organisations. A potential answer to the problem of Quantum Computing decryption is post quantum cryptography. Lattice encryption, for example, uses layers of linear algorithms to create far more complex codes.
To successfully guard sensitive data from unauthorised bodies, encryption has to evolve. Initially, this will involve improving its randomness with imaginative techniques. Disruptive technology will also play its part, but its application is as worrying as it is useful. Quantum computing, for instance, could aid hackers. At the same time, other digital tech like machine learning presents effective tools for identifying malicious influences. Post quantum cryptography, too, offers a promising alternative to the existing systems that may eventually become obsolete. With support from other corporations, these responses will bring about the evolution, and not the end, of encryption.
Will encryption be able to overcome the threat presented by government demands, cybercriminals, and precise decoding techniques? Are existing types of encryption outdated? Should consumers be willing to sacrifice privacy for security? Comment below with your thoughts and experiences.