Earlier this year, David Cameron, the British Prime Minister, expressed his distrust of encryption. “In extremis, it has been possible to read someone’s letter, to listen to someone’s call, to listen in on mobile communications,” Cameron said. “Are we going to allow a means of communication where it simply is not possible to do that? My answer to that question is: no, we must not.”
While David Cameron’s comments on encryption are worrying for anyone trying to retain some privacy on the Internet, he is not alone in his distrust of encryption. President Obama has echoed similar concerns, noting that law enforcement should not be locked out of encrypted devices. Likewise, the director of the FBI, Jim Comey, wants to ban “unbreakable encryption.”
Although some governments, like Germany’s, are encouraging their citizens to adopt encryption, many more are suspicious of it, or simply don’t understand what makes encryption such a strong security tool in the first place.
David Cameron, Encryption, and Privacy
Perhaps David Cameron’s biggest problem with encryption is his misunderstanding of what it is and how it works. In Cameron’s statement, he made it clear that he saw encrypted data in the same way you might see a letter being sent in the mail, or a phone call. While, in those situations, it is completely possible for someone to intercept your messages, the same cannot be said for an encrypted message.
Encryption does not rely on a middleman as your messages are encrypted with a key. Without that key, they can never be accessed. What David Cameron is really asking for is a backdoor, so that the government could always find a way in. That’s a completely unrealistic solution, as adding a backdoor to encryption is essentially defeating the point of encryption in the first place. After all, if a backdoor did exist, it likely wouldn’t be long before hackers found their way in.
David Cameron’s encryption comments make it clear that he doesn’t understand why encryption is as powerful as it is. As soon as you add in a workaround, you’re making businesses and individuals vulnerable to the very people they are trying to keep out. Yet, it’s important to realize that Cameron’s comments were not made in a vacuum. He is not the only global leader who wishes to upend encryption.
France’s Distrust of Encryption
Following the Charlie Hebdo attack, the Prime Minister of France, Manuel Valls, announced that he was proposing a new surveillance law that would give French intelligence services “all the legal means to accomplish their mission.” While his intentional vague language is more mysterious than the David Cameron encryption comments, it is still troubling, especially considering that you’re legally required to hand over your encryption key in France if requested by the authorities.
Considering that some companies are making key disclosure an intentionally impossible task, France’s surveillance law may require companies to build in backdoors to their encryption algorithms. It’s too early to tell, but a French advisory panel did want to change intelligence laws to require foreign companies to hand over data when they do business in the country, showing that David Cameron’s encryption wish might just come true in France.
Canada’s Shocking Encryption Limits
Although Stephen Harper, Prime Minister of Canada, might not be interested in installing a backdoor in encryption algorithms, members of his government are making encryption much weaker in Canada.
When it comes to encryption, the longer a key is, the stronger it is. A key that is 128 bits long will be stronger than one that is 64 bits long, and a 256-bit key will be stronger than a 128-bit key. Knowing that, you might be surprised to find out that Canadian companies cannot export (or import) any technology that uses more than 64-bit encryption without a permit. Considering the speed of today’s computers, a 64-bit key simply isn’t strong enough to guarantee that your data will be secure.
The encryption key length limit isn’t due to an outdated law that hasn’t been updated in years, either — the new encryption law went into action in 2010 under Stephen Harper. While the law does not apply to trade with the United States, it does impact all of Canada’s other trading partners, as well as non-American companies doing business in Canada.
The Right to Strong Encryption
If the David Cameron encryption snafu has taught us anything, it’s that encryption will always be a hard sell for world leaders. Encryption, for them, is a tool that enables anyone to hide from the watchful eye of government surveillance — in other words, it’s something for those committing or planning crimes.
Encryption is not a tool for shadowy figures trying to hide from the government, it’s just a way for individuals and businesses to go about their digital lives without having to worry about their messages being stolen from them. Encryption prevents you from being a victim of a data breach, or from having your leaked emails plastered all over the Internet. Likewise, in order for it to continue being a way for users to protect themselves, there can be no backdoors, nor should users be forced to use weak version of encryption.
While the David Cameron encryption incident has shown us that there are those out there that still distrust encryption, at Virtru, we believe that strong client-side encryption should be available to everyone. You should not have to worry about someone snooping on your messages, regardless of if they are a hacker or a government agency.
Interested in taking the first step toward protecting your privacy? Download Virtru, and see how easy it is to enable true data-centric encryption for your email account.