Phrases like “end-to-end encryption” are thrown around so commonly today that one would think everyone has in-depth knowledge of encryption. Encryption is a ubiquitous term but a complex subject.
To be sure, the average person doesn’t need to have expert knowledge about the ins and outs of encryption to safeguard their privacy, just like you don’t need to understand how a combustion engine works to drive a car.
However, sometimes mechanical skills do come in handy, and understanding the basic concept of encryption will help you appreciate what separates military-grade encryption from the popular platforms promising to be secure. Let’s look at what encrypted communication is and how it works.
Encryption, the Basics
When data is stored on a computer, the Cloud, on the phone, or transmitted across the internet, encryption is what keeps it confidential. Encryption transforms data into indecipherable text that looks like gibberish, and only authorized people with the right decryption key can render the text into a readable format.
Usually, the length of this code is what determines whether the encryption is “strong” or “weak.” Historically, 40-bit encryption keys were standard. They had one billion possible keys and combinations. While this may sound secure, even a common home computer from 2014 could crack this in a matter of two weeks.
Today’s 128-bit keys are exponentially more secure. If one billion permutations seemed large, the full number of possible keys and combinations on a 128-bit key is worth writing out in full: 340,000,000,000,000,000,000,000,000,000,000,000,000.
However, robust security entrusted to safeguard national security secrets requires more than just a long bit-key. Aside from short key length, implementation flaws, weak algorithms, and bad passwords can also compromise the encryption’s ability to protect your data.
What is Encryption Used For?
While it’s common for people to associate encryption with smartphone technology and cybercrime, more primitive forms of encryption have been around for a long time, even dating back to Ancient Egyptian hieroglyphics! It makes more sense to consider encryption in its current context, as the world revolves around digital technology, and encryption is at the heart of what keeps it secure.
Governments everywhere use encryption for safeguarding vast swathes of the economy, critical infrastructure, and national security. On a smaller scale, private individuals in positions of power use encryption (or ought to!) to ensure that nobody can access confidential communications to facilitate blackmail, corporate sabotage, identity theft, and other crimes.
Is Encryption Legal in Your Country?
There is currently a legal debate brewing between some well-intentioned people who want to give law enforcement access to encrypted communications and those who understand that building in any weakness in the encryption fatally undermines everything encryption is meant to protect — i.e., the bulk of modern society.
Unlike its Western Five Eyes allies, Canada has traditionally refused to adopt or advance a reckless encryption policy that required private companies to build weaknesses into their cryptographic algorithms intentionally.
According to critics writing in outlets like Citizen Lab, The federal government’s attitude changed in 2019, aligning with major Western countries wanting some type of access to encrypted communications.
Down in the US, there is a heated, ongoing legal debate about how to reconcile law enforcement demands to access communications against the need for privacy rights for citizens, companies, and even government agencies.
The EARN IT act is ostensibly a crackdown on child sexual exploitation online, but critics warn that it threatens to erode badly-needed protections that society depends on. While this bipartisan proposition doesn’t explicitly oppose encryption, you don’t need to read much between the lines to understand that backdoor access to online communications is incompatible with secure encryption.
Tech leaders like Google, Facebook, Microsoft and others have pledged to follow the “voluntary principles” that were set out to curb predation online, but it’s still undetermined how exactly the government will draw the line between law enforcement’s need to peek behind the encryption and civil society’s need for security.
Even if you were to accept in principle that the government should be able to bypass encryption laws, the opening that gets left for them to do so could be exploited by malicious third parties. Legal questions about encryption are not just a matter of philosophy or even the law; it’s nearly impossible to discuss on a serious level without making very strict and technical definitions.
As always, the devil is in the details. With a new presidential administration in the US, they may take a new tack on encryption. Though with Australia and the EU seemingly at war with encryption, and considering the EARN IT act was supported by senators from both parties, the writing could be on the wall.
Why You Need Encryption
The legal and technical battles have enormous implications for the average citizen. COVID-19 has only accelerated the rate at which people have moved online, from Zoom calls to ecommerce.
The average person may not fear hackers or identity thieves are targeting them. Still, everyone has sensitive data that could be exploited by hackers to make a lot of money via identity theft, fraud, and even ransom. The global conversation around encryption involves complex legal and technical problems, but the way these questions are resolved will have an enormous impact on ordinary people’s everyday life.
Somebody falls victim to cybercrime every 39 seconds, and eventually, this person could be you, or it could be someone linked to your company. In our digital, interconnected world, people who work in banking, finance, journalism, defence, the energy sector, and a range of activists have a direct need to keep sensitive communications private.
There are fascinating success stories about encryption that demonstrate how safeguarding communications can be a matter of life or death.
Everyday smartphone users must get a more nuanced understanding of how encryption works and not automatically trust that “end-to-end encryption” is fully secure. Here are some Myntex resources that will help you better understand how our products address contemporary security needs. Genuinely secure platforms exceed the data security offered by WhatsApp and Signal to allow everyday users to get the best security on the market without having to understand complicated technical matters or follow evolving legal questions.