Author: Megan Squire / Source: Scientific American
The following essay is reprinted with permission from The Conversation, an online publication covering the latest research.
Government officials continue to seek technology companies’ help fighting terrorism and crime. But the most commonly proposed solution would severely limit regular people’s ability to communicate securely online. And it ignores the fact that governments have other ways to keep an electronic eye on targets of investigations.
In June, government intelligence officials from the Five Eyes Alliance nations held a meeting in Ottawa, Canada, to talk about how to convince tech companies to “thwart the encryption of terrorist messaging.” In July, Australian Prime Minister Malcolm Turnbull called on technology companies to voluntarily ban all systems that totally encrypt messages in transit from sender to recipient, an approach known as “end-to-end encryption.” British Home Secretary Amber Rudd made global headlines with her July 31 newspaper opinion piece arguing that “real people” don’t need end-to-end encryption.
These claims completely ignore the one billion real people who already use secure messaging apps like Signal and WhatsApp. And it leaves no room for people who may decide they want that security in the future. Yet some technology companies look like they might be considering removing end-to-end encryption – and others installed backdoors for government access years ago. It’s been two decades since the Clipper chip was in the news, but now a revival of the government-business-consumer “crypto-wars” of the 1990s threatens.
One thing is very clear to computer scientists like me: We real people should work on improving security where we are most vulnerable – on our own devices.
Endpoints are the weakest link
For the moment at least, we do have good, easy-to-use solutions for secure communication between computers, including end-to-end encryption of our messages. End-to-end encryption means that a message is encrypted by the sender, and decrypted by the recipient, and no third party is able to decrypt the message.
End-to-end is important, but security experts have warned for years that the most vulnerable place for your data is not during transit from place to place, but rather when it’s stored or displayed at one end or the other – on a screen,…
Click here to read more
