Encryption is shaping up to be one of the great philosophical debates of the technological era. It’s become a proxy for a wider debate about the rights of citizens, and the balance between liberty and security. The debate, and the issues, are real. But encryption is the wrong target. All we’re seeing is yet more evidence that government has no idea how to adapt to the era of personal computing. After all, they’ve only had 34 years to think about it so far.
Why do I say this? Because once again we’re seeing attempts by various governments to force technology companies to adopt weak encryption. They might even succeed. This would mean much greater risk of card fraud, identity theft and cyber-crime in general, but that’s justified in the name of national security, isn’t it? Well, it would be if the only way terrorists could get their hands on decent encryption is by buying it from a tech major.
But this isn’t gun control. That’s also a contentious issue in the States, but here in the UK we’ve demonstrated that you can make it really quite difficult to get your hands on a working firearm. It can be done, of course, but with significant risk of getting caught, and equally significant risk of getting ripped off. Why does this work? Because making guns is hard. Of course you can download designs from the internet (including comedy 3D-printed versions), but to make a proper gun you need a variety of machine tools, the right metals, the right skills, the ingredients for gun powder and so on.
What do you need to build ‘unbreakable’ encryption? A computer of some description, a compiler and a modicum of coding skill. You don’t even need to do it from scratch – there’s plenty of open-source libraries out there; you mostly need the skill to make sure those libraries aren’t themselves back-doored. Even if you suppressed those ready-made resources (which would be a huge blow to tech progress), encryption is just an aspect of applied mathematics – do we really think ISIS has no access to competent mathematicians? Who invented modern maths anyway?
The real question we have to ask ourselves is whether giving up the commercial and privacy advantages of encryption is worth it to catch the criminals and terrorists who are too stupid to work around the restrictions. It seems likely that if they’re that inept, they’ll expose themselves in other ways too, without us having to accept that any half-competent cyber-criminal can read our emails.