Hello all, I recently saw some discussion on this topic in the Low Content thread, and thought it was worth creating a separate thread. This is an extremely important issue with possibly devastating consequences if the wrong actions are taken, so it's very important that people be aware of what's going on.

Western governments, in particular the U.S. and U.K., are trying to take action against encryption.

First I'll explain what encryption is, and why it's necessary. Encryption is "the process of encoding messages or information in such a way that only authorized parties can read it."
https://en.wikipedia.org/wiki/Encryption

Here's a very simple example to illustrate. There is a very old cipher known as the Caesar cipher, which was believed to have been used by Julius Caesar to encrypt messages which were to be sent to his military generals. It's a very simple shift cipher, which simply shifts the letters of the alphabet by a certain amount. So we have our English alphabet

ABCDEFGHIJKLMNOPQRSTUVWXYZ

Now let's encrypt a message with the key of 3. That is to say, each letter is shifted three spaces to the right. So if our message in plain text was "meet me here", after encrypting it with the key of 3, the cipher text (encrypted message) would be "phhw ph khuh". To decrypt the message, you just shift back 3 letters, and it gives you your original message.

Now that you have a basic understanding of encryption, I'll explain attacks on ciphertext, which is known as cryptanalysis. In our example above, our ciphertext could be mathematically attacked in two ways; via brute force, or dictionary attack. A brute force attack on the Caesar cipher would simply be shifting the value and then seeing if the resulting text made sense. So I could try shifting each letter back 1 space, then 2 spaces, then 3 spaces, until I get a message that made sense. As there are only 26 letters in the English alphabet, there are only 26 possible keys. An abysmally small key space.

With a dictionary attack, possible keys are compiled into a "dictionary", which can then be checked against the cipher text. So in our example, for clarity's sake, let's say we only had 15 possible keys in our dictionary. We would shift each letter back by 1, then 2, then 3, then 4, etc., hoping that one of our 15 keys was the correct one. If the person who encrypted the message chose a key from 1 through 15, then we would crack the encryption and we would be able to determine the plain text. However, if they chose a key from 16 to 26, we would not crack it.

Today, our ciphers are much more complicated, and our key spaces are massively larger. But this should give the reader a basic understanding of how encryption works, and how it's broken.

Strong encryption is a necessity because without it, there would be no online banking, there would be no ebay, there would be no paypal, no amazon, and it would be impossible to send a message that could only be read by the intended, authorized recipient. It would also be impossible to securely store data on a hard drive or flash drive without strong encryption.

Strong encryption = security and privacy
Weak encryption = weak security/false sense of security, and weak privacy/false sense of privacy
No encryption = no security, and no privacy

Now with all of that out of the way, let's focus on the issue of what western governments are wanting to do, and that is to compel companies like Apple to create backdoors in their encryption implementations. Key escrow is how this is usually proposed, and what that means, in the example of our Caesar cipher above, is if you encrypt a message with the key of 3, you know the key of course, because you encrypted it. But you also want your authorized recipient to be able to decrypt the message, so you tell them the key before hand. With key escrow, the relevant authorities, such as law enforcement agencies, would also get a copy of the key, so they too could decrypt the message, without having to perform attacks against the cipher text.

Tim Cook of Apple has publicly released a letter to Apple's customers regarding this issue.
https://www.apple.com/customer-letter/

In the U.K., David Cameron is proposing a ban on end to end encryption. This means that data traversing networks and the internet are encrypted completely from the originating point, all the way to the recipient.
https://en.wikipedia.org/wiki/Encryp...United_Kingdom

In the U.S., several senators are also working on legislation to ban end to end encryption.
http://thehill.com/policy/cybersecur...t-against-isis

As stated, in our modern age, much strong ciphers are used, and key spaces are much much larger, which prevents governments from being able to access data. These governments are making these proposals in the name of fighting terrorism, and my dear reader, you might think that it would be a good thing for these bans to take place, and for these governments to be able to access the data they wish to access, but there are potential consequences which would be very detrimental to the security of everyone that uses the internet.

Technologically, it is not possible to create a system that is both secure, and insecure. It's not possible to make a system secure against malicious hackers, but weak so that governments may subvert the system. It's simply not possible.

History is a really great thing to study, for it lets us examine mistakes that were made by people in the past, and learn from them.

In the not so distant past, in the 1990s, there was a series of events which came to be known as "the crypto wars", and it was prematurely declared to have been won by privacy advocates. As a holdover from the Cold War, the United States had encryption classified as a munition, and deemed exportation of strong encryption illegal. The U.S. government allowed strong encryption to be used by makes of software products within the borders of the U.S., but anything which was to be exported to foreign countries was to be weakened. The goal was that the U.S. National Security Agency would be able to easily crack the encryption, but no one else would have the computational resources to be able to do so.
https://en.wikipedia.org/wiki/Crypto_Wars#PC_era

This was short sighted, and led to unintended consequences. For compatibility reasons, web servers and web browsers were made to support the weaker export grade encryption, and just last year, two vulnerabilities were discovered which took advantage of this fact.

https://en.wikipedia.org/wiki/FREAK

https://en.wikipedia.org/wiki/Logjam...er_security%29

What we have here is a very clear historical example, in black and white, of a government taking action to weaken encryption, and it leading to unintended consequences which resulted in people being less safe.

Something like this is going to happen again if western governments get their way. I created this thread in hopes that people become aware of what western governments are proposing, in hopes that people learn about unintended consequences that have happened as a result of governments taking action to weaken encryption, and in hopes that people will voice their opinions to their governments.

Cheers!

I neglected to mention the utter failure that was the clipper chip. Thankfully, it never gained widespread use, but it's an example of a key escrow system which was incredibly insecure, and is worthy of study.

Cheers!
https://en.wikipedia.org/wiki/Clipper_chip

No idea how something this important was considered low content.

Thank you for the great summary of the problem, OP! I plan to copy and send this to anyone I know who doesn't get why "the ACLU is protecting terrorists."

long wall of text. glad I read it as it has some excellent content. thanks

lol at trying to ban end to end encryption. It's another one of those bills that essentially proposes banning the internet.

Also this is incorrect:

At least, this isn't at issue in the Apple case. The FBI want Apple to disable the software restriction on brute-forcing the encryption key.