NewScientist (2 January 2016, paywall) speculates on the future of encryption in “How 2016’s war on encryption will change your way of life,” giving the dry outlines of 4 possibilities:
- Outright ban.
- Back doors.
- Rebellion from the corporate world.
- Total encryption.
In none of these scenarios does encryption die off; NS believes that our need for, indeed, our addiction to encryption, whether we’re aware of it or not, will overrules any overt or covert attempt to smother it. Pandora, pretty or not, is out of the box.
Most speculative is their fourth scenario, subtitled “All out encryption beats cybercrime”:
It all started with Ashley Madison. When the breach of the adulterous dating site in 2015 led to divorces and even suicides after profiles were leaked online, people began to wake up to the dangers of unencrypted data. But it was only after a string of further hacks in 2017, including on the UK’s centralised medical record service care.data, that the public started clamouring for protection.
Tech firms continued the encryption roll-out started as a result of the Snowden leaks, while cryptographers stepped up research on new and easier-to-use techniques to protect our data. At the same time, laws were brought in requiring that any unencrypted database be air-gapped – that is, removed from any kind of network – to significantly reduce the possibility of a hack.
The security services protested at first, saying these moves would harm their ability to protect us. But with cybercrime levels nose-diving, the FBI and other enforcement agencies found they had more resources to put into targeted, on-the-ground surveillance, enabling them to tail potential terrorists and foil a number of serious plots threatening the UK and US.
In our more secure world, an elderly Edward Snowden has been pardoned by the US for leaking state secrets, and allowed to return home.
The assertion that cybercrime would fall once everything is properly encrypted is charming, but, unfortunately, a little far out there. First, it assumes everyone encrypts everthing; second, it ignores the social engineering aspects of cybercrime, where the acquisition of a password is adequate to access data that is otherwise encrypted. In a world where everything is encrypted, and great value lies in the encrypted, it seems likely that criminals will shift resources into social engineering attacks.
Third, there is an assumption that encryption will remain effective; if someone solves the P=NP problem and proves P=NP, then cryptography, as currently envisioned, will be theoretically vulnerable to attacks.
Fourth, the denial of cryptography resources to criminals, terrorists, and adversarial states is a great lure for those responsible for state security, as communications is key for such endeavours. Unfortunately, those in the field will tell you that those encryption algorithms developed publicly are the most secure; security through obscurity is more easily destroyed. On the flip side, acquisition of the keys to an encrypted communications channel can permit silent monitoring of important communications. This had devastating consequences for the Axis powers in World War II, as documented in numerous history books as well as the movies MIDWAY and THE IMITATION GAME; there’s little reason to think the same is occurring even as we consider the entire topic.
I suspect NS is blue skying a little bit here, but the topic is actually quite central to Internet users these days.