Is encryption really the key?31 August 2017
The Commonwealth Government recently proposed new legislation that will compel technology companies, such as Apple, WhatsApp and Facebook, to provide law enforcement agencies with access to users' encrypted messages. The idea is that it will assist with criminal and terrorist investigations...but what if that access falls into the wrong hands?
Messages sent via applications (apps) that use an end-to-end encryption system are encrypted with a "public key" and can only be decrypted by the receiving user's corresponding "private key". Under this model, not even the tech companies have access to the keys of either user, so are unable to decrypt the messages. This allows you, me and criminals alike to communicate behind a veil of complete privacy.
They've got the key, they've got your secrets
We don't know yet how tech companies will gain access to the encrypted content, but a couple of ideas have been bandied around. The first introduces a "master key" held by the tech company. The master key would continually decrypt messages, readily providing access to law enforcement agencies where necessary. This approach seems the most likely, but it presents significant security implications for general users. Supposing hackers were able to obtain the master key and effectively open the "backdoor", an incredible amount of user data could potentially be exploited.
If you can't beat 'em, join 'em
Option two would see the contents of a message copied before it is encrypted by the sender's device. This means the messaging application would be enhanced to record the keystrokes entered by the sender—a procedure commonly associated with "keyloggers", which are surveillance programs that record every keystroke typed and are often used to steal people's passwords and personal details.
Not much is known about the proposed legislation, but these predicted methods have already received backlash. Tim Gallagher, founder of the end-to-end encrypted messaging application "SafeSwiss", told the Huffington Post that: "either an app is encrypted, or it's not".
This is a tricky one—risking the privacy of the general public in an effort to shut down criminal activity and terrorism. Comment below with your thoughts?