On ‘the public understanding of encryption’ Tweet by Paul Johnston

Paul JohnstonSome of the questions by journalists about encryption prove they don’t get it. Politicians don’t seem to get it either (most of them). In fact, outside technology, there are some ridiculous notions of what encryption means. Over and over again, the same rubbish around encryption gets regurgitated as either a political point (and makes a good soundbite) or bad science.

Encryption is relatively complex to understand but the implications of the science are relatively simple. Just saying that “we need backdoors” and “breaking encryption” is easy politics. Actually asking the tough questions about encryption is more difficult.
It’s like climate change. We all know the basics, but many people don’t seem to want to really understand the implications of the science.

The implications of encryption are that we can all send messages back and forth with a high certainty of nobody else seeing it. We can do our banking online and make purchases in complete safety that our info is not being stolen.

Creating your own encryption solution is relatively trivial. If you have a basic understating of the technology, it’s easy. Coding something is quite simple, so much so that if we forced a backdoor, it would push nefarious communications further from our reach…

And make our own communications **less** safe…

This is because any communication that can be decrypted with a backdoor will eventually be decrypted by somebody nefarious. This simple change would mean that all of our personal and business communications would essentially be open.

That’s all of our communications. ALL of it.

And, nefarious users (e.g. terrorists) would simply stop using those communications that they know to be watched and instead build solutions hidden even further. This would make it much more difficult for security services to trace communications. Not to mention the fact that the weakest point of encryption is usually the person, not the technology.

If you want to find out what a person’s communications say, the simplest thing is to ask them or work on the human level. It is blatantly more effective. I mean, look at all the phishing scams. Why would they continue if they weren’t effective? Humans are the weak link in messaging communications.

The technology is frankly a massive red herring used by politicians. They use it to try to gain more powers to “keep us all safe,” when in fact, the opposite is true.  The only route forward for combating nefarious use of encrypted messaging is to focus on the humans, not the tech. This requires resources in terms of people. And the public is willing to help with this.

Technology is a tool. It is not a “Holy Grail” that can solve all problems. Technologists are happy to help, but politicians *and* reporters need to educate themselves or the tech community will simply keep saying the same thing.

There’s an opportunity to start making good decisions here. Let’s stop talking about breaking encryption and making us less safe, and start talking about building communities and looking after people and building a society that is knowledgeable and caring.

Because there isn’t a terrorist around every corner using Whatsapp to plan something terrible.

There are amazing people trying to build communities and look out for each other.

No more talking about encryption (or the companies that use it) as the enemy.

Encryption is not the problem. Not understanding it leads to dangerous politics. It’s bad science, it’s bad reporting, and it gets us nowhere.

This article was written based on the tweet by Paul Johnston in June 2017

If you’re interested in learning more about data encryption, take a look at this AWS Big Data Security: Encryption course or our other encryption content. The course firstly provides an explanation of data encryption, and the differences between symmetric and asymmetric cryptography. This provides a good introduction before understanding how AWS implements different encryption mechanisms for many of the services that can be used for Big Data.

Cloud Academy