Donate
‹ Back
Encryption 3 May 2013

Freedom of Speech: Rethinking the Role of Encryption

Classically, the encryption of data solves two simple problems:

  1. how to store data securely when it’s at rest,
  2. how to communicate it securely when it’s in motion.

On the face of it, that makes encryption look like an ideal tool for freedom of the press: it can render a journalist’s stored data meaningless to unwanted readers, and protect transmitted data against interception.

Unfortunately, those two “simple problems” have never been the whole story. For one thing, both the journalist and the intended recipient of transmitted data have to be able to decrypt the data… and that gives rise to a number of problems. As former Burton Group and Gartner analyst Bob Blakley puts it: encrypting data is easy; the hard part is managing access to the keys. Neither is this purely a technological problem. Even the strongest encryption can be rendered useless if – for example – its user can be fooled, persuaded or bullied into disclosing the key.

There are also the problems of how to distribute decryption keys securely, how to manage and replace keys over time, and so on. These problems, even if they are not often well solved, have at least been known about for many years.

Then there are the problems to do with regulation of cryptography. I don’t propose to discuss those here – only to note that if you take any technology, from the rock onwards, humans will find both beneficial and destructive applications of it. The key is to legislate for behaviour, not for technology.

Periodically, too, someone will suggest that one regime should support journalists/activists under another regime by providing them with the means of free expression… in the form of some kind of toolkit for secure, encrypted communication. To my mind, this is to return to the original fallacy, namely that encryption technology is enough to solve the problems raised by restriction of free speech.

However, there are other tools we could be developing that don’t raise the same kinds of issue as cryptographic ones, and which would be of practical help to anyone who has a serious concern for their digital privacy. In particular, let’s look at the problem of digital footprints.

Managing your digital footprint

The more devices we use, and the more networked our world becomes, the bigger the digital footprint we leave behind us with every online action.

Some of us  already take some steps to reduce our digital footprint – for instance, clearing cookies and browser caches after each use – but how many of us even know about, let alone manage, all the other data trails we create as we use our devices?

  • Have you ever cleared your machine’s “thumbnail” cache?
  • If you have ever transferred your mobile SIM from one handset to another, how many of your contacts’ details did you leave in the onboard storage of the old handset?
  • And, to return to the crypto theme: if you installed a secure communications app on your smartphone and it used its own key pair, where are they, and what Certificate Authority do they identify?

How many of these pieces of information would you be happy for someone else to find – especially if freedom of speech is a particular concern?

Here’s my suggestion: rather than get into debates about whether to air-drop crypto survival kits to dissidents, why not develop tools that help people see and manage the digital trail they create on their own device(s)?

This wouldn’t prevent those who wish to from encrypting their stored data or their communications. It would, however, help reduce some of the other data we’re all generating – day in, day out – on a growing range of personal devices that, increasingly, reveal more about us than we reveal about ourselves. Whether specifically to safeguard access to free speech, or to protect our privacy more generally, this is something that ought to be of value to all of us.

 

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Owning Your Keys: The Technical and Human Side of Encryption
Owning Your Keys: The Technical and Human Side of Encryption
Encryption5 November 2019

Owning Your Keys: The Technical and Human Side of Encryption

Ever wonder if your next doctor’s appointment will result in jail time? Luckily most of us never have to think...

KRACK proves we need more encryption on the Internet
KRACK proves we need more encryption on the Internet
Encryption16 October 2017

KRACK proves we need more encryption on the Internet

A serious weakness in Wi-Fi security was made public earlier today. The Key Reinstallation Attack (KRACK) can break Wi-Fi encryption,...

Deconstructing the Encryption Debate: The Internet Society-Chatham House Roundtable on Encryption and Lawful Access Report
Deconstructing the Encryption Debate: The Internet Society-Chatham House Roundtable on Encryption and Lawful Access Report
Encryption24 April 2018

Deconstructing the Encryption Debate: The Internet Society-Chatham House Roundtable on Encryption and Lawful Access Report

Encryption is an important technical building block for Internet trust. It secures our infrastructure, enables e-commerce, ensures the confidentiality of...

Join the conversation with Internet Society members around the world