Australia ignores cyber security at its peril

Encryptions arms race begins for tech giants and law enforcement

The encryption arms race has begun and giant telcos and law enforcement are at loggerheads and how this will play out is discussed in The Australian.

Read the full article below

Edward Snowden is a fan of it and intelligence agencies are locked in a tussle with the likes of Google, Apple and Facebook over it. Welcome to the digital encryption arms race that pits consumers against cyber-criminals and the government.

As for the tech giants, they are looking to service the increasing demand for improved encryption while trying to keep enforcement agencies at bay. The recent fracas between Apple and the FBI was the latest flashpoint in an ongoing battle for access to information.

Connectivity is paramount in the digital world but there’s a price to pay as we strive to stay connected to our friends and family. The information trail we leave behind is an invaluable resource much sought after by corporations, government and cyber-criminals.

Digital encryption is one way to protect personal information, but how does it work?

Many systems today employ encryption techniques, first developed more than 15 years ago, and the most common is a substitution block cipher.

Under this technique, the data is broken up into blocks, groups of bits, and transformed into a new group of bits using a template and a digital key. The commonly used block cipher uses one of three templates to determine how the digital key transforms each group of bits. Each system has a unique digital key that is used to encrypt the data and the digital key is a shared secret between the parties sending and receiving the encrypted information.

As computing power has increased, methods to decrypt messages and discover the digital keys have been developed.

The most common approach is to adopt “brute force” by creating digital keys using every possible combination of bits and seeing if the message can be successfully decrypted.

To combat “brute force” attacks the length of the digital key can be set to either 128, 192 or 256 bits, which makes decryption much harder. For a 256 bit key it’s estimated that a “brute force” attack would take millions of years using the most powerful computers available and the most advanced alternative to “brute force” would require about 38 trillion terabytes of data being stored during the attempt to find the digital key. That’s a massive storage headache.

Recent advances in quantum computing and the computer generation of truly random numbers means that improved encryption is quickly becoming a part of our everyday lives and this is giving palpitations to governments as they seek to grapple with the combined threats of terrorism and cybercrime.

War of attrition

The question of whether a company that sells devices and systems to consumers should help law enforcement agencies by unlocking encrypted devices was put to the test in the fight between Apple and FBI.

In 2014 Apple decided to encrypt all of the data within its products and released an update of iOS 8 with enhanced encryption. Apple argued in court that the company’s reputation and relationship with its customers would be irreversibly damaged if it assisted the FBI. While the outcome of the court case is unresolved, the FBI was able to access the personal information in the iPhone with the help of Cellbrite, an Israeli mobile forensics firm.

Apple’s efforts to encrypt personal information stored on its devices has been attributed to Snowden’s revelations and how the US National Security Agency has developed systems that collect vast quantities of personal information right around the world using a variety of techniques, some of which involve close collaboration with equipment vendors that help build the global telecommunication networks.

The FBI also recently put its focus on bringing criminals to justice ahead of protecting the privacy of millions of innocent people that use the Mozilla Firefox web browser when it used a security flaw in the web browser code to investigate users of a large secret child pornography website hiding in the dark web. When Mozilla asked the FBI for details of the security flaw so that it could fix the Firefox web browser the FBI refused to help.

While you might agree that the FBI’s use of the security flaw to catch criminals was justified there can be no reasonable justification for not informing Mozilla of the flaw afterwards so that Firefox can be secured to protect users.

It’s part and parcel of a game of attrition between agencies and technology companies and the stakes are pretty high. It’s hard to question the need of agencies in light of the supposed threat landscape but by the same token we have seen gradual erosion of due process and in a digital landscape — where agencies and tech companies are moving in separate directions and consumers are seemingly caught in the crossfire.

Mark A Gregory is a Senior Lecturer in the School of Engineering at RMIT University

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.