Surveillance: How encryption works - Part 2

Privacy advocates claim the government's plans to monitor email using real-time decryption are unrealistic and illustrate the government's backwardness in understanding the issue.

At the heart of the debate is encryption technology. How does encryption work and why is it so important for our personal privacy? Will Knight provides insight.

Back to Part 1

Real-time decryption

With any sort of encryption, decrypting information without the public and private key means deciphering the encrypted data by brute force alone.

According to encryption experts this cannot be done in real time. But the National Criminal Intelligence Service (NCIS) has called for real-time access to data, to prevent lawbreakers from being able to use encryption to keep their communications secret. This has led some in the encryption field to suspect NCIS or other anti-crime bodies will either covertly intercept people's keys or force suppliers to weaken the encryption they distribute.

What the experts say

Caspar Bowden, of the Foundation for Information Policy Research (FIPR), a think-tank that researches the UK government's policy on privacy and encryption, says, "There is so much rubbish written about encryption and it really is such a complicated issue. Saying that the interception of data and encryption are one and the same thing, as the government is, is totally wrong."

Independent encryption researcher Brian Gladman says that deciphering encryption in real-time using brute force just can't be done. "Brute force decryption in real-time is not feasible unless a hopelessly poor algorithm is being used, or there are flaws in the way the encryption is implemented or employed."

Ross Anderson, an encryption expert at Cambridge University and the founder of FIPR, explains why this is the case. "The speed with which the government can decrypt information depends on the amount of time and resources they wish to invest."

Anderson is angered by the government's claims that it only wants to use real-time decryption to get access to criminal communication. "The bad guy out there isn't even effected by encryption because criminals won't use encryption if they're sensible. Encryption has nothing to do with crime-fighting because the way that criminals are monitored is simply by seeing who they are communicating with."

A second issue concerning the government's IOCA proposals for the regulation of encryption is the suggestion that a person in receipt of an email must produce its decryption key or face two years in prison. Brian Gladman, an independent encryption expert, characterised this aspect of the IOCA proposal as "pernicious and draconian" since it would never be possible for anyone to prove they do not have the key that they are accused of owning.

Malcom Hutty, director of a group concerned at the government's encryption policies says, "There is a misunderstanding of encryption at ministerial level and just a determination to enforce a draconian law at the grass-roots level where they know it is rubbish."

Back to Part 1

Take me to Surveillance.

What do you think? Tell the Mailroom.