The Crypto Dilemma

Encrypted designed by Brennan Novak from the Noun Project
Encrypted designed by Brennan Novak from the Noun Project

Wired have a very interesting section on their site called Threat Level which I regularly follow. In their own words, the site is about Privacy, Crime and Security online.

In August, they published an article on Edward Snowden called Edward Snowden: The Untold Story. It is a slick production – b&w photographs of the wanted star-“criminal” shot by the star photographer Platon and some great writing, combined with the fact that Wired had to wait for almost a year to get in touch with Snowden.

There’s a lot in those images of Snowden – looking fragile and pale – and it got me thinking, about the ‘rightness’ of the Snowden leaks, or rather, the morality of blowing the whistle on your own government. Now this latter issue is a no-brainer for most of us, if your government is doing wrong, you gotta blow the whistle. But when the ramifications of the whistleblowing are much more international – with possibility of terrorism gaining from such leaks – does the issue become much more complex.

The Wired article led on to many things for me, and the recurring topic in almost all the related articles was the issue of internet privacy and cryptography. To get a better understanding, I went on to read The Code Book by Simon Singh, and did some research on the many encryption schemes available – RSA, AES, day pads etc. It’s all fascinating, and all of it makes the internet privacy issue so much more complex.

Are we entitled to internet privacy?

The NSA is said to use ‘sniffers’ to seek out people who use words like “NSA” or “leaks” or “jihad” or some such in their online activities. Even emails and chats. Then they keep an ‘eye’ on you. In the hugeness of the net, I have no idea how they manage to do it. But it is not a comfortable thought. The pro-NSA people would say that post 9/11, things are much more sensitive, and so this type of spying is justified.

I feel otherwise. It seems that the NSA is doing this only because it is possible for them to do so comparatively easily. If today, there was no email, and people were still using snail-mail, things would move slower but people would still communicate. Would the NSA then have opened each letter or postcard going around, everyday? They wouldn’t be able to, and so they would have found other ways to counter the issues. Just because digital traffic lends itself to automated scanning and filtering, it is suddenly correct and in public interest to monitor people’s private communications.

I am sure there is much more to it. But at the basic level, I feel it’s not justified. People’s private lives are just that – private. Chat and email are private communication tools. So leave them be.

So this brings me to the next issue – encryption. Email encryption is like putting your mail in an envelope with an impossible to break seal (Technically, very difficult. Breaking a 4096 bit RSA encryption with today’s computation capabilities would take more time than the age of the universe).

Should we use it? Think about it. Say you are sharing an album of your vacation photos with someone over snail mail. Would you just put a sticker on the album cover with the recipient’s address and mail it off? Imagine a bored sorter at the post-office going through the photos at lunch with sticky fingers. Or the postman smirking at you when delivering the album – ‘did he see that one photo?’ you would think. Some of you would argue then that why should you share such stuff online in the first place? Recent celebrity nude leaks on reddit also make the same point. Agreed, you wouldn’t share extremely private photos even on snail mail, that’s a bad idea any time. But even the other stuff, just regular family-in-the-restaurant-eating-exotic-dinner photos – why would anyone be okay with unintended people having a look at them? Same goes for documents.

Encryption basically puts all your stuff in an envelope that only the recipient can open. So, yes, its a good idea. This also means criminals and terrorists would use encryption for their sinister stuff. Does the prior issue outweigh this latter one? Some have the opinion that stopping terrorism is much more important than stopping someone going over your family photos.

There lies the dilemma. What would the NSA have done if there was no email or internet?