March 25, 2019
The Madness of March | Will Your Authentication Solution Stand Up?
Each year in the spring, the NCAA holds a basketball…
Earlier this week, FBI Director James Comey said that the country needed to have an “adult conversation” about encryption and how it’s used. To get the ball rolling, here’s what we thought that conversation might sound like.
Alice: Bob, I need to talk to you about something. Have a seat.
Bob: Uh, ok. Sounds serious.
Alice: It is. There’s no easy way to bring this up, so I’ll just jump right in. We need to talk about encryption.
Bob: (Rolls eyes) Oh no, please don’t do this. I don’t want to hear about this from you.
Alice: Too bad. You’d going to hear it from me. I don’t care what your friends at school or the mall have been telling you or what you think you know. I’m going to give you the real facts, the way they were given to me. Using the Internet can be fun, but it carries a lot of risks with it, too, and you need to know how to protect yourself and the people you’re communicating with.
Bob: I have Snapchat, I know how this all works.
Alice: Oh man, this is gonna be harder than I thought. Ok, here we go. When two people want to share sensitive information they love very much, they use encryption. This is a very private interaction, and it’s only meant for the two people involved. It’s not meant for public viewing and what those two people share is their own business. The encryption systems that make these sensitive exchanges possible involve a lot of complex math and I know math grosses you out so I won’t get into that. But all you need to know is that the math is beautiful and it’s designed to work one specific way and if you try to mess with it, you get a bad outcome.
Bob: We learned all this in Internet health class.
Alice: OK, so what happens when a third person gets involved? How does that work?
Alice: Everyone thinks they know it all. Let’s say a third person wants to see what the first two people are doing. But it’s a private exchange, so he can’t see it. What he does instead is try to get one of the people in the exchange to tell him what they’re talking about. There’s a few ways to do that, but the easiest one is to get those two people to use an intentionally weakened kind of encryption that allows him to see what they’re doing. But because of the way that the math and our devices work, that would allow him to see what any user of that encryption was doing.
Bob: That’s creepy.
Alice: Right? This is why you need to use strong protection every time you communicate with someone else. Not just when it’s convenient or when you remember. Every time, Bob. Because weak protection doesn’t just put you at risk, it puts us all at risk. Are we clear?
Bob: Yeah. Can I please go now?
Alice: Right after you delete Snapchat.