One of the most enticing features of WhatsApp is its offer of end-to-end encryption. This has ensured that our most personal conversations, and our treasured photographs of children and grandchildren, would be safely sent to family members and friends in a closed and safe communication loop.
But when Brian Acton (co-founder of WhatsApp) left Facebook, he made the dramatic statement that he had ‘sold my users’ privacy to a larger benefit. I made a choice and a compromise. I live with that every day.’ Suddenly, the encryption of our personal communication became a huge concern. Later, Brian Acton doubled down and appealed to Facebook users to delete Facebook.
This is part of a conversation that is as old as social media, but is more urgent as algorithms, machine learning and AI begin not only to dominate what is sold to us, but also create individualised personae of who we are. Some in the community liken this to a Minority Report state in which one is guilty before the crime occurs. The recent documentary The Great Hack has made the conversation around privacy both urgent and public. A closer-to-home example of private data being used to manipulate the public is the case of Bell Pottinger. Two years ago the full extent of Bell Pottinger’s manipulation of South Africans through the use of PR campaigns, fake social media accounts and bots that used personal information to categorise us and then manipulate us was exposed, and led to a global investigation into the firm.
Encryption is not just about our data being used to create a digital version of ourselves from which we will be shortlisted for potential work, advertised to on social media and digital platforms, and given health advice, but also about our physical environment. Some criminals are even using baby monitors and security cameras to hack into homes.
Much like virus protection, the future might be one in which we encrypt our personal spaces including our homes, personal devices and, eventually, our modes of transport.
So, as the world becomes more connected, encryption becomes more complex. Some of the latest developments include quantum, homomorphic and biometric encryption, and wearable two-factor authentication.
The ‘no-cloning theorem’ proved by William Wootters, Wojciech Zurek and Dennis Dieks in 1982 states that quantum information carried by particles such as photons cannot be replicated exactly. The forerunner in quantum encryption is the Chinese government. Central to this is the development of the quantum key and that, with the nodes to decrypt and encrypt, creates a vulnerability but substantially lowers the threat. The challenge now is in creating technology that is small, scalable and affordable. And, of course, there is now the spectre of quantum hacking to contend with.
Homomorphic encryption allows users to work on data without decrypting it. However, to get to the end product, one has to use a secure key to unlock it. In 2009, IBM researcher Craig Gentry came up with the first fully homomorphic encryption scheme, and compared the system to ‘one of those boxes with the gloves that are used to handle toxic chemicals … All the manipulation happens inside the box, and the chemicals are never exposed to the outside world.’ The challenge is speed, but IBM says it is getting there.
Already used in our everyday lives, biometric encryption has revolutionised how we unlock digital devices and physical doors, and how we buy our morning coffees. The concerns are multiple, ranging from our data being stored in unsecured locations to having it hacked and used against us in purchases, and also about how facial recognition is largely a failure when combating crime. Another common criticism is how the encryption can be confused by the common cold and therefore cause a potential problem in accessing one’s phone, bank accounts, and even one’s home, but as the technology develops and machine learning matures, this should not be as challenging a problem as it seems now.
Wearable two-factor authentication
Recently travelling in London, I watched as people used their phones as their Oyster card to access public transport, and even scanned their phones to pay for their coffee and croissant on their rush to work. It brought to mind the work by Digisec – technology so small it can fit into something as small as a ring, and can be placed in clothing. These little encryption devices are so easy to carry and, hopefully, will keep us safer.
But let’s be practical
For most of us, these technologies are far outside of our technological abilities and financial means, so what can we do to keep our data safe? Changing all passwords regularly sounds obvious, and also obeying the four basic password rules:
- 12 character minimum
- include numbers, symbols, capital letters and lowercase letters
- do not use dictionary words
- do not rely on obvious substitutions such as Spain becoming 5pa1n.
Of course, if you need some help with all the passwords, a password manager is your best option.
As for the devices you purchase for the security of your family and home, hold the makers accountable for the security that they are selling you. And for communication, why not take a look at where Brian Acton has most recently invested – Signal (signal. org)?