encryption, cyber-criminals

Encryption is not the barrier to fight cyber-criminals. There are other solutions.

Click below if you prefer to listen.

A few months ago, I posted an article about the mistake governments would make by banning encryption as a way to control cyber-criminals. One of the replies I received to the article was from a medium user who goes by the name “middle ground”, and this answer got me thinking for months now. I would like to thank that person for the question I was asked because I always love challenges. Obviously, it is one thing to say, “don’t do that” and another thing to promote alternative ways with every answer.

I love protecting people and I believe my job allows me to fulfill this need. That is why I understand and deeply respect everyone who is on the front line of protecting people by risking their lives and that is why I cannot deny the value of their work. Doing otherwise would be irrational and would move me away from my ethics.

Governments have departments that allow people to live with freedom, and without them, we would be living in chaotic and dangerous environments. Reminders of this chaos are terrorism attacks that take place all over the world and, due to my chosen career I am one of the people that puts knowledge and experience on daily basis in order to fight and eliminate these attacks. I am clarifying this because sometimes while I am proving a point I am certain about, I might be misunderstood.

Banning encryption, though, is in a contradiction with freedom. I will not go into the details why because I analyzed it in the previous article [here]. Additionally, my view is shared by many people who have both the authority and recognition in this field.

Today I will reply to the question:

What to do instead?

Let me start by stating that it is dangerous to expect from people who created a problem to solve it, simply because they are going to think in the same way they always think. The problem governments face in solving any cyber-crime problems lies in the lack of the right personal characteristics that are necessary to take such decisions with precision and effective results. People making decisions about security must have all three of the following characteristics:

  1. Have a deep knowledge about security.
  2. Have the ethical background to add another dimension to the equation of the problems they need to solve.
  3. Practice balance by being both rational and empathetic (cognitive empathy) with people at the same time.

Even though I do not like oversimplifying things in general and I consider it a dangerous approach of thinking, I will use two examples to demonstrate what encryption debate looks like in simple terms.

  • Ban knifes because people might use them to kill people. Yes, they might, but they might also cut bread and feed small children to help them survive. Knifes are just a tool and it is in people’s ability to decide how they will be used by each one of us.
  • Put in jail 10 people because one of them is a criminal. You definitely want to find the one who committed the crime and I know, that each situation is different and requires different measures, but jailing 9 innocent people in the process is just not right. You will need more resources and time to do the latter, but its adding the human factor in the equation what we usually forget.

Balanced thinking goes way beyond external. I am completely aware that theory and practice concepts are very different and difficult at the same time, however, we urgently need to practice the ability to be logical and human at the same time. A practice that includes the base of solid values and beliefs, critical thinking and being in touch with our souls, something that governments have the resources to create and flourish; well, at least the first two I mentioned.

With all respect, there is no middle ground with encryption, and this is not necessarily bad. There is no backdoor that can be both open and closed at the same time, or only for a selected few.

Especially in the way processors are currently designed,  and this is something everyone with deep understanding of computer architectures knows very well. If we were discussing a clean slate architecture that at the moment does not exist, it would be a completely different story.

Encryption is just a tree in the wood. Sure, cyber-criminals hide behind that tree as well. Governments are trying so hard to cut that tree, yet forgetting that their vehicles are fueled with fire. Their problem is not encryption. It is a series of actions, decisions and processes that went wrong letting cyber-criminals on the loose and out of control. At the right time, it is good to stop focusing on one thing and start considering the big picture. We must start thinking outside of the box in order to be able to do that. There is no need for broken encryption to capture cyber-criminals. There are other ways, and sure I have thought of a few. Furthermore, I am certain that other people have thought of both short-term and long-term solutions to minimize and, if possible, eliminate cyber-crime, solutions which have been already tested and their results proven. Obviously, I would be naive to analyze them here because it’s a public article.

Let’s not forget that “if there is a will there is a way”.

Somebody might argue who am I to provide a direction about such an important matter. I could definitely enlist my credentials, but there will always be someone with more credentials and more power than me. However, this is not about credentials and power. At the end of the day there is only one thing that matters – who is able to provide a solution.

I respect that people are programmed to act and believe differently, that is why I do not expect this article to be accepted and embraced by everyone. I am a great supporter of freedom of the mind. However, I would like to challenge us all on one thing. Do we really have a free mind or are we moving around with the beliefs implanted in us by someone else and we are just convinced that these beliefs are ours? Cyber-criminals are a reversible issue. You can read more about cyber-criminals [here].

Cyber-criminals are a reversible issue.

The solution is found in the right focus, not in a tool. Encryption is just a tool. As soon as you take it away, another tool will appear, and this will turn into a never-ending game until we decide to deal with the cause of the problem. We need to hit the core of the problem. Encryption is just in the perimeter. I am certain, the right people; can interpret the messages of this article.

Over to you now. If you found this article useful share it with others. Remember, fighting cyber-criminals is a collective effort, and each one of us can contribute to this. I would also like to hear your thoughts about this issue.

I cannot wait to hear your comments so leave them below.

RELATED POSTS:

Picking the Cyber Criminal Mind

Picking the Cyber Criminal Mind

Picking the Cyber Criminal Mind “Creative Commons Silver handcuffs on a black wall” by Sanda, used under CC BY / Desaturated from original A friend of mine asked me: “Is it scary to have a criminal mind?” In order to answer this question, I...

Subscribe

and get the latest updates