path: root/paper.ms

.R1
short-label D.y
sort spec
.R2
.TL
Title
.AU
Mohit Agarwal
.AI
February 2022
.LP
A problem (instability), a solution

is this a fair question to argue

define objectives
.br
How should we deal with encryption?
.br
What does the future hold for encryption?

topic sentences?

Ars technica: seek alternate source

Symbol, slogan, surprise, salient (sticks out), story

The Internet offers an arguable Utopian communication method. The
nature of computers and the information stored on them means that data
such as a book or film can be duplicated practically instantly. When
sharing information on the Internet, the physical limitations of
traditional methods do not apply. To give someone a book is either to
lose the copy yourself or to obtain or to produce another physical
copy of that book. With the Internet, however, information can exist
in a more absolute state, separated entirely from any physical media.
Millions of people can download a single book as easily as one person
could, and the traditional limitations that lead us to 'own'
individual property no longer exist. In this way, the Internet
eliminates the ownership of information in whatever forms it
perpetuated through the attachment of information to media such as
books or celluloid film, and the copying of information can take place
in its purest state: of literal information, and then being stored as
pure information, although on a physical media such as a hard drive,
for all meaningful reasons (due to the large capacities and low cost
of modern drives) unattached to anything physical whatsoever. Although
this was true for other methods of sharing information, such as
through radio broadcasts, information received via the Internet can be
easily stored, processed, and accessed at any time, as well as giving
anyone the ability to broadcast their own information rather than
receive it, as usage of broadcasting towers was and remains limited,
whereas the internet may be used to present new information by anyone.
A key example of this might be Wikipedia. Wikipedia allows individuals
to contribute to entries that form a vast encyclopedia.

An argument is often made against digital privacy in the interest of
national security. With access to communications and usage history law
enforcement and government can quickly discover large amounts of
information useful in a criminal investigation or in preventing
criminal activity. Graham{#CTC terrorists} explores the use of
encryption by terrorists which is often cited in a reason for giving
governments access to unencrypted Internet communications so that
suspicious activity can be flagged and investigated in order to
prevent a terror attack or in order to better respond in the case of
an attack. Graham describes the extensive use of end to end encryption
used by terrorists in order to avoid interception by the authorities.
Due to US usage of intercepted communications to uncover and prevent a
number of al-Qa'ida plots, the terrorist organisation and other
terrorist groups have increasingly used encrypted communications (read
citation from Graham). An significant factor is the use of
non-mainstreams software in early use of encryption by terrorists,
including a program that built a wrapper around the popular, secure,
and open source PGP called \fIMujahedeen secrets\fR. Although now
terrorists and criminals use widely available, popular, and
user-friendly software such as the Tails operating system or Telegram
(Graham citation 28), terrorists organisations have shown an ability
to make use of more obscure and complicated systems, as well as use
publicly available source code in order to construct software for
operatives to use.

Although the issue of popular messaging technologies and their support
for 'end-to-end encryption' is often discussed, the argument that the
introduction of end-to-end encryption by large companies such as
Facebook gives an advantage to criminals {conversation Facebook}{home
office} is arguably an entirely invalid one. By preventing the usage
of true end-to-end encryption in industry, we will not be able to
prevent those attempting to evade the law from doing so, as shown in
the case of terrorist organisations who have used more obscure
software in the past and also in the case of the abundance of illegal
activity that occurs on the so called dark web in the form of the
trade of drugs and child pornography among others (cite). Instead the
limitation of use of encryption on popular software will only decrease
the privacy of those uninterested in criminal activity and instead
using technology to communicate. In the case of platforms such as
Instagram (which is owned by Facebook) it is quite clear that the vast
majority of communications (cite) will not contain anything illegal
(reword) and that it is these conversations that will suffer from a
lack of encryption. The information exposed by Edward Snowden in 2013
demonstrates that the US government has processed and collected vast
amounts of unencrypted data (cite) and likely continues to do so. In
the case of unencrypted messaging the problem remains and preventing
end to end encryption will simply allow governments to maintain the
status quo of being able to intercept and read all communications
between its citizens and individuals outside of their jurisdictions.

In order to conduct the vast amounts of surveillance they did in the
GDR (German Democratic Republic) in support of the ruling party
{Jarausch}, the Stasi gathered information from a vast network of
informants who greatly outnumbered Stasi agents {Bruce 2014}. Whilst
in Nazi Germany there may have been around 1 Gestapo agent for every
2300 citizens, in the GDR it was closer to 1 informant or officer for
every 63 citizens. Those living in the GDR often had experiences
involving investigation by the Stasi and there was clearly an
understanding amongst citizens {funder} of the GDR that one had to be
wary of an informant or agent listening in. In modern western society
there is a similar collective understanding that governments
attempting to carry out surveillance on a massive scale on their own
citizens. A key distinction, however, is that in societies such as the
UK, this work is not carried out by a vast network of informants,
there are no gargantuan gargantuan stores of paper, and there are no
hundreds of miles of film (cite all) documenting and aiding the
surveillance of the authorities. Instead, there 

As with any technology, regulation has followed behind development in
an attempt to control its limits. Much as automotive regulation
followed the increase in popularity of cars in areas such as the UK
and US, regulation will no doubt follow the newfound popularity of
heavy encryption. There are however, difference in the case of
encryption when compared to cars. The rate of change with modern
technology is far greater. There are already discussions about quantum
computers and their potential to overcome current encryption methods.
In the case of encryption regulation will continuously struggle to
control encryption methods due in part to how quickly they change, but
perhaps moreso due to their decentralised nature, where a government
cannot prevent the existence of software that enables encryption which
is open source and reproducible internationally. Just as media privacy
through torrents and access to hidden services over tor are possible
without significant regulation, regulation of encryption may prove
impossible. An arguably useful tool to the authorities does exist in
the hardware and infrastructure that users of the internet rely on.
Firstly, the vast majority (cite) of users in the foreseeable future
will continue to use the highly popular CPUs designed by Intel. 
Concerns have already been expressed {Intel Management} with regard to
the Intel Management Engine that exists on modern processors produced
by Intel. Should governments chose that backdoor access is essential,
then this presence in hardware around the world alongside an influence
over Intel (a US based company) to give access to governments may
provide them with the ability to access information directly from the
target's hardware rather than having to intercept information in
transit. This would go for other hardware vendors such as AMD or ARM
also. Whether or not companies such as Intel would open backdoors to
governments is up for debate, however we are aware that in the case of
the Intel Management there was potentially an ability for it to be
disabled by US government authorities such as the NSA, demonstrating a
level of leverage the US government potentially has over organisations
including but not limited to Intel {register kill switch}{intel me
bleepingcomputer}.
Regardless of the level of influence governments might or
might not hold over private corporations, the potential exists for
systems built into non-open hardware which most people, even those
using open software use, leaving them more open to exploitation from
either state or private actors. Furthermore, there is a visible
interest in increasing the presence of technologies on the hardware
level, including the aforementioned Intel Management Engine, the
Trusted Platform Module (cite), and recently Microsoft's Pluton (cite)
subsystem, which will be present on hardware sold in the future. This
variety of hardware within a single computer is a rather interesting
and potentially worrying development, particularly with the clear
influence and interest both the US and Chinese governments (cite
both) are respectively showing (the US and China are the two largest
chip manufacturers (cite, reword)).

Is discussion on this useful?
Individuals around the world have clearly expressed interest in
matters of privacy and encryption (cite) and open source software
allows those with the technical skills to become involved in the
development of technology that enables strong encryption and avoids
state surveillance. Measures taken by governments to prevent this
development will doubtless be limited unless extreme actions such as
those seen in China are taken. Otherwise, development will continue to
occur in both free and non free societies in support of individual
freedoms. The assertion of `Linus' law` that "given enough eyeballs,
all bugs are shallow" (cite - CathBaz) creates a serious inability
for actors such as governments to engineer backdoors into software as
the NSA previously has (cite) or to prevent the development of
software altogether (find example). On the other hand, a significant
amount of the software and hardware 

The discussion of encryption and related technologies has arguably
limited impact. State actors such as the NSA will continue to act
against individual freedoms and attempt to find or introduce backdoors
in technology that is widely used as part of its actions purportedly
in the interest of `national security`. Although public reactions to
information such as the 2013 Edward Snowden releases have been very
strong, they have not had significant effects on legislature, the
funding received by the NSA, and quite possibly the level of
surveillance carried out by the NSA (cite all). Thus, from recent
history, discussions in public or private spheres are unlikely to
influence decisions made inside already secretive agencies where
governments are ready to except that sacrifices must be made for the
greater good. Of course, the issue arises when surveillance exists
that does not exist simply to protect a nation, but instead mass,
indiscriminate surveillance is carried out on citizens not suspected
of any criminal or terrorist activity such as the Optic Nerve
program in the United Kingdom (cite), however governments nonetheless
prove willing to fund the activities of surveillance agencies.
Furthermore, there are options available to authorities that are
regularly made use of. (Give example from Graham)

Ms Pluton

{firewall}

.nr HY 0
.ad l