Ever since Edward Snowden broke news to the world of NSA’s PRISM surveillance program in June 2013, the word “encryption” has latched onto the public imagination and the conversation regarding online privacy. However, ignorance and misinformation regarding the concept of privacy in an open online world leads to statements such as ‘I have nothing to hide‘. Put simply, it means that the person saying this thinks that mass-surveillance programs by governments don’t threaten privacy unless it covers illegal activities. If you have nothing to hide, then you have no reason to fear surveillance.
I hope you too, can see how flawed this argument is. A system with a hole for one party can be exploited by others. An online system that has checks in place to conform to government surveillance can be exploited by others as well. This means that though the conversation you have with your friends are perfectly legal, someone else can snoop in and read them. Scary huh?
That is exactly what encryption helps solve. In layman terms, encryption is the process of encoding information such that only the recipient can see it. Think of it as the simple coded messages we used to pass in school. A=1, B=2 and so on. You convert your message into numbers, and your friend, who knows how to decipher it, can read the original message. So your friend has what can be called the decryption key, a method to unscramble the message and get the real information. Even if the note gets into the hands of someone else, the message is not clear to them. So even if a third-party intercepts your encrypted message, the information within is still safe.
The example I’ve provided above of substituting letters of the alphabet for numbers is one of the simplest forms of encryption, known as a substitution cipher. There are several other encryption methods used in computing today, with more complicated algorithms. Well designed algorithms make sure that access to your encrypted content is nearly impossible without the corresponding decryption key. So encryption sounds hyper-futuristic, right? Like some technical advancement we made in the computing age? Wrong.
Encryption was used by the ancient Egyptians on the tombs of pharaohs and by the Romans, to obfuscate military communication. Modern encryption used in our computers and smartphones and online banking transactions is a really powerful process that actually requires a lot of computing power. Take AES-256, for example. It is one of the most commonly used form of encryption today. Major corporations and governments use and trust AES-256 encryption. In AES, the largest possible size of the decryption key, is 256 bits. One bit is either a 0 or a 1, the language used by computers. There is a combination of 256 0s and 1s in an AES decryption key alone.
With each bit having two possible states (either a 0 or a 1), there are a total of 2256 keys possible. Now, you can imagine how big that number might be. So can we break the encryption on this? One popular but slow method of breaking encryption is the brute-force method. It involves systematically checking all possible keys until the correct one is found. This means, in the case of AES, we only need to check out 2256 possible key values.
Now here is how we can go about breaking the encryption with brute-force. We can use a CPU or a GPU to do this. GPUs are preferred because it is better at completing the same type of repetitive tasks than a CPU, which is more of a general purpose chip. Usually, high end GPUs perform at about 2 gigaflops. That means they can do 2 * 109 operations per second. Assuming we have one billion of these GPUs, we can do (2 * 109) * 109 operations per second. That’s 2 * 1018 operations per second. In other words, we are checking 2 * 1018 key values every second. Surely, we’re making some progress, right?
Based on a little Google-fu, I’ve found that it would take 2.42 * 1079 times the age of the Universe to test out all possible values. The current age of the Universe is about 14 billions years. It would take an amount of time that is 2.42 * 1079 times 14 billion years to break a standard AES-256 encryption. Think about it. This is the power of encryption. This is what is available to all of us, now. We all use this form of encryption everyday, without even knowing it. Though it takes a mind-boggling amount of time to break the encryption, you can be sure that your recipient can instantly read your message as soon as they get it, because they have the right key to decrypt it.
And this isn’t even the whole story. There are several other methods and algorithms for encrypting data, like PGP, which are used by a variety of apps and services in our daily life. Encryption helps us be safe and protects our data from being intercepted online. Whenever you use an encrypted messaging service, you can be sure that no one else but your friend can read your messages. As more and more of our lives shifts online, encryption is one of the many ways for us to be safe. Several major Web and technology companies now offer really good encryption when using their services, which is a good sign.
No matter how little you might have to hide from the government, mass surveillance will always have a chilling effect on your online life. People are less likely to spend their time online and do the routine activities they do if they know they are being watched. It just doesn’t feel right when someone is breathing down your neck when you are trying to do something, watching your every little move.
Not only is encryption something that is truly powerful and exciting, it’s also a basic right that netizens should demand, from their ISPs and other Web service providers. Though there are several ongoing attempts by governments and even corporations to thwart the openness and security of the Web, activists have rallied against these measures. We must now strive to keep the Web open and safe and private, forever. This great video series by the Mozilla Foundation, makers of Firefox and perennial Internet freedom fighters offers a great look into why encryption is important and why mass surveillance and other intrusions into our privacy have to be stopped.
The Internet and the Web are surely the greatest inventions of mankind after spoken language and printing. Never has there been an equalizing force so great and so pervasive, a communication medium beyond regional borders and linguistic differences. Let’s fight the good fight, to keep the Web open and safe.