Today I want to chat about cryptography and its applications in digital communications, specifically in the area of computer applications such as email and text messaging. I want to explore the notion of security and privacy when cryptography applied to these applications in order to protect the general public from massive tracking and monitoring by world governments and corporate power houses. The question in hand: can cryptography deliver on its promise of security and privacy?
Lets review what cryptography and digital certification is. Cryptography and digital certification in its most abstract level is a process of modifying data in a way in which unauthorized user can not interpret it or modify it without being detected. There are two most common approaches to encryption - symmetric encryption and asymmetric encryption. In symmetric encryption, same key used for encryption and decryption. In asymmetric encryption (public key encryption), two different (but mathematically related) keys are used: a private and public keys. Asymmetric encryption is mathematically stronger than symmetric encryption, but computationally is more demanding and usually this encryption approach is not used for real time communication applications. In practice, both encryption approaches are used together in encryption infostructures. For example in SSL, a symmetric key will be exchanged using asymmetric encryption. Actual real time SSL session is then uses symmetric keys to encrypt data. The most important thing to remember is for any type of encryption to happen, both parties need to exchange the secret - a.k.a. the encryption key, to be able to encrypt data. The exchange of the keys happens via networks and computer hubs which belong to corporations and could be controlled by governments. This takes me to our topic of the discussion: can cryptography deliver on its promise of security and privacy?
The short answer is yes it can. Although theoretically sniffers, network programs that intercept data, could be put anywhere by anyone with an access to the global network hubs, practically it is impossible. It is very costly and inefficient to time and predict the route of the key exchange, specifically in the context of mobile communications, proper key rotation rules and general complexities and distribution of the network. Said that, I believe that targeted demographics could still be tapped and monitored as there are advanced algorithms for routing pattern prediction, sniffing and key and certificate mascarading.
There is a number of excellent global open source and private initiatives to secure general public's communications to avoid massive tracking and censoring. I truly hope that Linkedin, Facebook and the likes will take the lead and scale up their platforms to provide a truly secure and private, user to user communications. Reality is though, this would contradict to these organization's main objectives of data mining, which arguably is the critical aspect in revenue maximization for these powerhouses.
I am after all sharing this post on Linkedin...