We’re Winning The Crypto Wars
While the FBI and some governments are still fighting the Crypto Wars in courts and with laws, the spread of encryption appears unstoppable.
Image: Ruslan Grumble/Shutterstock
This year has been filled with bad news. The world of cybersecurity has been no different, with zombie armies of hacked internet-connected devices taking down the internet, seemingly endless data breaches hitting hundreds of millions of people, and Russian hackers allegedly trying to mess with the US election.
Lost in this deluge of doom-and-gloom, some might have missed the good news: the spread of encryption, the technology that's used to secure the data on your devices, your chats and sexts, as well as your internet connection, seems to be reaching a tipping point.
Read more: The Motherboard Guide to Not Getting Hacked
It's true, we're still in the midst of what some call Crypto War 2.0, a reignition of a 20-year-old conflict between law enforcement authorities and technologists focused on just how much access cops should have to user's data. But in 2016 alone, encryption has won a crucial court fight, became default for hundreds of millions of people who use popular messaging apps, and spread like wildfire on the web.
Apple vs. FBI
The feds have been waging their new war against encryption for more than two years now. For most of the time, the war has been rhetorical, with repeated and vague calls to tech companies to do whatever they can to make users' information available when the cops come knocking at their door.
Earlier this year, the fight got real, when the FBI knocked at Apple's door with a technically clever court order to unlock the iPhone of an alleged terrorist. In a weeks-long battle, Apple fought back, arguing that while they wanted to help in any possible way, this order went above and beyond what the company could do, and what the law required them to. For Apple, and a litany of tech and security experts, what the government wanted was a backdoor, and a dangerous precedent to require other companies in the future to do the same.
In a twist ending, the FBI ended up withdrawing from the court fight after finding another way into the phone. While this might seem like a win for the FBI, or at least a tie, it was a win for encryption. Faced with a long legal battle that Apple seemed poised to win, the FBI had to resort to a pricey hack that likely only worked old models of the iPhone.
In a another case revealed this year, the US government asked Yahoo for help scanning its email users. Yahoo gave the government a hand creating a controversial tool that took the company's security team by surprise. Years ago, before documents documents revealed how the NSA took advantage of unencrypted data to spy on the internet, the US government didn't need Yahoo to do this. Thanks to the rise of encryption, this time the government couldn't have done it by itself, and had to ask Yahoo for help.
End-to-end Encryption for the Masses
For many years, if you wanted to send a message on the internet without anyone, except for the recipient, seeing it, you had to use clunky solutions that required extra software, extra effort, and probably didn't work on your favorite messaging apps. End-to-end encryption, as it's called, was a luxury for the paranoid geeks.
In 2016, your messaging apps can now do all the work for you, and some do it without even you even realizing it. WhatsApp, which boasts of more than one billion users, turned on end-to-end encryption for all its users in March of this year. A few months later, even Google and Facebook, whose business model is having access to users' information for marketing purposes, joined the revolution by giving users secure, end-to-end encrypted secret chats, although their solution is just an optional feature and not turned-on by default—at least for now.
Websites that deal with sensitive information, like your bank's online portal, or your email provider, have used web encryption for years. Encryption on the web ensures that your passwords or checking accounts data are protected as they travel across the internet. It's usually visualized by that green padlock and the letter "S" at the end of the "HTTP" on your browser's address bar.
It's not just about protecting passwords and credit cards, though. Websites that don't have HTTPS can be hijacked by hackers to infect visitors with malware, or can be spied on or censored by governments that can monitor what you are browsing. For years, however, webmasters didn't bother getting that extra S that ensured security and privacy for internet users because it was expensive and they thought it wasn't necessary.
That's no longer the case. A small non-profit project called Let's Encrypt offers free digital certificates that are needed to switch from HTTP to HTTPS. And a large coalition of privacy advocates and big tech companies has successfully pushing for HTTPS to become the norm. In the last year Google has taken the lead, announcing its intention to flag all non-encrypted sites on its popular Chrome browser.
As a result, for the first time in history, more than 50 percent of pages loaded on the internet are now encrypted. It'll still take a while to encrypt all the things, but we're getting there.