If you keep up with the latest technology news, you’ll no doubt be used to hearing about data breaches, with a myriad of companies from different sectors and countries having their customer data compromised. In 2020, the story was no different with 37 billion records accessed – the largest number seen annually since 2005.
With the amount of personal data available to cybercriminals ever increasing as more people use online services, it is vital that methods of protection are put in place to protect sensitive information from falling into the wrong hands and being used maliciously or ransomed. This is where encryption can help.
What is encryption and how does it work?
Encryption is the process of scrambling digital data using an algorithm, so that its original meaning can no longer be understood (ciphertext). In reality, the mathematical code created by the algorithms during encryption are tens, if not hundreds of digits long, making it very difficult for hackers to crack quickly.
Data that can be encrypted includes sensitive information such as messages, payment data, or personal information. With encryption practices in place, even if a hacker was able to get hold of the above data during a cyberattack, they wouldn’t be able to understand its meaning without spending a lot of time and effort trying to decipher how the code worked.
However, unlike with hackers, when an authorised user needs to be able to read the data it is possible to decrypt it, if they have the correct code or key. In practice, this unscrambles the encrypted data back to its original form (plaintext), allowing it to be read as intended.
Data can be encrypted ‘at rest’, i.e. when it is stored, or ‘in transit’, i.e. while it is being sent somewhere else.
Where is encryption used?
In today’s digital world encryption is a common practice for any company, particularly ones that deal with financial and personal information. For example, when you make a purchase online with your smartphone, encryption is used to protect the information being relayed. In addition, many social messaging sites, such as WhatsApp and Telegram, now also use end-to-end encryption as a way of bolstering the privacy for their customers – blocking messages from being intercepted or read by anyone except the intended recipient.
Why can encryption put people at risk?
The main reason why encryption is seen as controversial is the impact it can have for law enforcement on their ability to successfully prosecute criminals – particually in cases of child abuse. This is because if only the sender and receiver are able to see the messages they exchange, there is a risk vulnerable children could be easily exploited – without the knowledge of parents, tech companies, or police. It is argued that the duty of care towards children using these messaging platforms must come before the benefits of encryption for these users.
Aside from crimes like child abuse, encryption on these messaging apps could also be beneficial for terrorist groups to organise themselves, as was the case with the 2017 London terror attacks. Even if police can identify a criminal organisation and detect who is speaking to whom, they have no way of knowing what they are saying to each other, which can be dangerous if an attack is being plotted.
This is the unfortunate trade off. Increasing user privacy using encryption, reduces the capacity for surveillance and national security efforts. It is a difficult situation and one that must be handled with the utmost care.
If you have any questions or other technology queries, please leave a comment below or tweet us at @techtroublesho1.