I managed to catch a small part of the Republican debate last month. When I first turned it on Kasich(generally my favorite) was talking about congress acting on encryption.  This is an issue that splits across party lines, with many politicians seeming to switch their stance based off the party affiliation of the President. As a software engineer who contributes to a political blog I figured I would try and shred some light on the subject for those who may be trying to form an educated opinion.

What Is Encryption?

Encryption is a way of sending a secret message.  Most people are familiar with simple cyphers where you substitute one letter for an other or a number for a letter.  If you have ever seen the Cryptoquota puzzle in the newspaper(recently it featured a quote by President Monson), that is an example of a simply cypher. Simple cyphers are pretty easy to break by hand and absolutely trivial with computers, so new methods for sending secret messages were developed.

Like many cyphers, encryption starts out with assigning each letter a number.  With encryption we are not at all secretive about how those numbers are assigned because that's not where the trick lies with encryption. For my examples I will use a long established standard in the computer community(UTF8) where the letters are numbered sequentially with capital letter A=65 and lower case a=97. I am going to encrypt the phrase:

Obama is a Christian.

So first I'll translate it to all numbers using the UTF8 standard:

079 098 097 109 097 032 105 115 032 097 032 067 104 114 105 115 116 105 097 110 046

Now I have numeric values for everything I want to encrypt(including spaces and the period). I need to pick a key, I can use a word, a phrase, or a random series of numbers as my key.  I'm going to use the word secret.  Using the same process as above I will convert all the letters to numbers yielding:

115 101 099 114 101 116

Now I have my two sets of numbers, I add them together.

079 098 097 109 097 032 105 115 032 097 032 067 104 114 105 115 116 105 097 110 046

115 101 099 114 101 116

194 199 196 223 198 148

Oops my key is a lot shorter than my message, so I'll just repeat my key until I get to the end of my message:

079 098 097 109 097 032 105 115 032 097 032 067 104 114 105 115 116 105 097 110 046

115 101 099 114 101 116 115 101 099 114 101 116 115 101 099 114 101 116 115 101 099

194 199 196 223 198 148 220 216 131 211 133 183 219 215 204 229 217 221 212 211 145

Now I have an encrypted message that I can send, and not worry about people reading it.  However I probably want *someone* to read it, so I have to get my key to them in order for them to decrypt it.  This is why the German code books were so important in Word War II.  The code books were lists of keys and which day to use them on. This demonstrates the major issue with this type of cryptography, getting the key to those that need it, but keeping it from those you do not want to have it.

Starting in 1980 researchers began publishing solutions to the key sharing problem.  It is called public key cryptography(or asymmetric cryptography as opposed, shared key or symmetric cryptography). With public key cryptography my computer generates two numbers, one, my public key, I publish openly, the other,my private key, I keep secret.  If someone wants to send me a message they take my public key and their message and run it through a complicated mathematical formula(RSA is the most popular formula if you want to do more research), then they send me the result. Then using my private key I can convert the result back to their original message.

Where is encryption used?

When you connect to a website, the data from the website is sent across data lines, and networking equipment owned by several different companies.  If any of that equipment is hacked, someone can get your data.  If you use wireless, everything you do on line is broadcast through the air and can be picked up by anyone who is close enough(a car parked on the street can usually pick up the signal from your house). 

Companies rely extensively on encryption to protect your privacy and accounts on line. You may have been told that a padlock on your browser means a site is safe, the padlock means the site is using encryption to send you data. Google began forcing all users to use encryption when they found out the Chinese government was spying on the GMail accounts of Chinese dissidents. When you connect to a wireless access point it will often ask you for a key before you can connect these connections are also encrypted. Many people encrypt their email so they can send sensitive information via email. As a computer administrator I try to ensure any time a user's password is transferred between computers it in encrypted. This means any time someone works from outside the office we use encryption to ensure their password and company data are not exposed.

What is a back door in encryption?

A back door is a method of decrypting a message with out the key.  Many politicians are pushing for legislation requiring back doors in all encryption software. These politicians believe that a back door can be installed that only the U.S. government would be able to use. Computer security experts say that eventually the back door will be located and used by criminals and other countries.

Why do politician support back doors in encryption?

The U.S. is engaged in extensive electronic surveillance and sabotage.  We are the best at it. You hear more about China, but that's because they are more obvious about it.  The U.S. is rarely caught.  The U.S. also has the advantage that many popular companies were founded here so data from around the world is often transferred to servers here. When that data enters the U.S. the telecom companies that own the data lines send all the data directly to the NSA so they can store it in Bluffdale. If provided with your email account an NSA agent can type it into a computer program and see everything you have done on the internet, unless it was encrypted.  So if you visit GMail they can see that you visited GMail, but they can no longer see what emails you read or typed. Many government officials claim that this inability to see everything is hindering them in preventing terrorism.

Can terrorist create their own encryption software?

Yes. Though implementing it correctly can be very difficult to do right. They are likely to make mistakes that can be exploited. However, if the US requires back doors in all products sold in the US there will still be plenty of encryption products available from companies and communities located outside of the US.

While most people never think about encryption it is a big and important part of our lives, and will become more so as everything continues to move on line.  Personally I plan to push against back doors in encryption and encourage you to do the same.