“The multiple human needs and desires that demand privacy among two or more people in the midst of social life must inevitably lead to cryptology wherever men thrive and wherever they write.” wrote David Kahn in his book “The Codebreakers”, chronicling the history of cryptography. The book was published in 1967. Almost 45 years later cryptography is seldom used to protect our privacy.
The information age spawned databases and networks capable of extracting and storing large amounts of private data. Those databases are often unknown to us and if we know of their existence we can not control them. They store personal information, communication and financial transactions. This gathering of private data happens against our will if we believe surveys that show that we actually do care about privacy. Skeptics and experts caution us but the majority of web users is forced to give in to the subtle but grave disintegration of privacy, pushed forward by industry and government. They are growing their databases steadily, expanding the records they keep on all of us.
We can see the consequences of these uncontrollable, central databases today. In what is believed to be one of the largest data security breaches in history, attackers stole personally identifiable information of 77 million PlayStation Network users earlier this year.
Accidental exposure of personal data is another problem. It is very difficult to control who has access to which piece of information. People get fired for how they behave online because they confuse personal with public communication. The web does not forget. And ever since the uprisings in the Arab world it should be clear to everybody that what one posts online can have severe consequences, including imprisonment and torture.
There are a variety of interesting judicial and ethical approaches to cope with these issues. And there is cryptography – a technological means of preserving privacy. Cryptography enables anonymity, the concept of ‘publishing information while ones identity is publicly unknown’ as well as privacy, the ability to to ‘seclude oneself or information about oneself and reveal oneself selectively’.
But almost nobody uses cryptography. Asked if he encrypts his e-mail, Bruce Schneier, cryptographer and highly regarded computer security specialist answers “I do not, except for special circumstances”. He further argues that for more people to encrypt their communication, services like Gmail would have to do it by default. This will of course never happen, since those services draw their revenue from reading our messages.
It has to work out of the box
But the more important point Schneier makes is this: what has to happen to spread the use of cryptology? It has to work out of the box. No additional application should be required, no plug-in, no add-on and certainly no driver installation. There exists a concept that could potentially offer a transparent solution for everyone: browser based cryptography.
The idea of browser based cryptography is simple: before users upload their personal data to application hosts they encrypt the data in the browser. The host only receives encrypted blobs of data and since users don’t share their key with the host the data is secure. If they decide to share their data with someone else they can provide them with means of decrypting the blobs. Users are in control at all times.
There are a number of alternatives and especially the concept of storing encrypted data with a curious or even untrusted host is not new. Traditionally, host applications have been used to handle cryptographic operations. These tools must be installed and have to be properly set up by the user. Mobile platforms might be an ideal environment for these alternatives. Installing applications is hassle-free and very common on mobile devices. Due to the well defined platform, developers can keep user effort to configure these applications to a minimum.
A colleague and I devised the idea of a cryptography enabled http proxy that is similar to the Cipherbox. The proxy is a trusted instance possibly hosted locally or connected via a VPN. All http traffic is sent through the proxy. It analyzes the traffic and encrypts and encrypts relevant parts like messages or images depending on its configuration. We implemented a prototype that is capable of transparently encrypting and decrypting Facebook messages using gpg. A proxy like this could run on a user’s FreedomBox and can in theory be extended to provide crypto-functionality for various platforms including for example Gmail.
A special form of cryptography called homomorphic encryption could enable users to take advantage of both cryptography and computing as a service at the same time. If encrypted data is sent to hosts, they usually can not process the data. If instead a homomorphic encryption scheme is in place, for certain algebraic functions on the plaintext, equivalent functions exist that can be applied to the ciphertext. Proponents of this technology argue that it could enable widespread use of cloud computing by ensuring the confidentiality of private data.
Controlling ones personal data is more difficult with every new database and network based innovation. At the same time privacy is more important than ever in a world that prepares to conglomerate health records, gathers and centralizes consumer behavior data and merges individual financial records into powerful profiles. Cryptography is an effective safeguard we must implement to prevent exploitation and discrimination based on our personal information. Every user must be enabled to use cryptology to control the data he wishes to share.
Browsers vendors must implement the building blocks required for cryptography including a secure key store that can be managed by the user. They should also include means of validating a running application against a checksum. Cryptographers and web developers must work together to implement correct and easy to use de- and encryption functionality for browser based applications.
More people must start thinking about this problem, more ideas are needed and should be carefully vetted by cryptographers and security experts. User interface specialists should work on making cryptography a transparent process. We need to get everyone involved and try to revert the damage that has already been done.