You can send someone an encrypted message, without sharing a secret such as a password in advance. The encryption is effectively unbreakable by today’s technology when used correctly.
The software libraries to do this are out there, for free. They are not centrally distributed, via an ‘app store’ under the control of an overlord like Apple, Google or Microsoft. The source code can be obtained and inspected to ensure it has not been meddled with. If it has, you can modify, build and distribute a new version.
There is software used for chats that abstract much of this process from the end user. All they need to know is that their chat is encrypted. Furthermore, the encryption periodically changes, so that if one communication exchange is broken, it does not grant the attacker access to all their historic and future communications.
Encryption has been around for centuries. Simple ciphers used in playgrounds, such as A=X, B=Y, C=Z are encryption algorithms. Fundamentally, it’s just mathematics - technology simply makes it fast. The popular encryption algorithms out there today are not trade secrets, or proprietary. It’s published work, for all to use. Technology itself is not inherently good or evil. Is a hammer good or evil? It can hammer a nail, or cave somebody’s face in. Encryption is just another technology, used both for good and evil. Not everyone who encrypts has malicious intent.
Where do we want encryption to be used? We would not want our credit card details, health records or bank statements to be visible to anybody who can install a web browser plugin. Encryption is a vital piece of our digital information infrastructure. Compromising how encryption works compromises the integrity of online business. How could we have confidence in online shopping if it became trivial for an attacker to redirect your purchases to a different address, or to spy on your credit card details? HTTPS, an encrypted transport protocol, enables us to have confidence that nobody can tamper with messages in transit and trust the authenticity of the websites we visit. We rely on encryption to protect us, keep our secrets confidential and our digital economy secure.
Attempts to capitalise on the recent atrocities in Paris have focused on weakening encryption, even though current reports indicate the attacks were arranged over SMS, an entirely unencrypted medium. With ‘backdoors’, the intention is for a government to be able to decrypt communications.
Unfortunately, this is futile. A government may be able to coerce particular companies into weakening the encryption they use. The effect will be to stop determined bad guys only from using that service. Banning a free and open source software library will start a game of whack-a-mole, as there’s no central distribution site to serve notice on. As the code is open for anyone to copy and modify, backdoors can be removed. Stronger encryption algorithms can be added to the libraries’ suite. Backdoors are for everybody, not only for friendly folks. They may remain secret, but people actively hunt for them. A suspected backdoor within the DUAL_EC_DRBG encryption algorithm was recently found in the OpenSSL encryption suite. Even if you were to ban an encryption algorithm, there are plenty of others to be used. There’s also the point that bad guys don’t follow the law.
The benefits that we truly need in a digital age allow for enemies to communicate with total secrecy. Law and order types might feel this is a bleak conclusion. Their attempts to reassert control will be ineffective against their true targets, but would harm innocents by eroding basic trust. This is simply the reality in which we live online.