Desmistificar a encriptação

A EDRi publicou um artigo interessante com o objectivo de esclarecer alguns mitos que existem sobre a encriptação.

Quem esteja menos informado acerca deste assunto pode pensar que a encriptação é usada apenas criminosos ou terroristas, mas o que é certo é que esta é usada em grande parte das comunicações que fazemos no dia-a-dia, seja em simples sites Web, na utilização de e-mail, nas aplicações de mensagens (WhatsApp, Signal), nos sistemas de homebanking ou na submissão da declaração de IRS.

Deixo aqui um pequeno excerto do texto publicado, mas aconselho à leitura completa do artigo.

How do you make sure encryption is not used with bad intentions? It’s simple – you cannot. But this does not mean it makes sense for governments to weaken encryption in order to fight terrorism and cybercrime. It only opens Pandora’s box – when supposedly making sure that terrorists have no place to hide, we are exposing ourselves at the same time.

From a technical point of view, encryption cannot be weakened “just a little”, without potentially introducing additional vulnerabilities, even if unintentionally. When there is a vulnerability, anyone can take advantage of it, not just police investigators or intelligence services of a specific country when necessary. Sooner or later, a secret vulnerability will be cracked by a malicious user, perhaps the same one it was meant to be safeguarding us from.

Therefore, weakening or banning of encryption in order to monitor any person’s communications and activities is a bad idea. The number of possibilities for criminals to evade government-ordered restrictions on encryption is vast. Knowledge of encryption already exists, and its further development and use cannot be prevented. As a result, only innocent individuals, companies, and governments will suffer from weak encryption standards.

Encryption – debunking the myths [EDRi]

Fotografia: Computer Protection, por Blue Coat Photos, sob licença CC BY-SA 2.0