Quantum computers and its threat to privacy and governmental dislike of encryption

May 31, 2023 |

At the moment it is all about Artificial Intelligence and the threat it poses.  There are issues but the concerns are at the moment more hypothetical than actual but the benefits are real.  Regulation is required.  

What is missing from the discussion about technology, certainly involving privacy and cyber security, is the likely impact of quantum computers.  Quantum computers have the potential of upending encrypted networks if they can find the key within a reasonable time.  This issue is highlighted by The Times article Quantum computers that will decode your private app.  The quantum computer threat is not immediate but not far away.  

Meanwhile at the other end government’s loathing of encryption, as discussed in And in Banning encryption is foolish and illiberal can be equally damaging to viable privacy protection. In the United Kingdom, as here, there is an obsessive anti encryption lobby.  Encryption is critical for trusted communications which are vital for effective and efficient business transactions.  Banning encrypted communications or creating back doors, damages trust in communications.  In an information orientated, service dominated economy the harm far outweighs the concerns that criminals use encrypted communications.  Law enforcement has long dealt with and found ways around codes of silence and attempts to avoid surveillance.  They have successfully done done as well.  It is a matter of same problem, different tools. 

The Quantum Computer article provides:

Matt Hancock, be warned. It is not just fellow MPs and ghost writers who might leak your WhatsApp messages. You should start fretting about foreign intelligence agencies too.

Quantum computers that can crack internet encryption may be closer than we think, security experts say. If so, that means that anything sent securely today might be stored to be decrypted when such systems arrive — possibly within a decade.

Last week IBM announced its intention to build a “100,000 qubit” quantum computer by 2033, in partnership with the universities of Chicago and Tokyo. If successful, it would mean that the long-anticipated technology could at last start to become useful, for good and ill.

Jay Gambetta, the vice-president of quantum at IBM, said: “The potential of having a system within the next ten years that is capable of breaking encryption . . . I would say it is relatively high.”

The computers we are more used to run on “bits”, encoded to be 1s and 0s. Quantum computers rely on “qubits”, which exploit quantum mechanical effects to, in some sense, use all the numbers in between. At present, the largest systems are able to control a few hundred such qubits, which is not enough to usefully exploit them. Larger ones have the potential to revolutionise some fields, including drug discovery and materials science.

One of the things they can also do, in theory, is break internet encryption. At present much of the secure traffic on the internet, including messaging apps, relies on a system known as public key cryptography. This is based on mathematical problems that are easy to perform in one direction but very difficult in another.

Large quantum computers, though, would be able to do it relatively easily — and so crack most encryption. This has prompted a move that, in effect, replumbs the internet. The US government has selected a series of encryption standards that are “quantum safe” but they have not been widely implemented yet.

Security experts caution that this is increasingly a problem, the closer we get to such computers. Although anything sent on apps such as WhatsApp is now uncrackable, and nothing is held centrally, messages can be intercepted and stored in anticipation of the day when they can be read.

Last week Moody’s, the ratings agency, warned that companies were “woefully unprepared” for the threats posed by quantum computing. While some government communications were “hardened against sophisticated adversaries”, a spokesman for the UK’s National Cyber Security Centre said, “some confidential data that an adversary can collect now will be vulnerable in future”.

Gambetta said: “I would say to every MP in Britain that they should be starting to think about this transition to quantum.”

The challenges to making a useful quantum computer are still formidable. Gambetta said that with present power consumption, 100,000 qubits would need a nuclear power station.

Christophe Petit, a security researcher at Birmingham University, said that for the past 30 years, people had been telling him quantum computers were ten years off.

However, he said we should begin implementing algorithms that could not be broken by quantum. “It takes time to update all the architecture. We would need to act now even if quantum was coming in 30 years.”

The Encryption article provides:

In politics, you’d be forgiven for thinking that the main function of WhatsApp messages is to leak. They end up in newspaper articles, or in Dominic Cummings’s blog. Deep within the bowels of the app’s code, indeed, you might be thinking there was an embedded backdoor which immediately forwards all the juiciest and most damaging ones to Isabel Oakeshott.

Yet in government itself, the main concern that ministers have is the opposite. They worry that WhatsApp messages are too secure. Remarkably, they have this worry while using WhatsApp themselves, relentlessly, for precisely this reason.

The problem with WhatsApp, and other services like it, is encryption. In layman’s terms, it is the fact that messages are encoded, end-to-end. So, if the message contains terrorism plans, or child abuse images, or plans for organised crime, nobody can put themselves in the middle and see. Not the security services, nor even Mark Zuckerberg himself. And it is a vital contention of the government’s Online Safety Bill, which is grinding its way through parliament in much the manner that the Hundred Years’ War ground its way through Europe, that this won’t bloody do.

This is not a new problem. Go back 30 years, and you would find the administration of Bill Clinton debating the “Clipper chip” which it wanted to embed in phones and computers. Over here, a little later, Tony Blair’s government abandoned plans to let police intercept communications due to fears that hackers would be able to, too.

Since then, concerns have swung like a pendulum. Post 9/11, the fear was that terrorists could chat in the dark. Not long afterwards we had Julian Assange and the WikiLeaks activism of the mid-2000s, whereupon western governments began to fret that their own data wasn’t dark enough. During the Arab Spring, the free West agreed that Middle Eastern dissidents must be able to evade state scrutiny, but then came Islamic State who used all the same tools to evade ours.

This keeps happening. One moment, the free dissemination of information is going to smash autocracies such as Russia and China, but the next moment Edward Snowden is freely disseminating himself half-blind before fleeing to Moscow. First Facebook is condemned for firehosing raw data to Cambridge Analytica, then it encrypts everything and gets condemned all the more. Sometimes it is privacy campaigners who are cross, sometimes transparency campaigners. Governments lurch back and forth.

Right now the momentum is with the anti-encryptionists, no matter that ministers themselves now use encrypted services in much the manner that Tony Montana used cocaine. True, the Online Safety Bill doesn’t explicitly ban it. What it does do, though, is demand companies ensure their services are not put to malign use, which they obviously can’t do without inserting themselves in between send and receive.

In some cases — Facebook and Instagram, say — this seems fair, because these are public platforms on which grooming, exploitation and self-harm can and do fester. More importantly, I doubt many normal users are even aware that a Facebook message (which is end-to-end encrypted) is more secure than, say, a Twitter one (which is not).

WhatsApp is another story. Not everybody uses it solely because of its security, probably not even all ministers. Still, in this paranoid, you-are-the-product data age, there’s certainly a comfort in believing that you’re not being watched. Yet along with similar apps such as Signal, the company behind WhatsApp (Meta; Zuckerberg’s lot) now say they’d rather withdraw the service from Britain than make the changes required. This would put the UK alongside China, North Korea and Syria as the only countries in the world where WhatsApp cannot operate. It is also partially blocked in Qatar and the UAE. Even Russia, which banned Facebook and Instagram last year, didn’t have the balls to fully deprive its population of WhatsApp, too. What’s more, even countries that have banned it haven’t done so very effectively, despite having far more authoritarian clout than — you’d hope — we’d be up for.

The UK, then, is on the verge of being an outlier. The US is wrangling over these things, but seems unlikely to get far, due to the First Amendment. The EU, which has a stronger record of cracking down on tech (hence all those GDPR boxes you now have to click) has its own law in the works, but that isn’t going well, either. One German MEP from the Pirate Party (a tech libertarian group we don’t really have here) called it “a mass surveillance system that is so extreme that it exists nowhere else in the free world”. Meaning companies such as Meta now have every incentive to make an example of us, even if it costs them, pour encourager les autres.

It also means that we’re perhaps about to clodhop into an illiberal fiasco that anyone with a brain should be able to see coming a mile off. As one anonymous former cabinet minister put it to the website Politico, “people are scared if they go in and fight over this . . . it could be very easily portrayed that they’re trying to block protecting kids”. As ever, though, it’s a shrill and terrible mistake to consider our freedoms only from the perspective of how the very worst people in the world might exploit them.

It seems to me that these plans are a grim double whammy. On the one hand, they won’t work. On the other, our government could break new, illiberal ground by insisting that they must be made to. It also seems to me that in the best future we can hope for, the arc of the internet age bends towards individual liberty. So please, let’s not mess this up. Other futures are still available.

Leave a Reply