In our post-Snowden world, we can no longer deny what was always implicit in digital communication: someone, somewhere can find and read your data, if they are determined enough or have special government clearance. For Americans who value their privacy, fourth amendment rights, and believe it unnecessary for the government to have access to our every digital stroke, the question they must ask is who can “you trust with sensitive data these days?”
Since 1976, public key, or asymmetric-key, encryption has been the default method of private and secure digital communication. Public key encryption works through employing two keys, a public key encryption key and a private decryption key employed by the two computers. This technology remains secure because it employs extremely large numeric combinations: for example, Lavabit, the secure email service run by Ladar Levison and used by Edward Snowden, used “Elliptical Curve Cryptography (ECC) with 512 bits of security to encrypt messages. The private, or decryption, key is then encrypted with a user’s password using the Advanced Encryption Standard (AES) and 256 bits of security,” which is the level of security the NSA has approved for government work. Yet, as we have seen, even those most committed to protecting privacy (like Levison) can be thwarted by more conventional means. This occurred with Lavabit when the US government demanded Lavabit give them the private SSL keys after being refused access to “information about each communication sent or received by the account, including the date and time of the communication, the method of communication, and the source and destination of the communication.” More problematic is that, if the September 5th leak from Edward Snowden is correct, “the HTTPS and SSL encryption used by most email and banking services offers little to no protection against NSA surveillance.”
A further potential threat to public key encryption, beyond compromised keys and eavesdroppers, is quantum computers. Quantum computers rely on atomic properties that allow the machine to compute at speeds currently out of practical reach. This is not because quantum machines compute faster, but because they can take mathematical shortcuts rather than sequentially calculating each possibility as computers today do. At Computer World, Michele Mosca, deputy director of the Institute for Quantum Computing at the University of Waterloo in Ontario, explains:
Breaking a symmetric code…is a matter of searching all possible key combinations for the one that works. With a 128-bit key, there are 2128 possible combinations. But thanks to a quantum computer’s ability to probe large numbers, only the square root of the number of combinations needs to be examined — in this case, 264.
As many tech journals have highlighted lately, the very technology that now poses a threat to our security could also pose a solution. Quantum cryptology, a word that sounds more like something out of science fiction than a science journal, could be the next move for information privacy. Quantum Key Distribution (QKD) works very much like public key distribution, with added protection provided by particle physics. As David Holmes describes it:
The first part is the same: Data is encrypted using an algorithm. But then the data itself is encoded on a light particle known as a photon. Because photons are smaller than atoms, they behave in some pretty crazy ways. For example, you can “entangle” two photons so their properties correlate with one another. A change to one photon (which can occur as easily as by someone observing it) will cause a change in the other photon, even if the two are a universe apart.
After entanglement occurs, the sender transmits the first photon through a fiber cable to the receiver. If anyone has measured or even observed the photon in transit, it will have altered one of the properties of photon no. 1, like its spin or its polarization. And as a result, entangled photon no. 2, with its correlated properties, would change as well, alerting the individuals that the message had been observed by a third party between point A and point B.
Quantum cryptography relies on the observable traits of quantum physics, the aspect that Einstein referred to as “spooky action at a distance” to offer added protection: the knowledge of when data has been compromised by an attempted third-party observation.
The problem with this technology is its practical application. So far, the technology is still in its infancy, while physicists and tech experts try to solve problems such as distance, transmission, and integration with cloud based technologies. But as Snowden and Glenn Greenwald release more leaks, greater demand for digital security will pressure scientists to solve these problems. Quantum mechanics, with all its strange, fascinating, and downright unbelievable properties, could provide us with a myriad of innovative technological advancements. For those who only think about the effects of quantum physics when the Nobel prize in physics is announced, hold on: the study of quantum physics is about to get a lot more practical.