In America, people are barred from purchasing or owning anti-aircraft missile-launchers, bazookas, and other military-grade weapons. This is because they serve no purpose other than to kill people, and their “casual use” would endanger innocent people. At one point in America’s recent history, encryption ciphers were regarded as military-grade weapons, as munitions. For this reason, the transfer of encryption ciphers out of the USA was illegal. Do encryption ciphers actually merit this kind of treatment? Are ciphers as dangerous as military weapons? The answer is “possibly so”, because encryption can be the ultimate “uncrackable safe” and can store or transfer deadly information. But perhaps calling encryption “munitions” may be going a too far, even though encryption can be used maliciously. A better analogy might be bullets or handguns or shotguns. These are weapons, but they also can be used ethically, such as to defend innocents from harm or to engage in target practice or marksmanship competitions.
Like small arms, encryption can be used for many useful purposes, for example to safely store any conceivable amount and type of data. But also like small arms, encryption can be used maliciously. It can even be used nontraditionally to encrypt nonsense. For example, a terrorist could encrypt a transmission of absolutely nothing of worth, using an extremely complex cipher and a long key length. This would trick law enforcement agents into wasting time and resources “brute forcing” the key or attempting otherwise to crack the encryption. Another example of a misuse of encryption would be a company that adopts a policy to encrypt all their data and then somehow “loses” the key if they ever come under investigation. These examples illustrate that encrypted information does not need to be valuable or retrievable to cause problems for authorities.
Given the possibility of using encryption maliciously, should people be given the powers of information encryption? How much encryption power should be afforded to individuals or businesses or government agencies? What is the appropriate balance between the right to privacy and freedom of the individual, which encryption can help to defend, and the legitimate interests of the government to provide security and prevent crime or terrorism? Also of note would be the government’s use of encryption for it’s own purposes. What are the kinds of encryption methods and tools that would make it possible to establish and preserve an ethically defensible balance between the rights of individuals and the legitimate concerns of society or the government? These are the kinds of questions that his paper will address.
One important issue that also will be examined is the possibility of massive decryption capabilities that could result in the near future when quantum computers become available. Will quantum computing make reliable encryption impossible, thereby destroying Internet commerce and the safety of credit/debit cards? Is there a kind of encryption that could resist cracking by powerful quantum computers? Consideration of these and related questions will be included in the paper.