The Hardest Problem In Encryption? Usability.
I have been reading a wonderful account of how The ANC in South Africa developed and used encryption to avoid persecution by the Apartheid regime.
The article is a good 15,000 words and will take you some time to read. It is a fascinating account of how an ersatz encryption technology was developed by enthusiastic amateurs using acoustic couplers, DTMF, tape recorders, and early mobile phones.
I'm going to ignore the technical aspects - which are wonderful to read - and talk about the human aspect.
Security is usability.
The story starts with the problems faced by the ANC before they adopted computerised encryption. Activists had to manually encipher messages - a tedious and error prone process - and then manually transcribe and decipher the messages they received.
A huge effort for very little gain. Add the article puts it:
It was always the same pattern: comrades would go back home feeling enthusiastic and begin by sending a series of messages. They soon came to realise that it was a futile activity as it took so much effort to say so very little and the responses, as few and far between as they were, contained little encouragement and advice.
To be clear, these political activists were fighting to free their country from the yoke of a repressive and racist government. They were some of the most committed people imaginable, fighting for the most noble of causes - as were their leaders - yet they found the long winded process of protecting their communications just too hard.
The article goes on to describe how the introduction of computer based encrypting revolutionised the revolution. With very little effort, it was suddenly possible to communicate over vast distances with total security. Messages could be long and complex. Replies could take hours rather than days or weeks.
The political opposition flourished in such an environment. It also, no doubt, provided a much needed psychological boost to those involved in the struggle. Lifting the weight of fear by knowing that their seditious conversations were impenetrable to the enemy.
This home made encryption flourished for several years before it came crashing down.
It failed not because the technology was weak - but because people are weak.
Maintaining secrecy is hard. Attaching computers to modems and loading secret disks is still a lot easier than the mind numbing process of hand powered encryption - but it is an extra burden.
Individuals were careless. Despite knowing that the government was violently racist and that organising against it could result in your torture or death, it is hard to be 100% vigilant.
The details of Vula that the regime released to the press revealed that indeed a number of important documents had fallen into their hands. It became clearer by the day that the comrades in Durban had violated all the rules of security that we had so assiduously tried to impress upon them. Data files of confidential information were kept `in clear` on disk and keywords and key books must have been easily obtainable. The minutes of an entire underground conference were quoted by police as evidence of the plot to overthrow the government.
Remember, these communications weren't between file-sharers doing it for "teh lulz" or business people protecting their IP. It was between freedom fighters working against a sadistic and murderous government. Failing to maintain security wouldn't just end with your family being tortured - it could mean the disruption of an entire political movement. That's pretty serious motivation.
And yet that threat still wasn't enough to keep people acting in a security conscious manner.
The piece concludes with the lessons the ANC learned from running their encryption programme:
Without first-class communications you cannot carry out a successful underground operation.
First class doesn't just mean usability of the system - but also the usability of the security. We can create "perfect" encryption (NSA backdoors not withstanding) - but can we make a system easy enough the people want to use it correctly and don't want to abuse it by, say, writing down passwords?
I've tried setting up PGP more times than I care to remember. Each time the process has been a frightening and confusing mess. Using it has required using plugins, remembering arcane commands, and trusting that I've not somehow screwed up.
Just like a hotel room safe that's too complicated to easily understand, the current usability of encryption software encourages us to hide our valuables in the sock drawer and hope the housekeeping staff don't go snooping.
Eric Kronthal (@EricKronthal1) says:
Terrence, you make an excellent point. There is so much discussion right now about building the best encryption, but it's important to remember that the most secure tool is useless if it is too complicated or cumbersome to use.
SimonH says:
Phil Zimmerman's ZRTP (and similar protocols like MIKEY/SAKKE) manage to solve some usability problems for encrypted voice/video calls. The concept is simple: if a user reads a phrase on their screen that is the same as the phrase on your screen, you can be reasonably sure that the private keys that secure your transmission have not been intercepted with a man in the middle attack. Software like Jitsi and Redphone make good use of this and it is incredibly easy to use.