CHAPTER 4: TECHNOLOGY
UK by the growth of cloud computing. By 2016, the bulk of new IT spending will be on
cloud computing platforms and applications,57 and the expansion of Network Function
virtualisation will mean that cloud providers will be able to host network infrastructure
as virtual machines. Most cloud providers are based outside the UK and store data in
data centres outside the UK.
Encryption
4.44.
Encryption refers to the process of converting information, such as the contents of a
message, into unreadable form, so that only someone with the decryption key can read
it. It is a crucial part of the transactions we make every day as banks use it to keep
data secure during financial transactions. There are a number of types of encryption;
for example:
(a)
Encryption in transit provides security during the transmission process.
(b)
End-to-end encryption provides security at either end of the communication, so
that only the recipient, not the company running the messaging service, can
decrypt the message.
4.45.
The two basic techniques of encryption are symmetric encryption and asymmetric or
public-key encryption. Symmetric encryption involves the use of one secret key to both
encrypt and decrypt messages. Asymmetric encryption was developed in the 1970s,
in an attempt to counter the risks associated with the use of one key. It involves the
use of two linked keys; a public key and a private key. A user who wants to send an
encrypted message can get the recipient's public key from a public directory. This key
is used to encrypt the message, which is sent to the recipient. The recipient can then
decrypt the message with a private key.58
4.46.
The first widely available public-key encryption software was Pretty Good Privacy
[PGP], released in the 1990s as a response to the US government’s attempt to control
encryption via a proposal by the NSA, known as “Clipper Chip”.59 The proposal
entailed the insertion of a chip into every new piece of electronic device, which would
provide encryption for communications. However, all devices containing a chip would
be assigned an extra key which would be given to the government in escrow. If the
government provided a warrant permitting access to a particular communication this
extra key could be used to decrypt the data. Opposition to the proposal was
considerable and a number of encryption packages were released in an attempt to
derail it. The proposal was ultimately abandoned: but the issue has recently come to
the forefront again as a result of the increasing adoption of encryption software.
4.47.
This trend towards encryption pre-dates the Snowden Documents, though it is likely to
have been accelerated by them.60 In the year leading up to the release of the Snowden
57
58
59
60
The European Internet Forum, The Digital World in 2030, March 2014.
The story of the invention of public key cryptography is told by S. Singh, The Code Book, 1999,
chapters 6 and 7.
Ibid., pp. 310-311.
The Director-General of MI5 told ISC stated that the Snowden Documents “accelerated the use of default
encryption by internet companies…which was coming anyway”: Report on the Intelligence relating to
the murder of Lee Rigby [ISC Rigby Report], November 2014, para 440.
60