Encryption sounds powerful and impenetrable when law enforcement officials get in front of Congress and ask for official loopholes to stop it. The problem is that most encryption is built on a foggy cloud of uncertainty. What mathematical proofs we have rest on uncertain assumptions, like it’s hard to factor really big numbers or compute a discrete log.
Are those problems truly hard? No one has publicly described any algorithms for breaking them, but that doesn’t mean the solutions don’t exist. If you found a way to eavesdrop on every conversation and break into any bank would you promptly tell the world and help them plug the holes? Or would you remain silent?
The real challenge is using encryption in our own code. Even if we trust that the basic algorithms are secure, there’s much work to be done juggling passwords, keys, and connections. If you make one mistake and leave a password unprotected, everything falls open.
Everyone loves that New Yorker cartoon with the punchline, “On the internet, nobody knows you’re a dog.” It even has its own Wikipedia page with four elaborate sections. (On the internet, nobody knows the old saw about analyzing humor and dissecting frogs.)
The good news is that anonymity can be liberating and useful. The bad news is that we have no clue how to do anything but anonymous communications. Some programmers talk about “two-factor authentication,” but the smart ones jump to “N-factor authentication.”
After the password and maybe a text message to a cellphone, we don’t have much that’s very stable. Fingerprint readers look impressive, but plenty of people seem willing to divulge how they can be hacked (see here, here, and here for starters).
Not much of this matters to the world of idle chatter on Snapchat or Reddit, but the stream of hacked Facebook pages are a bit disconcerting. There’s no easy way to handle serious matters like property, money, health care, or pretty much everything else in life except meaningless small talk. The bitcoin fanbois love to prattle on about how rock-solid the blockchain may be, but somehow the coins keep getting ripped off (see here and here). We have no real method to handle identity.
Of course, when it comes to programming, is there even a way by which we can measure the difficulty of a problem? No one really knows. We do know that some problems are easy to solve, but it’s entirely different to certify one as hard. NP-completeness is only one part of an elaborate attempt to codify the complexity of algorithms and data analysis. The theory is helpful, but it can’t offer any guarantees. It’s tempting to say that it’s hard to even know whether a problem is hard, but well, you get the joke.
Sign up for CIO Asia eNewsletters.