Ballo: Privacy through online encryption worth potential abuse
February 5, 2013
On Jan. 20 — exactly one year after the controversial FBI shutdown of file-hosting service Megaupload — Internet entrepreneur Kim Dotcom made a comeback with Mega: a cloud storage and file sharing service that promises complete privacy through encryption. At Mega’s launch conference, Dotcom stated that “the Internet belongs to no man or industry or government,” and that “privacy is a basic human right,” casting Mega as an attempt to uphold Internet freedom and protect personal privacy. But is Mega really a big step forward for human rights in a digital world? Or is it simply a more sophisticated architecture for piracy and crime?
To understand why Mega protects privacy, you have to understand the basics of Mega’s encryption scheme. Encryption is the use of recursive computational algorithms for encoding data, making it nearly impossible for someone to read a file without a special decryption key. Mega protects your data with two well-known methods of encryption. Before a file is uploaded, it’s encrypted with a 128-bit Advanced Encryption Standard key, and 2048-bit RSA key pairs are used for sharing a file. The generation of keys is pseudorandom and based on your password, which Mega does not actually store. There is no way to recover a lost password, but more importantly there is no way for Mega to decrypt your data.
Mega keeps itself — and you — out of legal trouble because the company cannot monitor uploaded content. No third party can. Encryption ensures that you and the person you share a file with are the only individuals on earth who know what that file contains.
Being able to upload, download and share content without fear of monitoring or repercussion is essential to a free Internet. Programmer and activist Aaron Swartz was facing thirteen felony charges for his illegal download of academic journal articles when he committed suicide on Jan. 11. Swartz was a well-known proponent of Internet freedom and some see him as a martyr for the same ideals Mega aims to uphold.
Privacy enables openness and is therefore a cornerstone of information freedom. Privacy is also necessary to protect individuals. Privacy through encryption, however, has a serious tradeoff: It cripples law enforcement’s ability to detect and respond to illegal activity. This does not just mean it will be harder to crack down on Internet piracy, although that’s certainly the case. The repercussions of encrypted file sharing on this scale extend far past the spread of copyrighted digital media. Consider what would happen if Mega became a safe haven and new distribution tool for child pornography. Mega itself has no way of stopping the upload and sharing of videos that abuse children, and neither do authorities. This could create a new market and greater demand for that kind of material. Encrypted content sharing means completely private communication that can’t be intercepted and could be used to perpetrate any manner of crime. A service like Mega could be a tool to aid traditional crimes or to enable entirely new types of cybercrimes, all while making the detection and prosecution of criminals exponentially more difficult.
So should we abandon our right to privacy in favor of social order? Absolutely not. The approval of the FISA Amendments Act Sunsets Extension Act of 2012 has authorized warrantless surveillance of Americans for another five years. The National Security Agency is investing $1.5 billion in a massive data center to track all forms of online communication. We need some level of digital privacy to prevent George Orwell’s “1984” from becoming our reality.
But privacy through encryption has such vast potential for abuse that the threat it poses to our society might be equal to or greater than any benefit. There are no simple solutions in a world where technology often evolves faster than our laws can adapt to it, and it’s difficult to predict what Mega will mean in the long term. What we can be certain of is that Kim Dotcom is playing a pivotal role in shaping the Internet’s future. Mega lives up to its name — this is going to be huge.
Write Tiemoko at [email protected].