Kuncheff 1

Yulian Kuncheff
CST300 Writing Lab
Oct. 8th, 2016
Encryption Bypass
Encryption is vital in todays society. As our lives become ever more digital and
surrounded by hardware, we need something to protect us from those that want to eavesdrop or
find out our deepest secrets. Encryption is used to protect that information, it is there to keep the
information restricted to the two sides that are communicating and away from prying eyes.
With the power of computing growing, we have to make encryption harder and harder to
break, and as compute power increases, older encryption methods are easier to break. Examples
include DES, RC4, and many others that have fallen to just stronger computers and newer
methods of analysis (Popov 2015). Things that used to be plenty to verify data like CRC and
MD5, can now be brute-forced in minutes by the devices we carry in our pockets (Schneier
2008). But with every growing complexity and protection added, there are parties that do not like
the restrictions imposed by encryption.
Governments generally do not like being prevented from looking at communications, as
many do it to protect their populations, listening for terrorism plots or other events planned by
bad actors, or information that might lead to an arrest of a murderer. These are all valid uses, but
there might be flaws in the approach they desire. Government actors want encryption to have
holes or backdoors to allow them to get in when they desire, in order to monitor (Farivar, Jan
2016). And while this allows for greater safety, not all actions are for our benefit, and corrupt
actors might use this in a way that is negative to the users. There are also the Hackers or those

Kuncheff 2

that want to use the information gained for personal benefit, be it monetary or social. They will
always desire to gain control over the individual and the things they desire most.
But what is desired by the People is not perfect by any means. Encryption today is
powerful, but not flawless, and using it might create a false sense of safety that could lead to
disaster later. Also, without the protections afforded by Government to preemptively stop it, it
might not be as big of a holy grail as thought. And then the Hackers step in. They use these flaws
and problems to personally gain from others mistake in trusting the encryption. They get in and
gather information, sell it, and continue doing so. Companies fight to protect it.
Maybe the solution is to have no encryption at all. All information is public, and
everyone is accountable for their lives. This would eliminate hackers, as there is really nothing to
hack. The Government is wide open to read everything and handle their situation, and the People
do not have to worry, as they will learn to keep things they want private, off of places that arent
private. But this is a utopian ideal, and will probably not fly in our society. Someone will always
want to take advantage of this situation for personal gain. Humans are naturally selfish, in the
sense that they are in it for themselves in the long run. This causes the problems we have today.
So which is the right choice? There are huge and large debates over this in the industry
and every side wants something different. Security professionals want absolute security,
Government wants backdoor access, and Hackers just want a personal gain. The People want the
freedom to protect their lives how they see fit.
Recent events can be used as an example of the fight between protection at the micro
level, protection at the macro level, and creating back doors. The FBI requesting that Apple give
them access to a suspects phone is one. Apple said their encryption doesnt allow for it, and then

Kuncheff 3

the FBI wanted Apple to create an update with a backdoor so they could break the encryption.
These events lead to a very intense ethical debate on encryption, backdoors, and various
developments (Farivar, Feb 2016). Including one that had Congress telling the FBI it was a
`fools errand` (Ackerman 2016).
Kantianism and Utilitarianism are two popular ethical frameworks that will be used to
examine the various approaches, and see if either could help us reason about what might be the
best solution, or if these are more difficult problems to resolve.
The parties involved in all of this can be put into some macro level groups. You have the
People, who are your everyday individual that just wants to protect their privacy and keep a
semblance of it in this more social world. The People want personal protection and control. They
want to keep their conversations, bank accounts, and private documents safe and secure. They
want unbreakable encryption. The reasoning behind this has many aspects. With social media
invading our lives, it's harder to keep things private. Facebook tracks everything you do, every
service taps into your phone's location to know where you are, what restaurants you go to, where
your home, work, and gym are (Gibbs 2015). This data is valuable to these companies to offer
conveniences and services, but while we might trust or allow these companies access to our
lives, we want the conversation to only be between us and the company, we dont want the
Government or the Hackers to pry into our private lives. We have chosen who has access to our
information and we want to keep it that way. So the People have a claim of value when it comes
to encryption. Making sure it is as strong as possible, as unbreakable as possible provides
massive value to the individual and anything less would reduce the value it has to us. It is for our
personal safety.

Kuncheff 4

Hackers are another involved party in this debate. While we dont directly hear of their
involvement, they manage to gain a massive benefit from weakening encryption and having back
doors. Hackers want our secrets and private information for personal gain either through selling
this information to the highest bidder or keeping it for themselves to use directly to take your
money, or extort other things from you. Encryption is a hinderance to them, yet they want to use
it for their own means. They would like to have encryption that is unbreakable for them, but
breakable by them so they can get into things they want. And they relish when encryption gets
weaker (Goodin 2016). Its a duality that is possible, in the situations where the government
weakens something for public use, but leaves the original unbroken implementation available for
use. With technology improving and smart hackers improving their skills, hacking is still very
viable, though it has taken a more social engineering mentality. Finding the weakness at the
human level and not the computer level. Their claim of value on this is similar to the Peoples, in
that it provides them with information and secrets that are valuable to them.
The last group that this will affect is the Government. We elect our Government to
protect us as a whole and keep the more macro efforts churning. But encryption is a problem for
them too. They have a similar duality to Hackers, they want encryption to protect Government
secrets, military operations, and like information, but they want the publicly used encryptions to
be weak and capable of being intercepted and infiltrated. One of the primary reasons they claim
to want to do it is to protect the people, by spying on this information they can potentially gather
information about bad acts before they happen so they can stop them early (Balakrishnan 2015).
But these weaknesses can be used for corrupt purposes. Not everyone that is in power is noble
and out for the people, and while the general group has positive control over its government, it is

Kuncheff 5

not always the case. These holes in the encryption can also be exploited by bad actors outside the
government if the holes are found out by others, making the encryption useless (Snyder 2014).
Their claim is of cause, the cause of encryption creating burdens and legislative process, but
also the cause of their protection and safety. There have been recent knowledge of backdoors by
the NSA in many places that has gotten most of the internet in an uproar. It created distrust by
the People with the Government, and Hackers immediately tried to exploit the same vectors. This
lasted for months. While things have quieted down, the push for unbreakable end to end
encryption practices is stronger than ever.
There are a few paths forward that can be explored. One is making encryption
unbreakable, without any backdoors. This would be the ideal solution for the People, as this
would be the most secure and powerful choice. It would provide the privacy and control that the
People want over their lives. The next option would be no encryption at all. Many believe that
privacy does not exist in the connected world, and everything should be open. It has its utopian
merits, but it would be hard to keep from someone exploiting the system. This would be a
Hacker's dream situation, but at the same time, if everything is open, the information is no longer
valuable. The last option is to have Encryption but with weaknesses and backdoors. This is
ideally what the Government wants as it provides them the capabilities to snoop where they want
to while still protecting themselves equally. Its what the Government has been pushing for a
long time and they rarely give up on this ideal, constantly trying to push various internet and
technology reform into unsuspecting bills as fine print. But this opens a door that's very hard to
keep properly policed (Abel 2015). Hackers will eventually find those doors and weaknesses and
exploit them for their own gain. So with the Government and Hackers able to gain access to your

Kuncheff 6

information completely unfettered, what good is the encryption to begin with for the individual.
The People would be under a false sense of safety. They will think they are safe, secure, and
private when in fact the thing they are trying to protect from having full access to their
information. This is deceitful and ingenuous to the public.
We can use a Utilitarianism and Kantianism to take a look at how these can be ethically
viewed and chosen between. Utilitarianism was created by Jeremy Bentham, using the viewpoint
that defined utility as the aggregate pleasure after deducting the suffering of all involved in any
action (Driver 2014). True Utilitarianism is perceived as a very black and white view on ethical
choices, there is no real middle ground. To use an example to illustrate the way Utilitarianism
views things, a man steals a computer, he justifies it under Utilitarianism that the person who he
is stealing from has five such computers, is rich, and only ever uses one. The thief is poor, has no
computer, and really needs one. In this situation, you way the details that this does not affect
society, and the owner will probably not even notice it missing. While the thief has life changing
need for it. Under Utilitarianism, the thief is ethically allowed to steal the computer as it provides
a greater good for the thief with minimal suffering for the original owner, and lessens the
suffering of the thief. In contrast, we have Kantianism, created by Immanuel Kant, where an
underlying maxim or principle controls the action performed. Universalizing the maxim is how
you reach a moral and ethical conclusion (Cureton, 2016). Using the example above, in
Kantianism you create a maxim for the action. In this case, it would be I want to steal the
computer without repercussion`, and then you universalize it by changing it to Everyone can
steal computers without repercussion.` Then you judge the universalized maxim on its morality
and ethicality.

Kuncheff 7

Using these two systems on our options above, we will start with looking at no
encryption through a Utilitarian point of view. For the People, the aggregate pleasure is very low,
as they have no protection of their privacy, it reduces their individualism, and sense of safety.
Their perceived suffering is high. Hackers actually dont do well in this situation either, if
nothing is secret or secure, there is no gain in getting information and its value is non-existent,
pretty much making hacking a very low value endeavor. Finally, the Government would not like
it either, they would have no secrecy and be forced into absolute transparency. So again, their
perceived suffering is higher than the pleasure. Now it could be argued that this is the ideal
situation, as without encryption, everything is out in the open, no one can scheme, con, or act
secretly. It in a way is its own checks and balances. This could lead to a relatively high pleasure.
But it is a utopian ideal, and the immediate suffering would be the stuff calculated in a Utilitarian
point of view, so this makes No encryption overall, an unethical choice in Utilitarianism.
If we view the same option from a Kantian point of view, it might be quicker to reason
out. For Kantianism, we would take the principle in the action, and that is No encryption for me
and once universalized, its No encryption for everyone. And this would actually lead to a
similar conclusion to Utilitarianism in this case. It would be unethical for no one to have
encryption, as there would be no way to protect, or provide safety at any level, be it individual or
global. But the utopian thought would probably make a Kantian consider his options for longer,
as the overall ethical end of everything being open could have a very positive effect on society.
As we continue to the other options, Utilitarians might have an interesting view of having
an encryption that is weakened or has a backdoor. For the People, they would have a sense of
safety, and security. They will feel their data and digital lives are in their control, which

Kuncheff 8

increases the pleasure and reduces suffering, and if kept secret and hidden, the suffering never
outweighs the pleasure, which makes this a Utilitarian win for the People, though it is hard in
practice, as someone will always know that this practice happens, in turn making it a Utilitarian
loss for them, as the people wouldnt trust anyone or anything with their information, and think
of encryption as a lie. The Government would ethically be in the right under Utilitarianism, as it
will increase their efficacy in preventing negative things from happening to their governed, while
allowing them to still protect themselves with the better encryptions or the ones that dont have
backdoors. Finally, the Hackers would also have a Utilitarian gain as they will be able to find
these weaknesses and backdoors, and gain information, data, and gain from their endeavors. So
this option is unethical for the People but ethical for Government and Hackers, but in the end it
needs to be ethical for all.
Looking at this option from a Kantian point of view, we create the universal maxim of
Encryption has weaknesses and backdoors. Well this creates an interesting ethical dilemma, as
now everyone operates under this maxim, meaning everyone knows it has backdoors and
weakness. The People know this, so they dont fully trust encryption, they might still use it, but it
will offer them minimal peace of mind. The Government would know this, and they will use it
for their benefit and maybe the benefit of their governed, but also could use it against them. And
the Hackers would know this, and try to use it for their gain, but might not find as much
information as they want, meaning they are hindered as people might not be willing to put as
much information for them to access. Overall this ends up being an unethical result for a Kantian
point of view.

Kuncheff 9

Finally, we have the last option, make encryption absolutely as secure and unbreakable as
possible for everyone with no backdoors or weaknesses within our capabilities. This under
Utilitarianism also has different outcomes. For the People, this maximizes pleasure with minimal
suffering in the form that if bad actors used the same methods, they might get their plans in order
without being found out early. But the overall global pleasure outweighs that suffering, so it
would be ethical under Utilitarianism. The Government gets less pleasure out of this choice.
They definitely get the same protections for government secrets, military communications, and
overall safety, but they can no longer use data that's encrypted to try and provide safety at the
macro level. They might not be able to ascertain early communications of bad motives to stop
them sooner. But I believe in most cases, the safety of their secrecy outweighs the loss of the
ability to spy on the governed people. So it would overall be ethical under Utilitarianism for the
Government. Finally, the Hackers would not be pleased, while they can protect themselves in
many of the same ways, they probably wouldnt be able to access anything of value easily, and
would resort mostly to social engineering versus breaking the encryption itself. They would still
be around but very hindered. This would probably seem unethical to a Hacker if they were
Utilitarians.
As we circle back with Kantianism as our ethical framework, we can create a maxim that
says All encryption is unbreakable, secure, and has no backdoors or weaknesses to our best
ability. This would again give an overall similar result to the Utilitarian one above. The People
will have great pleasure as they would be safe and secure. The Government would be displeased
with their hindered abilities, but enjoy it just as much, and Hackers would hate it just as much as

Kuncheff 10

they would need to focus on social engineering versus just breaking the encryption. Overall its
an ethical win for the parties normally viewed as the good guys.
So after all this analysis, which is the better solution? Absolute encryption seems to be
the most viable in modern day society. Ethically it is positive for what is considered the good
guys in the parties above, the People and the Government. In todays society we are mostly
there, as most security professionals, corporations, and people push for secure and unbreakable
encryption, though there is constant pushback from the Government to include backdoors or find
ways to easily bypass the encryption in the name of safety as they think they would provide
through these means. In an ideal utopian society, no encryption would be the ideal. It is a system
when thought through its benefits would be the greatest way to be, but it's too much for most to
accept and would only cause tension and problems when everyone has too much information.
Encryption with weakness is the absolute loser in this situation as it gives no one any benefit.
Now, there are assumptions made for much of this. Which includes the assumption that
all weaknesses and backdoors will eventually be known outside of the beneficial actors, and that
the encryption we have now will be strong enough in its proper implementation to protect us.
This assumption is viable as with every person and actor having their own individual motives,
someone will always have a desire to gain personally at the expense of others.
As a member of the technology industry, there are a few biases present also. When
working on projects that move peoples money and maintain their very secret identifying
information alongside their less important public information, it has to be kept in a secure and
unhackable manner, as these massive databases need to be protected from hackers and bad actors
what want this treasure trove of easy information. Many of these requirements are also industry

Kuncheff 11

policy that all companies need to follow in order to even interact with other companies that offer
similar services.
A final bias is one as a person with unique views. Wanting to keep private information
private as much a desire. But I believe in a minority point of view that nothing on the internet is
private, and if it's on the internet, or through the internet, it is public. Since I operate under this
mindset, supporting the no encryption mindset is very easy and even seems ideal, even if not
viewed as such by the greater populace.
There are also some concessions that need to be made with the solution choice. I do put
the safety of the greater populace at potential risk. Bad actors like terrorists, criminals, and others
can communicate their plans secretly and keep their plans in motion much longer before they are
found out, or even worse enacted and perfect encryption is a hinderance to those trying to
enforce societal laws and norms. The government cant enact protections without the information
gained from these practices. And hackers would probably end up not existing in their current
form with nothing to hack.
But at the end of the day, personal safety is the priority of almost every person, everyone
enjoys that protection, and the thing that provides the safety the best in our current day society is
encryption that is unencumbered by weaknesses and backdoors, but luckily society seems to be
moving in that direction, even with some pushback from the Government.

Kuncheff 12

References
Farivar, C (Feb 2016). Judge: Apple must help FBI unlock San Bernardino shooters iPhone.
[News Article]. Retrieved from
http://arstechnica.com/tech-policy/2016/02/judge-apple-must-help-fbi-unlock-san-bernar
dino-shooters-iphone/
Ackerman, S., Thielman, S., Yadron, D (March 2016). Congress tells FBI that forcing Apple to
unlock iPhones is a fools errand. [News Article]. Retrieved from
https://www.theguardian.com/technology/2016/mar/01/apple-fbi-congress-hearing-iphon
e-encryption-san-bernardino
Farivar, C (Jan 2016). Yet another bill seeks to weaken encryption-by-default on smartphones.
[News Article]. Retrieved from
http://arstechnica.com/tech-policy/2016/01/yet-another-bill-seeks-to-weaken-encryptionby-default-on-smartphones/
Goodin, D (Jul 2016). Androids full-disk encryption just got much weaker -- heres why.
[News Article]. Retrieved from
http://arstechnica.com/security/2016/07/androids-full-disk-encryption-just-got-much-wea
ker-heres-why/
Snyder, B (May 2014). Snowden: The NSA planted backdoors in Cisco products.
[News Article]. Retrieved from
http://www.infoworld.com/article/2608141/internet-privacy/snowden--the-nsa-planted-ba
ckdoors-in-cisco-products.html
Abel, J (March 2015). NSA backdoor mandates lead to a computer-security FREAK show.

Kuncheff 13

[News Article]. Retrieved from

https://www.consumeraffairs.com/news/nsa-backdoor-mandates-lead-to-a-computer-secu
rity-freak-show-030615.html
Popov, A (Feb 2015). Prohibiting RC4 Cipher Suites. [RFC Standard]. Retrieved from
https://tools.ietf.org/html/rfc7465
Schneier, B (Dec 2008). Forging SSL Certificates. [Article]. Retrieved from
https://www.schneier.com/blog/archives/2008/12/forging_ssl_cer.html
Gibbs, S (Mar 2015). Facebook 'tracks all visitors, breaching EU law'. [News Article].
Retrieved from
https://www.theguardian.com/technology/2015/mar/31/facebook-tracks-all-visitors-breac
hing-eu-law-report
Balakrishnan, A (Nov 2015). Calls grow for government back doors to encryption.
[News Article]. Retrieved from
http://www.cnbc.com/2015/11/16/calls-grow-for-government-back-doors-to-encryption.h
tml
Driver, J (2014). The History of Utilitarianism. [Encyclopedia Entry]. Retrieved from
http://plato.stanford.edu/entries/utilitarianism-history/
Cureton, A, Johnson, R. (2008, 2016). Kant's Moral Philosophy. [Encyclopedia Entry].
Retrieved from http://plato.stanford.edu/entries/kant-moral/