So, right, imagine that you’ve got a padlock. And imagine that that padlock has got two keyholes, and can only be unlocked if both keys are used. But the key to lock the padlock is different to the key that is used to unlock the padlock, and whilst you are the only person who has one of those keys, the rest of the entire world has access to the other key simultaneously so that means that they can unlock things that, erm, oh, wait, you can unlock things that you’ve locked so that erm. Err. Have you seen how much it costs to get a key cut at Timpson’s these days?
Metaphors are a wonderful thing. They help us to make complicated things understandable by those without deep technical expertise. But sometimes this simplification becomes metaphor’s biggest weakness. And that’s where we’ve got to with the Public Key/Private Key metaphor to describe complex digital encryption models, and potentially why politicians seem to be getting all confused about banning encryption in ways that are basically impossible in a Public/Private Key system. Because politicians are seeming to think that within encryption models that use Public and Private Keys, third parties like ISPs hold magic skeleton keys that can unlock anything at will. And they don’t – because otherwise it would be called public/private/magic skeleton keys encryption.
Now it’s easy to point at politicians and journalists at this point and yell that they are all stupid. But they’re not (well, if they are, this debacle isn’t the conclusive evidence). Public/Private key encryption is tricky for normal people to get their heads around, and because of the analogy that is based around the simple and understandable objects like physical keys, misinterpretation of the subject is easy.
What to do instead? Well, sometimes complicated things aren’t distillable down into easily understood, soundbiteable chunks. Some things are, actually, quite complicated. As it is with encryption: modern digital encryption allows me to seal something up in a way that means that only people who I want to see it probably can. Probably, because nothing is entirely secure. Then you are just going to have to leave the rest to your trust in some rather complicated maths. If you want to know more, read Simon Singh’s rather spiffing book on the subject.