Your Friend Encryption
Government agencies have always had an uneasy relationship with encryption technology. The tragic events [of the November 2015 Paris attacks] only deepened that distrust. Many countries around the world proposed restricting or banning encryption. But would such measures prevent criminals and terrorists from attacking again?
Whenever encryption makes the news, it often involves scare tactics and the belief that only criminals use it or would want to use it. Recent political news has made encrypted communication apps more attractive to the average person, but for many people encryption is a source of mystery.
What Encryption Is
Encryption is the art of hiding and disguising information so that only certain people can find it and understand it. In other words, it’s like having a secret code that only you and your intended recipient know. It doesn’t matter if someone else gets a copy of your message if nobody knows how to break the code. Think of it like the Navajo Code Talkers of World War II.
How Encryption Works
All encryption protocols begin with an algorithm. This is a set number of steps used to solve a problem or complete a task – something like a combination of a math problem and a flow chart.
Next comes the key – not a physical object, but a string of characters used to encrypt and decrypt (that is, lock and unlock) your file or message.
A simple example of this is the Caesar cipher. Take two copies of the alphabet and line them up, one above the other. Shift the bottom alphabet a certain number of spaces, either to the left or the right. Substitute each letter in the top alphabet with the letter immediately below it. Shifting the alphabet is the encryption algorithm, the direction of the shift and the number of places shifted is the key.
Protecting your privacy shouldn’t depend on hiding what encryption algorithm you’re using, it’s hiding the key that is crucial. Stealing your encryption key is akin to stealing your car key or apartment key: the thief now has access to your prized possessions.
It’s best not to trust any service which boasts of its safety without telling you how it works. Any decent algorithm is released publicly so others can test it, a kind of peer review process. As an example, the old encryption algorithm Data Encryption Standard (DES) used a 56-bit key, meaning there were 72 quadrillion possible values. This algorithm was broken in 1998; it took two days to do so. The minimum standard now is 128-bit and 256-bit keys, which would double and quadruple the number of possible values.
What Encryption Does
Now that you know how encryption works, what does it do for you? Thieves want your personal information, either to impersonate you or to sell it for profit. Encryption keeps your information safe, whether that data is a text message, a credit card transaction, or your completed tax form.
Most of you won’t have to work with the details of encryption protocols in your daily life. Someone else has already taken care of the complicated math formulas; your only responsibility is to download the correct apps and follow the instructions. Encryption works hard in the background, ensuring that your information is kept away from prying eyes.
This is the first area where the average Internet user became aware of the need for additional security. In 1995, Microsoft added a patch to their Internet Explorer browser that allowed for 128-bit encryption. This innovation signaled the beginning of online shopping. That same year, Amazon and eBay recorded their first transactions.
Encryption is what makes online banking possible. Without it, not only would there be no banking apps for brick and mortar banks, there would be no online banks, no PayPal or Venmo.
E-filing has made tax season easier for many people. It would not be possible pay tax bills with a debit card or electronically sign a tax return without encryption. Thanks to e-filing, taxpayers can now get their refunds up to a month earlier than if their returns were processed by mail.
Sometimes, you need a secure channel to communicate. You may need to transmit a private message over a public network. This private information could be a unreleased project for your employer, medical records, or a letter from a whistleblower. Without encryption, you would be doing the equivalent of putting sensitive information on a billboard in the center of town.
What Kind of Encryption Should I Use?
One of the earliest encryption methods for email available to the general public was Pretty Good Privacy (PGP). It was invented in 1991 by Phil Zimmerman. The official version of PGP is now sold by Symantec, but there are free alternatives based on the OpenPGP standard. It has never been broken, but it can be tricky to set up. If you want an alternative, there are the email services ProtonMail and TutaNota. Both of them can be accessed from a web browser or an app for Android or iOS.
There are quite a few encrypted messaging programs to choose from these days; the most popular are Signal, Silent Phone, and WhatsApp.
Many web browsers (such as Chrome, Firefox, and Edge) can have their privacy settings adjusted. Nowadays, all browsers have built in encryption. There are browsers that are fully encrypted for a much more private experience. Some of the most popular run on Tor, a network of hidden relay servers meant to obscure a user’s traffic.
Encryption is not your enemy, it’s your friend. Without it, life would be not only a lot less safe, but also a lot less convenient.
To be continued…