With recent acts of terrorism in Paris and Lebanon, news media and government have been using the word “encryption” as if it’s somehow to blame. Nonsense. Encryption is easy to understand, and if you’re not using it, you should be.
Like many technologies, encryption has the potential to be misused, but that does not make it dangerous. And it doesn’t mean that people who use it are dangerous or bad. But since it’s so commonly misunderstood and currently a media boogeyman, a few minutes with How-To Geek will help get you caught up.
While computer scientists, developers, and cryptographers have created far smarter and complex methods for doing so, at its heart, encryption is simply taking some information that makes sense and scrambling it so it become gibberish. Turning it back into real information–video files, images, or simple messages–can only be done by decrypting it back from gibberish using a method called a cipher, usually relying on important piece of information called a key.
Already there are a lot of unusual words being thrown around. If you’ve ever written in a “secret code” when you were a child, you’ve encrypted a sentence. A cipher can be as simple as moving a letter down in the alphabet. For example, if we take the following sentence:
This is really geeky
With this simple encryption, A becomes B, and so on. This becomes:
Uijt jt sfbmmz hfflz
If you want to make it more difficult to understand, you can easily represent letters as numbers, when A is represented by a 1, and Z by 26. With our cipher, we simply add one to our number:
208919 919 1851121225 7551125
And then when we move our letter’s position with our A-becomes-B-method, our encrypted message now looks like this:
2191020 1020 1962131326 8661226
In our example, our method, or cipher, is to change letters to certain numbers and add to that number to encrypt. If we wanted to, we could call our key the actual information that A = 2, Y = 26, and Z = 1.
With a code this simple, sharing keys isn’t necessary as any codebreaker could decipher our code and figure out the message. Thankfully, comparing modern encryption methods to this is like comparing an abacus to an iPad. In theory there are a lot of similarities, but the methods used have years of study and genius applied to making them richer and more challenging to decrypt without the proper keys–that is, by the users who are doing the encrypting. It’s almost impossible to decrypt using brute force methods or by reassembling data back into something that looks useful, so hackers and bad guys look to humans for the weak link in encryption, not the encryption methods themselves.
It’s no secret that plenty of governments get the willies when they think about strong encryption. Modern computers can encrypt text messaging, images, data files, even whole partitions on hard drives and the operating systems that run them, effectively locking out anyone with the keys needed to decrypt the information on them. These could contain anything, and when it could theoretically be anything, imaginations tend to run wild. They contain stolen nuclear codes, child pornography, all kinds of stolen government secrets… or, more likely, your tax documents, bank transactions, kid’s pictures, and other personal information you don’t want others to have access to.
A lot of attention was recently drawn to the ISIL-associated terrorism suspects using encrypted methods of communication with the popular messaging service WhatsApp. The boogeyman here is strong encryption allows spooky people to communicate about who-knows-what and many prominent government and intelligence officials are taking advantage of the situation, shaping narrative to say “encryption is for bad people, terrorists, and hackers.” Never waste a good crisis, as the saying goes.
Many government powers have approached the Googles and Apples of the world, asking them to create encryption with secret backdoor decryption methods–closed-source methods of encryption that hide something nefarious or have “master keys” to cipher and decrypt anything using that particular method.
The current CEO of Apple, Tim Cook, was quoted as saying “You can’t have a backdoor that’s only for the good guys.” Because, basically, an intentionally engineered flaw like a backdoor encryption method totally weakens the integrity of a technology we use in many aspects of our lives. There’s absolutely no guarantee that simply because something is designed for the “good guys” to use, that “bad guys” won’t figure out how to use it. It goes without saying once this happens, all data using these methods is no longer secure.
Without putting on our tinfoil hats and getting super political, historically, governments have a tendency of being afraid of their people, and do whatever they think they can get away with to maintain control. So, unsurprisingly, the idea of these little informational black boxes created by strong encryption makes them nervous.
It’s probably pretty clear to you faster than you can say “the terrorists have won” putting a backdoor in an infrastructure as basic as encryption would make life for us much worse, since strong encryption standards are used in web browsers, email, banking, credit card transactions, and password storage. Making those less secure for all of us just isn’t a good idea.
Encryption, thankfully, is becoming the default. If you’ve ever noticed that little lock icon in your web browser—congratulations! You’re using encryption to send and receive data from that website. You don’t feel like a bad guy, do you?
Basically, by establishing a secure connection, your computer uses a public key to send scrambled information to the remote system, which it then decodes using a private key (since the public key can be downloaded by anyone, but only decrypted using the private key). Since it can be difficult to ensure that nobody can intercept your messages, emails, or banking data, but encryption can turn your information into gibberish that they can’t use, so your transactions remain safe. Chances are, you’re already doing lots of encrypted message and data transmission and you didn’t even realize it.
Nearly everyone in tech is aware it needs to simply be standard and is pushing the idea of “encryption by default”. Simply because you don’t have anything to hide doesn’t mean you shouldn’t value your privacy, particularly in these days when preventing cybercrime, data theft, and hacking scandals is becoming more and more critical to our safety and financial well-being.
Speaking simply, computers and the Internet have allowed us to open ourselves up and become more vulnerable than ever before to these privacy concerns, and encryption is one of the only methods of keeping yourself safe. Many years ago, if you were speaking to someone face to face and saw nobody around, you could feel reasonably secure that nobody was eavesdropping on you. Now, without encryption, there’s basically no privacy in any kind of communication, at all, ever.
When should a normal user incorporate encryption into their digital life? Certainly, if any of your messaging services or accounts offer HTTPS (HTTP over SSL, an encryption standard) you should opt-in. In this day and age, you shouldn’t even have to opt-in; it should be on by default! If a service does not allow for encrypted connections and it allows you to send any kind of sensitive data (credit card numbers, family members’ names, phone numbers, Social Security numbers, etc.) simply opt not to use that website. But realistically, any modern website with a login will most likely create a secure, encrypted connection.
Should you keep the pictures, documents and other important files on your PC in an encrypted container or disk? Perhaps. You can do this by using encrypted file containers or by locking whole disks using software. Some years back, popular cross-platform encryption software TrueCrypt suddenly and mysteriously asked users to stop using their software, insisting their product was insecure, and shut down all development. In a final message to their users, TrueCrypt urged them to migrate their data to the Microsoft product, Bitlocker, now part of some versions of Windows. TrueCrypt was a standard tool for whole disk encryption, along with other software like bcrypt or Filevault. Whole disk encryption is also possible using BitLocker, or, if you prefer open-source methods, by using LUKS on Linux systems, or the successor to TrueCrypt, VeraCrypt.
You very likely do not need to encrypt the files that are actually on your PC to stop hackers and data thieves from taking them. It is not a bad idea to do so to keep important files in a crypt to keep them out of the hands of other people who may get a chance to use your computer. Encryption doesn’t need to be spooky or dangerous; it can simply be thought of as a digital privacy fence, and a way to keep honest people honest. Simply because you like your neighbors doesn’t mean you always want them to be able to watch you!
The same can be said for all digital messaging services, whether they’re on your phone, tablet, or on your PC. If you’re not using encryption, you have little to no guarantee that your messages aren’t being intercepted by others, nefarious or not. If this matters to you–and perhaps it should matter to all of us–you have an increasing number of options. It is worth noting that some services like iMessage from Apple send encrypted messages by default, but communicate through Apple servers, and they could conceivably be read and stored there.
Hopefully we’ve helped to dispel some of the misinformation surrounding this misunderstood technology. Simply because someone chooses to keep their information private doesn’t mean that they are doing something sinister. Allowing the conversation about encryption to be entirely about terrorism and not about basic privacy and prevention of identity theft is fundamentally bad for all of us. It’s not a thing to be feared or misunderstood, but rather a tool that all of us should use as we see fit, without the stigma of being used only for evil purposes.
If you’re interested in learning more about encryption methods, here are some How-To Geek classics, as well as some software that we recommend to start incorporating encryption into your digital life.