Tech

Why we should all care about encryption. Really

Mar 12, 2015 /
Andy Yen | ideas.ted.com

Back in summer 2013, the Edward Snowden revelations got me thinking. How much of our lives are compromised when security agencies — or hackers, or anyone else — can read our emails?

Emails paint an intimate narrative of ourselves — the people we talk to, the books we read, the politics we practice. This information is powerful. When we lose control over it, it can do great harm to ourselves and our loved ones.

I realized that I wasn’t comfortable with the power contained within this information, nor with my lack of control over it.

Banning encryption won’t stop terror attacks or end religious extremism. But such a ban would stifle democratic movements, scuttle online security, and undermine our open society.

In fact, no one I talk to is comfortable with this information or with its power. But too often, they seem to prefer not to think about these things. Perhaps they imagine their intimate data tucked away on an anonymous server somewhere, forgotten, and that its potential to impact their lives will remain untapped.

I’m not so sure. That’s why I partnered with colleagues from MIT and CERN to build a free, encrypted email service that offers users absolute control over their data.

So why does encryption matter, anyway?

Well, some would have you believe that encryption is a tool for the “bad guys,” enabling terrorists to have an easy way of plotting their next crimes. In reality, banning encryption won’t stop terror attacks or end religious extremism. But such a ban could stifle democratic movements, scuttle online security, and undermine our open society.

Here are three more reasons we should pay attention to encryption:

1. Better technology is making encryption accessible for the first time.

The idea of encryption is fairly straightforward. Simply put, it uses mathematical algorithms to encode user data so that only its intended recipient can read it. If I’m sending an email to a colleague at CERN, for example, I can use a public key that she supplies to encode it, allowing her to decode it with a mathematically related, private key that only she can access.

Sounds simple — but the math and the extra steps can become onerous, causing the eyes of non-cryptographers to quickly glaze over.

Still, everyone wants private emails to be private. It’s easy for people like my grandparents to understand the danger of losing their privacy online. There is no way they will ever understand encryption. I’ll never get them to understand the difference between a public key or a private key, or even what they are.

So a privacy tool must not require them to understand that. With ProtonMail, we sought to design a service that encrypts email without the cryptography being visible to the user. Thanks to recent technological developments, we were able to succeed.

Email is only one aspect of the privacy problem, true. But easy-to-use email encryption, using keys that are inaccessible to a third party, is the first step toward encrypting all facets of our online lives.

2. Making emails transparent makes many other things transparent too.

“In extremis, it has been possible to read someone’s letter, to listen to someone’s call, to listen in on mobile communications,” said British Prime Minister David Cameron following the attacks on the offices of Charlie Hebdo magazine in Paris in January 2015. “The question remains: are we going to allow a means of communications where it simply is not possible to do that? My answer to that question is: no, we must not.”

Meanwhile, over in the United States, President Obama said, “If we find evidence of a terrorist plot… and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem.”

“Politicians are notoriously terrible arbiters of technology.”

These reactions are typical. And perhaps it’s true — if 100% transparency were to somehow magically appear, we might live in a world free of terror and cyberattacks. But are we really comfortable living in a world where all of our private details are available for all to see?

The reality is we need some privacy in our lives, and encryption lies at the foundation of privacy. In every aspect of online security — email, banking, medical records — we need encryption to keep our data from falling into the wrong hands. Access to encryption keys — whether through back doors or by storing keys in places where they can be stolen — would make the keys themselves useless.

It’s not just that someone could peer into our lives by viewing our emails. Do politicians really want us all to send our banking passwords and medical records in plain text so that anyone could read them?

Politicians are notoriously terrible arbiters of technology. If security experts from around the world are unanimously calling for stronger instead of weaker encryption, perhaps the politicians should listen.

3. Maybe we don’t have anything to hide now — but maybe we will later.

Arguments in favor of surveillance rest on assurances that governments are always benign. But there are many examples of data snooping being used to crush dissent — one of the most tragic being China’s imprisonment of dissidents, including Wang Xiaoming, using data supplied by Yahoo.

Although governments certainly benefit from corporate complicity, they don’t like to solely rely on the cooperation of entities like Yahoo. Consider the persistent efforts of the NSA and other government security organizations to require software “back doors” in operating systems to grant them at-will access to data on private servers and computers.

Governments don’t want to wait for legislation to grant them this access. Recent revelations by the Russian security software maker Kaspersky Lab show that a shadowy, U.S.-linked intelligence agency installed software deep into the firmware of millions of hard drives at the manufacturer level, rendering it invisible and undetectable. With this software, a remotely based intelligence agency can not only slip past firewalls and antivirus programs to view what’s on the drives, but could also turn their host computers into tools for future attacks.

“there is no such thing as a back door that only lets the good guys in.”

Why should we care about these back doors if we have nothing to hide?

Privacy empowers and protects the minority. The ability to communicate, organize, and discuss without government interference is what gives dissidents a voice. Without privacy rights, a democratic government accountable to all of its people — not just the majority — simply cannot exist.

Someday you may find yourself in the minority.

Why encryption is worth fighting for

Taking away encryption is not going to suddenly make the world a safer place — but it will make dissidents and activists suffer. Just as importantly, taking away encryption allows invisible observers to place every action of ordinary citizens under a microscope and file it away for future reference.

If we squander privacy by allowing back doors or building illicit vulnerabilities into encryption tools, there is nothing to protect us from prying corporations, spying governments or even criminals bent on abusing our data. Unfortunately, there is no such thing as a back door that only lets the good guys in.

Data must always be encrypted, end-to-end, period — before it leaves your computer. Privacy is a fundamental right. Let’s not squander it in the name of security.

Featured image by Emily Pidgeon/iStock for TED.