There has been a movement and a desire by most technology companies to encrypt and protect their data and the data of those who use their services. Google searches have been encrypted. Everything you do on Facebook, Twitter, *insert social media platform you use or care about here* is likely encrypted too. Even what you stream through Netflix is encrypted. As a software developer, I have a different perspective on encryption than most, but before I talk about its importance, let’s talk about what it is.
What is encryption?
Encryption. That big word that non-technical people either run from or toss around to sound cool. What is it? And why does it matter? Looking at the root of the word, crypt, one might think of Indiana Jones and his mythological plunders, and they actually wouldn’t be far off. Crypt comes from the Greek kryptos and it means to hide or keep something secret. Its meaning still rings true today. The reality of the Internet, connected devices, purchasing a thermostat online that you can control with your smartphone from anywhere in the world, is that people can listen for all of that activity and without encryption they could understand and control everything.
The concept of encryption is nothing new. Humans have been encrypting things or making things secret or hidden for thousands of years, beginning with at least ancient Egypt. Modern encryption, however, typically refers to digital encryption; encrypting electronic communications so that those who would snoop or steal, can’t.
Why does it matter?
Try to imagine a world where everyone knew what everyone else’s bank account balance was and could spend it. Or a world where everyone knew everyone’s home address and could use the security cameras we have to watch each other. Or a world where everyone knew everything about everyone’s health. Or a world where everyone can read what everyone wrote. This is a world without encryption. What would you actually own if everyone could spend everyone’s money or sell each other’s belongings on eBay? The idea of possession becomes almost irrelevant in a digital world without encryption. Or what about what happens in your home? If there were no encryption, there would be no reasonable barrier to live streaming your security cameras (or webcams or Xbox Kinect or smartphone) to the largest screen in Time Square for all to see.
If you have never had any desire to keep anything private at all in your life, then you might like the idea of this encryption-less world, but if you are sane and like the rest of humanity, then you innately have some things that you don’t want others to know about and you have possessions that are yours. Encryption is used to hide those things you care about and make them secret so that those things are private and so that you own them.
Encryption can provide privacy and ownership, prevent theft, protect property, and has on many occasions saved lives. It is not a trivial thing or something to consider doing, it must be done.
There has been a lot of discussion about encryption in recent years — especially in the wake of the Edward Snowden revelations showing that the U.S. Government, without authorization, has been spying on millions if not billions of people. We also have the issue of the FBI’s request (and court order) for a back door into Apple devices.
As mentioned, I have a different perspective on digital encryption and security. I know how many ways that our privacy, property, and livelihood could be destroyed without encryption. However, even with encryption, we’re not guaranteed privacy or protection. I know how to break some levels of encryption. With enough focus and determination, I could probably destroy someone’s life digitally if I wanted to (and I don’t). Encryption is not 100 percent effective, nor does it make you or your family 100 percent safe and secure, but it absolutely does help. There are many out there who are far more effective than me at breaking encryption and uncovering the hidden things about people’s lives.
Imagine that the web pages you’re visiting, the things you’re buying, the shows you’re watching, and the money you’re spending were all presented in a news-ticker style board in Times Square for anyone to watch in real-time. “Lucy just bought something from Victoria’s Secret for $47.” Scary, right? Now imagine that same board, but instead of presenting everything you do in plain language, what if it was completely garbled? Sentences, words, amounts, letters all replaced by other characters and special characters. Suddenly, the news-ticker of your life isn’t so scary. This is what encryption does. Everything you do on the internet can be watched and monitored and even presented in a news-ticker board and there is nothing you can do about that, but you can do something about encryption. If you use encryption, your activities can still be monitored and even broadcasted to the world, but they won’t be understood.
Isn’t encryption what criminals use, though?
Yes. Sure. Criminals can and do use encryption to hide criminal activity, but that does not mean that encryption itself is bad. Encryption is a tool. It is up to the user of that tool as to whether it is used for good or bad. Unfortunately, there is a perception and lie perpetuated through society that if you care about or use encryption, it’s because you have something to hide. There is a negative connotation that you’re a criminal if you want to protect your data. Movies and TV usually only talk about encryption when a criminal is hiding evidence from law enforcement or one person is hiding the truth from another. The reality, however, is that encryption is used in a variety of ways and for a variety of reasons and most of them are not criminal.
What are some things I could do?
Let’s imagine that your digital encryption equates to a safety deposit box at a local bank. When you put something important or private in that box, it has a level of security far greater than if you kept that item at home. It is placed in a metal box that gets locked inside of a reinforced steel locker, which is located in a reinforced and vaulted room. It is protected against common thieves and even many great thieves. It is protected against fire damage. It is in a general sense safe. While it won’t be protected against the most determined thieves or the wildest scenarios, it is safe from the most common forms of theft.
To continue the analogy and keep your digital footprint even more secure, there is a step you can take with many digital services called two-factor authentication. With most banks, they also require a photo ID and an account to even let you into the deposit box area. They also must usually unlock the box with one key while you use yours. This is not dissimilar from the concept of two-factor authentication.
Two-factor authentication refers to needing two things to get into an account: A password and a code.
Such a code is usually generated on your smartphone or other device, or sent to you via text message or a phone call. Using two-factor authentication, much like a safety deposit box, secures your belongings and data further, even against persons who somehow obtain your key or password.
If your digital life is similar to this and you’ve used two-factor authentication, good job. Your digital life is more secure than most, but the harsh reality is that even with these protective measures, your data is not completely secure. If the right person had the right motivation to access your information and accounts, they probably could just as the right person with a bulldozer, explosives and a drill could steal a safety deposit box from a bank and eventually drill into it.
Encryption isn’t about making things completely hidden, or unhackable. That’s impossible. Encryption is about making things so hard to get that it is no longer worth it for criminals or governments to try. If you care about your privacy, your possessions, your loved ones, then you care about encryption and you should stand up for it whenever it is threatened, no matter who is threatening it.
Michael Garner is an Android Developer with a keen interest in privacy, encryption, and encryption issues.