Some government agencies use terrorist attacks to justify limiting encryption. TechRepublic spoke with two UN reporters who explained why encryption is critically important for all citizens.
Encryption continues to be misunderstood by the public, and assailed by law enforcement agencies, who use events like the recent Paris attacks as a rationalization to reign in encryption technology. While terrorism grabs headlines, encryption has become increasingly important for business and the general public.
Private communication has become so important for the public in particular that the United Nations now enumerates encryption as a fundamental human right. A report released in March declared, "online censorship, mass and targeted surveillance and data collection, digital attacks on civil society and repression resulting from online expression force individuals around the world to seek security to hold opinions without interference and seek, receive and impart information and ideas of all kinds."
The report acknowledges that law enforcement agencies are right to be concerned about the "dark" side of encryption, and that "terrorists and ordinary criminals use encryption and anonymity to hide their activities, making it difficult for Governments to prevent and conduct investigations into terrorism."
The report goes on to state that law enforcement agencies have a number of alternative tactical tools to catch criminals, and that many of these agencies "often use the same [encryption] tools to ensure their own operational security in undercover operations, while members of vulnerable groups may use the tools to ensure their privacy in the face of harassment." Often, said the report, vulnerable groups include victims of harassment, domestic violence, and cyberbullying.
Last week TechRepublic spoke with several business experts about why encryption matters for small and midsize business. This week, we asked two UN-based, technology-savvy journalists why privacy and encryption matters to the public.
Why should the public be concerned with encryption?
Mythili Sampathkumar, reporter: "Encryption helps validate the veracity of information. In the age of Twitter and citizen journalism, the spread of false information is rapid and widespread. In the wake of the Paris attacks, that false information can be dangerous from the perspective that it could, and sometimes does, spread and perpetuate stereotypes and violence. Without private and secure communication, sources would never talk to reporters-out of fear, mostly, but also the cloak of anonymity and the trust needed to speak with a reporter can lead to the most comprehensive information, the real, full story. Without privacy, the truth can be compromised."
Salima Yacoubi, reporter: "Encryption comes down to privacy of thought, I think. You need internal thoughts to develop on their own. If you turn off the ability to communicate privately, you turn off the ability to think."
What should you look for in good, secure communication tools?
Sampathkumar: "I rely on easy-to-use tools like browser plugins. In the rush of getting a story done, easier is better and makes it more likely that I'll use an encryption tool and exercise the necessary caution."
What are the warning signs of poorly encrypted apps?
Sampathkumar: "I avoid anything with a lot of flashing ads, or lacks strong password protection. I'm more a reporter than a techie, so I also ask tech experts before jumping into apps I haven't heard of."
Yacoubi: "Good secure communication tools are clearly not happening with the classic webmail providers. We should all consider our communications as semi-public. Should I start encrypting all my communications? Yes. Is it reckless to use the usual webmail providers? Still a grey area."
What is a sensible personal policy for private communication?
Sampathkumar: "Everything I do is 2-factor password protected, stored in secure files, or just plain offline."
Yacoubi: "A sensible personal encryption policy is to get a personal encryption policy. Learn how to use it. There are also a wide range of services that make encryption easier to understand and help strengthen the privacy. Take the time to explore the options."
Getting started with personal encryption:
For local email:
- GPGTools (Mac OS X) and GPG4win (Windows) allow you to encrypt email on your personal computer, generate and publish keys, and validate signatures.
Secure your Gmail:
- If you use Gmail or Google Apps Mailvelope will allow you to generate keys, import and manage keys from contacts, and encrypt individual messages.
- Cryptocat is a widely-used, well-documented, and easy to understand for beginners.
- Telegram often flirts with controversy due to it's strong privacy controls, cloud sync, and media sharing features.
- Wickr is used by business leaders and journalists-alike, and features auto-shredding messages.
Other messaging apps:
- The Electronic Frontier Foundation's Secure Message Scorecard helps users make informed decisions about a variety of popular messaging services.