Computers, Privacy & the Constitution

I Have Nothing to Hide or: Why Should I Spent 10 Minutes to Encrypt My Messages?

-- By GrahamGodwyn - 06 Mar 2015


After the revelations gifted to the American public by Edward Snowden in 2013, one might have expected that there would be a mass movement towards encryption. The tools are widely available and relatively easy to use. The costs of encrypting are tremendously low on a per user level. There was a time when encryption/decryption was computationally expensive enough to impede use. There was also a time when real technical prowess was needed in order to acquire and properly utilize encryption software. However, today, encryption that is theoretically unbreakable via brute force and easily runnable on a consumer laptop is trivially easy to acquire. It even comes with a GUI. Setting up printers, updating drivers, working through compatibility issues, and managing routers are all more technically difficult activities than encrypting basic messages. The average computer user is certainly up to the task.

Why Are People Not Encrypting Their Messages?

It is difficult to get people to do things when they do not see an immediate benefit. Encrypting messages may be analogized to recycling. There is an upfront cost, albeit a small one, and any benefit will not be immediate, or even necessarily felt on an individual level. In order to get people to expend energy for no perceived benefit, there must be some incentive. For recycling it was somewhat easier, the government provided monetary incentives and ran public service campaigns to encourage recycling. Eventually, recycling became popular and commonplace. Given the governmental interest in discouraging encryption, there are unlikely to be monetary or government sponsored campaigns on behalf of encryption. However, the biggest reason people do not use encryption is not technical, nor is it even related to perceived cost or benefit. The problem is cultural. To put it bluntly, it is not “cool” to encrypt your messages. It is still seen as a peculiar activity by the paranoid or eccentric; a way to communicate from basement to basement the newest style of tinfoil hat. Encryption still falls into that nebulous category of things that only the computer science majors ought to be really excited about. There would need to be a major shift in order for encryption to become mainstream.

Possible Solutions

There is probably no one size fits all solution to get people to encrypt their messages. The best approach would involve making encryption seem “cool,” or at least normal, and convincing people that it is in their own best interest to encrypt their messages. For the first prong, strong marketing would be the best approach. As we have seen time and time again, marketing is powerful. We can look to an enemy of privacy, but genius marketer for guidance on this point. Steve Jobs managed to turn something traditionally nerdy into a status symbol for the trending, transforming a dying brand into a seasonal must have. Because encryption is not being pushed by any one brand or company, there does not need to be a cohesive “marketing” strategy. Instead, there should be a push by all interested groups to make encryption appear as normal and commonplace as possible. If encryption is treated as being expected, rather than as a peculiarity, it will be much more accepted. Articles discussing it would be advised to make encrypting a message sound no more unusual than protecting a wireless network. CNN discussing the identity of 4chan is a great example of how not to treat encryption. Another route would be to treat encryption as a business necessity and allowing encryption to integrate itself into everyday life through that channel. Businesses are already concerned about corporate espionage, and now that we know that everyone is watching everyone else, the fear of foreign and domestic agents stealing propriety information is easy to capitalize on. Though this method would be capitalizing on fear, it is not the same as spreading traditional fear, uncertainty, and doubt. There are real, legitimate security issues. Even if one were to trust the U.S. government to never use data improperly, the hardware and software backdoors they implanted result in weakened security across the board. Regardless of what else changes, economic concerns still command a great deal of attention. If people realize that their important documents, and thus their financial advantage, are not secure unless they use an open source method of encryption, there will likely be a real push for private corporations to mandate that use. Once people get in the habit of encrypting important business documents, and if they know why they are encrypting them, it is only a small jump for them to encrypt all of their important documents.

Lingering Issues

A major obstacle toward encryption is governmental. If encryption of messages becomes more common, there will be greater pushback against it. Already, the U.S. government restricts the exportation of cryptography. In the last year both Prime Minister David Cameron and President Barack Obama have come out saying that the government should be able to break all forms of encryption if it decides to. If stronger anti-encryption laws are enacted, the average person is much less likely to encrypt their messages.[1] The risk is if encryption does not become a political issue now, and it fails to gain appropriate notice, by the time the average person is concerned about cryptography, the tools will have become too restricted to easily access.

[1]"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl." - Unknown Author [2]

[2]ROT13 is not a secure method of encryption

Almost all the students in this class who completed any work at all successfully completed the first technical exercise, have OpenPGP? keys on the keyservers, and used GNU Privacy Guard to create and upload them. Do facts matter to your analysis at all?

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r5 - 26 Jun 2015 - 19:52:29 - MarkDrake
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM