When I suggest to people that we should communicate using encryption, I get the impression they don’t take me seriously.
Am I paranoid? Do I think I’m interesting enough to be the subject of surveillance? Maybe I want to play at being a spy? OK, maybe the last one is partly true, but seriously, I think there are good reasons to encrypt all information by default.
To be completely clear, when I suggest we use encrypted communication:-
- I don’t have any classified information to share
- I’m not buying or selling anything illegal
- I am not planning to have an affair with anyone
- I’ve got no intention of overthrowing any governments or hacking anything
I don’t think I have anything to hide. However, I don’t want to have to think, every time I send a message to a friend, family member or whoever, about who might see it, now or in the future and what the consequences might be. Maybe one day one of us will be famous and our embarrassing utterances may be of interest to the masses.
I’d just like every message between us to be between us. It’s easy to unthinkingly assume that the messages we send are only read by the intended person or persons. I want that assumption to be reasonable.
Email is not usually encrypted and is easy to fake
For a popular example, email has often been described as about as secure as a postcard. In practice I think it’s a bit worse than that. Firstly, because it’s easy to intercept and read millions of emails automatically. Secondly, with a postcard you can probably recognise the sender’s handwriting which would take some effort to fake. Email senders can easily be spoofed. By default there’s no way to verify that the address in the “From:” field is the person who sent the email.
It shouldn’t take too much imagination to see how the insecurity of email could lead to problems. It’s already been exploited via a simple scam in the UK.
To summarise the link above… A couple had some building work done and had agreed with the builder to pay via bank transfer as many people, myself included, do regularly. They received an invoice from the builder via email which included his bank details. They duly transferred £25k to the account, but the builder never received it. The email appeared to come from the builder’s email address, but was in fact from a scammer who had sent their own bank account details in place of the originals.
This would not have been possible if the email sender’s identity could be verified and the email encrypted. Another solution would be to share the bank account details in person or, if you recognise the person’s voice and know their number already, over the phone. A phone number in an email could also be faked.
There are ways to improve on email security, in fact it’s fairly simple if both parties can use the same service. Other solutions get a bit more complicated.
Encryption is getting easier
The good news is that it’s getting easier to encrypt everything by default. Google are now encouraging all websites to be delivered via HTTPS (the S standing for SSL or Secure), making websites harder to fake and adding to the reliability of online data.
Many email services now offer some level of encryption and verification within their service. So a GMail user writing to another GMail user can expect their communications to be encrypted. Facebook messages are encrypted, as are WhatsApp. In some cases it may be possible for employees of those organisations to access clients’ communications, or to change the application for a user so that their data can be read.
For a higher standard of encryption people look to “zero-knowledge” solutions in which the service providers don’t have the ability to read user data or access their private encryption keys, even if they wanted to or were forced by law, blackmail, bribery, etc. Zero-knowledge email systems include Tutanota and ProtonMail. They’re not perfect. I won’t go into all the pros and cons here except to say that at the time of writing neither are securely interoperable with other email services, but can still be used for unencrypted plaintext emails to/from any address. Of course all this is pointless unless you have a good password.
For text messaging the most respected zero-knowledge solution is Signal, which is available for free on iOS and Android. WhatsApp also offers “end-to-end” encryption, but unlike Signal the code is not open source, so not subject to public scrutiny. Researchers have already shown that WhatsApp can allow Facebook and possibly others to read private messages. Furthermore there’s some controversy over the sharing of user data with Facebook.
Secure messaging is not paranoia, it’s good practice.