Different kinds of encryption and why it’s so important in today’s mobile lifestyle
“If you don’t have anything to hide, why do you have curtains on your bedroom window?”
Privacy, in these United States, is a fundamental Civil Right. Specifically, the Fourth Amendment enshrines that no unreasonable searches shall be performed without a warrant. This protects individuals from being targeted because of their beliefs, whether those are religious, political, ethnic, cultural, or anything else. As much as we’d like to deny that sort of targeting exists, history shows us that the British used unlawful searches to single out and victimize Colonists based on their beliefs – and even today, the IRS has been caught targeting groups based on their political ideologies.
Privacy isn’t only important, it’s what sets a civilized society apart from savages.
As a basic foundation, you’re entitled to privacy in your home. If anyone thinks you’re violating the law they have to petition a judge to grant a warrant to search it. That judge has to answer to (and may be removed by) the people and is going to make sure the evidence is sufficient before issuing that warrant – his career depends on being fair and, well, “judicious”.
The Fourth Amendment also mentions “papers, and effects”, which is generally assumed to include (though not be limited to) banking records, business records, journals, letters, your clothing, luggage, briefcase, bag, vehicle, etc. Just as the First Amendment has been interpreted to include the Internet and telephone (which didn’t exist at the time it was written), it stands to reason that the Fourth Amendment applies to the Internet and telephone as well.
How do we keep things private with these modern “papers” and “effects”? In a word: encryption.
Kinds of Encryption
First of all, encryption isn’t evil. It isn’t bad. It isn’t illegal.
Encryption is very much like the lock on your door or the seal on an envelope. If Law Enforcement has reason to believe you’re breaking the law (and has a warrant to do so), they may break down your door or unseal that letter. You might have a very weak door, or you might have a very strong one. Either way, it’s not your responsibility to make their job easy. Remember, a criminal could take advantage of a weak door just as easily as a legitimate Law Enforcement official.
Encryption is simply a secure door or a sealed, security lined envelope – but applied to the digital realm. Both keep the bad guys out – which is your Right, and some would argue is even your Responsibility.
Just like the door on your house and the drapes over your windows, device encryption is the layer of security that keeps people out of your house and from looking in the windows – or in this case your phone, phablet, tablet, or wearable. Without the right “key”, the contents of the device are a jumbled mess that’s not useful to anyone who can’t unlock it.
“Jumbling” the contents of your device (and “unjumbling” it when you want to use it) takes time, processing power, and has an extra impact on your battery. Similarly, installing a latch and a deadbolt on your door takes extra time and effort to unlock before you can get in your house. Both are an acceptable tradeoff.
Unless it’s a Tiny House (or something similar), your home can’t be taken away and cracked into later. Your phone, however, can be. For that reason, encrypting the entire device is a reasonable precaution – rather than simply “locking the front door”.
Next up, the information that you send across the Internet isn’t always encrypted, in fact, most of it isn’t. Google and other industry players are pushing to make encrypted traffic the default, but we’re not their yet.
Banking and personal information is (or should be) encrypted to prevent people “along the line” from sniffing your data, but that still means the content of your traffic can be monitored – and assumptions inferred by those people.
Until all traffic on the Internet is encrypted from server to client (the website to your phone, in this case), it’s up to you to preface the websites that you visit with HTTPS://. Other sources of traffic like Twitter, Facebook, Pinterest will eventually need to convert their apps to use SSL to encrypt the traffic from their servers to their apps in order to fully encrypt this traffic.
GSM phone calls use encryption – but it’s not secure by today’s standards, and it’s not end-to-end. Texts are similarly not encrypted. Emails – even Gmail – aren’t encrypted end-to-end. It’s the “end-to-end” part that’s really important here.
When surfing the web over an SSL connection, your traffic is encrypted between the server and your browser – end-to-end. When calling a friend, the call isn’t secure to the other end. That’s a problem. It can be listened to – either by a man-in-the-middle or a State-Sponsored player.
Companies like BlackPhone and Silent Circle are working to fill this void – offering both text and voice solutions that are truly secured between caller and callee. These solutions aren’t backwards compatible with “normal” phone lines and texting services and are therefore limited to their own networks. There’s no accepted end-to-end encryption standard for these types of communications in regular practice today – which is unfortunate.
Email is another story. Due to meta-data, even encrypted email could be used against you because the to/from fields have to be open to allow for their delivery. This has resulted in “guilt-by-association” accusations which may or may not be the case.
Sure, criminals could use encryption to hide their activities, but they could also put locks on their doors and drapes in their windows to hide their activities from prying eyes. Should we outlaw door locks and window shades? Should we require that backdoors (skeleton keys or automatic shade-retracting mechanisms) be mandated so governments can open our doors and shades any time they want – and put our privacy at risk of criminals who could take advantage of those holes?
No! Of course that’s absurd. But it’s exactly what governments are asking for: backdoors and skeleton keys to unlock our private files, communications, and Internet traffic – with or without warrant.
It’s time for us to all stand up for our Right to Privacy – whether you’re a citizen of these United States or live elsewhere. In our mobile and digital age, encryption is privacy. There is no room for compromise. There is no mincing of words.
Those who seek to weaken, undo, prohibit, or restrict the use of encryption, or those who seek to require backdoors or skeleton keys to circumvent this protection are, simply put, anti-privacy. They don’t want you to be secure in your home, your papers, or your effects. They want to be able to spy on you any time they want.
You wouldn’t ask them for the key to their bedroom (nor should they give it to you), yet that’s exactly what they are demanding of you.
Encryption is Privacy
Encryption is not illegal. Encryption is not “wrong”. Using it doesn’t make you a criminal.
Do not let anyone intimidate you or try to convince you otherwise.
The only question left is whether you stand with us in asserting our Civil Right of Privacy – or whether you stand with those would would have us stripped naked and put on display for all who want to look.
Fourth Amendment to the Constitution of the United States of America
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.