On the necessity for encryption

Photo by Sara Schmitt

Today’s world is full of constant communication. People can use their phones to message one another asynchronously, with messages travelling across the globe within seconds. Banks and businesses communicate over the Internet to offer products, services and transaction handling. Here at Tech, we handle an overwhelming amount of sensitive data electronically, including class registration and course management.

Due to legal restrictions and expectations of privacy, many sensitive communications are transmitted in a way that is intended to mask the contents of the data to all but the sender and the receiver. Even data that is not being sent over the internet is often masked in a similar way to ensure that sensitive data is unreadable to all except by authorized users.

The science by which this data is kept safe is encryption, which essentially boils down to transforming data in such a way that only the intended recipient can unscramble its contents. Many forms of encryption are designed such that the information needed to encrypt the message is different from that needed to decrypt it, ensuring that even senders cannot decrypt messages intended for other people — even if those messages are meant for the same recipient.

While sensitive communications are often expected to be encrypted as a basic measure of protection, most communications are unencrypted, allowing third parties to inspect the contents of messages with little to no difficulty. The global standard for text messaging, SMS, is unencrypted. Email is unencrypted by default.

Even communications where encryption is standard, like Apple’s iMessage service, are in danger of becoming unsecured due to government efforts to install backdoors into encryption software with the intent of allowing government access to encrypted communications in the case of an investigation. Ignoring the ethical concerns of such a situation — that is, assuming the government never uses this backdoor maliciously — still leaves the issue that backdoors into encryption would never be able to be restricted to government access with certainty.

Computer data, at its heart, is composed of numeric representations. Encryption, likewise, is a mathematical function intended to allow for the encryption and decryption of messages without being solvable in any reasonable amount of time by a third party. Backdoors essentially provide an override of that mathematical function, which, if found, would allow third parties to read all messages encrypted by that software without needing to solve the algorithm used by the encryption software.

It is impossible to have encryption that both allows for government access to data and adequately secures the communications it protects. Despite this, the U.S. government has continued to push for backdoors into secure communications. The only way to keep data secure is to prevent these backdoors from ever being placed.

Many websites have begun to use HyperText Transmission Protocol over Transport Layer Security (HTTPS) to host their websites and communicate with users, even for mundane activities like video streaming. HTTPS uses encryption to certify that no attacker has intercepted the user’s connection in an attempt to steal their information and prevents third parties from observing the data sent to and from the website in order to protect secure information.

Fundamentally, encrypting communications gives users control over what information they want to make public while simultaneously securing the information they have chosen to share with specific people, ensuring that they have complete control over who receives their information. While many people make information public through websites like Facebook, it is Facebook’s use of encryption that ensures that the data users give to the website is protected and will only be used by Facebook as it has agreed to do in its Terms of Service and Privacy Policy.

Everyone should use encryption for all of their communications, sensitive or not, because it gives them total control over who sees and uses their data. Encryption keeps us safe by ensuring that the people or companies we want to be able to see our data are also the only ones who are actually capable of reading our information. Without it, there can be no
guarantee that communication is ever truly private.