Why We Encrypt

Encryption protects our data. It protects our data when it's sitting on our computers and in data centers, and it protects it when it's being transmitted around the Internet. It protects our conversations, whether video, voice, or text. It protects our privacy. It protects our anonymity. And sometimes, it protects our lives.

This protection is important for everyone. It's easy to see how encryption protects journalists, human rights defenders, and political activists in authoritarian countries. But encryption protects the rest of us as well. It protects our data from criminals. It protects it from competitors, neighbors, and family members. It protects it from malicious attackers, and it protects it from accidents.

Encryption works best if it's ubiquitous and automatic. The two forms of encryption you use most often -- https URLs on your browser, and the handset-to-tower link for your cell phone calls -- work so well because you don't even know they're there.

Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting.

This is important. If we only use encryption when we're working with important data, then encryption signals that data's importance. If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can't tell the dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive.

It's important to remember that encryption doesn't magically convey security. There are many ways to get encryption wrong, and we regularly see them in the headlines. Encryption doesn't protect your computer or phone from being hacked, and it can't protect metadata, such as e-mail addresses that need to be unencrypted so your mail can be delivered.

But encryption is the most important privacy-preserving technology we have, and one that is uniquely suited to protect against bulk surveillance -- the kind done by governments looking to control their populations and criminals looking for vulnerable victims. By forcing both to target their attacks against individuals, we protect society.

Today, we are seeing government pushback against encryption. Many countries, from States like China and Russia to more democratic governments like the United States and the United Kingdom, are either talking about or implementing policies that limit strong encryption. This is dangerous, because it's technically impossible, and the attempt will cause incredible damage to the security of the Internet.

There are two morals to all of this. One, we should push companies to offer encryption to everyone, by default. And two, we should resist demands from governments to weaken encryption. Any weakening, even in the name of legitimate law enforcement, puts us all at risk. Even though criminals benefit from strong encryption, we're all much more secure when we all have strong encryption.

This originally appeared in Securing Safe Spaces Online.

EDITED TO ADD: Last month, I blogged about a UN report on the value of encryption technologies to human freedom worldwide. This essay is the foreword to a companion document:

To support the findings contained in the Special Rapporteur's report, Privacy International, the Harvard Law School's International Human Rights Law Clinic and ARTICLE 19 have published an accompanying booklet, Securing Safe Spaces Online: Encryption, online anonymity and human rights which explores the impact of measures to restrict online encryption and anonymity in four particular countries ­-- the United Kingdom, Morocco, Pakistan and South Korea.

EDITED TO ADD (7/8): this essay has been translated into Russian.

Posted on June 23, 2015 at 6:02 AM • 48 Comments

Comments

DaveJune 23, 2015 7:58 AM

It's one thing for techies and power users to extol the virtues of encryption to other techies and power users, but I'd strike a note of caution before recommending it to all and sundry.

As a long time contributor to the TrueCrypt forum (now defunct, sadly), a worrying proportion of posts were from inexperienced users who had leaped excitedly into the heady world of encryption, but had succeeded only in locking themselves out of their own data. Cue desperate pleas for help and much gnashing of teeth.

As I used to say in the TC forum, "Encryption is self-imposed denial of service. Use with caution."

If the implementation is seamless and transparent to the user, then great. If not, then by'eck, you need to know what you're doing.

mike~ackerJune 23, 2015 7:58 AM

excellent post.

I was particularly happy to see the word "dissidents" used,--

here is a quote from _No Place to Hide_ (Glenn Greenwald) ( Snowden Story )

"No matter the specific techniques involved, historically mass surveillance has had several constant attributes. Initially, it is always the country's dissidents and marginalized who bear the brunt of surveillance, leading those who support the government or are merely apathetic to mistakenly believe they are immune. And history shows that the mere existance of a mass surveillance apparatus, regardless of how it is used, is in itself sufficient to stifle dissent. A citizenry that is aware of always being watched quickly becomes a compliant and fearful one."
NO PLACE TO HIDE Glenn Greenwald, p.3

---
it is important to understand that a top quality security tool such as PGP/Desktop (Symantec ) or GPG (Gnu Privacy Guard -- OSF version ) provides


  • integrity, and

  • authentication


-- in addition to security.

security protects data from un-authorized snooping. integrity protects data from un-authorized alteration. authentication provides confidence that data is from expected source . all 3 are necessary to electronic security .

Jens Oliver MeiertJune 23, 2015 8:07 AM

In the model of financial institutions and corporations yielding the actual power, this initiative against encryption will only go as far as deterring people and smaller companies from using it. Even if the ruling class was politicians, neither side here, businesses nor politicians, can have an interest in blowing the lights out on encryption (even if that was straight-forward). That is one model.

Then, however, it’s not inconceivable that encryption may at some point be outlawed except for certain narrowly defined use cases, like, of course, banking or governmental data traffic. In the current climate that appears… possible.

Lastly, and you point at this with https, where we need to really up the ante is making encryption easy for everyone. It’s even for “IT people” difficult to evaluate encryption methods (U.S. products don’t seem trustworthy in the first place), to implement encryption (PGP and mail? that’s just way too complicated for most users), then manage all of this.

Clive RobinsonJune 23, 2015 8:13 AM

@ mike~acker,

Security protects data from un-authorized snooping. Integrity protects data from un-authorized alteration. Authentication provides confidence that data is from expected source

Hmm I'm old enough to remember it being "Confidentiality" not "Security", hence it used to be called "The CIA Triad"...

I guess folks on both sides are a tads touchy about "CIA Triad" these days ;-)

WmJune 23, 2015 8:26 AM

Anyone who has been a student of Nazi Germany and Stalinist Russia will see the intentions behind government demands to forbid or weaken encryption. It is the same reason our government is constantly pushing for gun control. This has nothing to do with fighting crime or terrorism, it has everything to do with our government's insatiable desire to install a totalitarian state. As long as we have the ability to keep out data and correspondence out of the hands of government, and as long as we keep our ability to stand up to government through gun ownership, a totalitarian government will not be able to function. After your guns and encryption are taken away, then your property rights will be taken away. After that, all legal rights, followed by a wholesale Stalinist murder campaign against anyone perceived to be an enemy of the state. Only then will Bruce and other eastern liberal gun haters wish desperately that they had a gun.

Clive RobinsonJune 23, 2015 8:28 AM

@ Bruce,

. It protects our privacy. It protects our anonymity. And sometimes, it protects our lives.

You left out the one that gets most peoples attention,

    It protects our Money

Most people have difficulty getting their heads around "Privacy" and "Anonymity" as even a five minute look at "Social Networking" shows. However "take a fiver" out of somebodies purse/wallet, bank account or off of their Credit Card, this they understand and want vengence/revenge for.

keinerJune 23, 2015 8:43 AM

@C Robinson

Yeah, as they apparently are proud that somebody is interested in their dick pics at the NSA/CIA/GCHQ, money is really the ONLY hook to get these idiotz... But I guess, as long as VISA is safe (what has my plastic card to do with your encrypted email? :-D ) no hope at all. This war is lost before it has begun. And no "good guys" left this time.

ThothJune 23, 2015 10:00 AM

@Observer
That idea wasn't really new. Such methods have been used in the military and espionage fields.

@Bruce Schneier
You can make a person feel disgusted at the state of security and privacy of an individual for a few minutes by showing them the extend of spy agencies and social media outlets (or maybe the person might not even feel anything at all) but once you start to connect the brain cells of a tangible lost ($$$$$$$$$$ -> for most people), then you will see their brain cells suddenly light up and they will grumble for the next few days in bed.

SamJune 23, 2015 10:16 AM

John Oliver had a really good communication of the surveillance problem in his interview with Snowden. It goes something like this: "Have you ever sent someone an intimate photo of yourself? How do you feel about the government keeping that intimate picture of yourself in their databases?"

RayJune 23, 2015 10:54 AM

You should have this post turned into a Dr. Seuss style book for kids and adults.

Ryan RichJune 23, 2015 12:11 PM

Just finished reading Cryptonomicon last night and was pleasantly surprised to read Bruce Schneier's article at the end about Solitaire Encryption. Bruce is the best. I read "Carry On" and am waiting to by "Data and Goliath". As a Bitcoin advocate I am becoming ever increasingly interested in cryptography and protecting anonymity on the web. Although I am surprised I have not seen more of Bruce's opinion on Bitcoin and other crypto-currencies. His opinion on the subject would be very appreciated.

PS- if you are ever in Denver check out the Denver Bitcoin Center! great people

bluJune 23, 2015 12:31 PM

@ Bruce

This is another nice compilation of what encryption is able to make inaccessible that is or should be dear to us - you should add money to that. However, especially presently it is even more important to concatenate this reminder with a detailed explanation why those values will always be more important than our fears.
After all, many nations have proven that they are either willing to intentionally or ignorantly accept constraints on both their natural and basic rights when overwhelmed by anxiety.
Reality challenges people to ask themselves whether it is worth it to filter through all communication to find relevant information even if it's minor, whether it is worth to leave a way for the government to unseal encrypted data. But since most can't find answers to those questions on their own they either assume their representatives have the access, advisers and qualification to make those decisions in their stead, or they let a public discussion ( usually a media which already fits the consumers established perspective ) point them in a direction.

In other words, we shouldn't only remind people why encryption is to be cherished as much as a locked door but also strengthen those values for times when an active criminal has settled in your neighborhood.

Some Security GuyJune 23, 2015 1:21 PM

Something to think about in the context of encryption protecting people from anyone who wants access to your data for the purposes of misusing it (from some guy on the street to tyrannical governments): Encryption is the 2nd amendment of the digital age.

albertJune 23, 2015 2:21 PM

@Wm,
"...As long as we have the ability to keep out data and correspondence out of the hands of government,..." - We don't. The NSA collects all our data.

"... and as long as we keep our ability to stand up to government through gun ownership, a totalitarian government will not be able to function..."
-If you think 'gun ownership' will let us 'stand up' to the gov't, you're sadly mistaken. Haven't you noticed the militarization of the police here? They can squash the 'gun owners' like bugs. The far right politicos 'support' 'gun owners' to get their votes. That's it. They don't give a rat's ass about gun control. [BTW, I support gun ownership, and a rational understanding of what it means.]

Todays fascists are far more sophisticated than Hitler and Stalin. The trick is to establish a police state, with few realizing it IS a police state. They don't take your 'property'(they can seize land "legally"), they own your money, and your job.
..................

@Jens Oliver Meiert,

"...Then, however, it’s not inconceivable that encryption may at some point be outlawed except for certain narrowly defined use cases, like, of course, banking or governmental data traffic. In the current climate that appears… possible...."

I'd say 'likely'. It's the only solution that satisfies the important players (banks and the gov't). Large corporations could be a problem. They have a lot of clout. So, banks, gov't, large corporations. This would probably satisfy most of the gov'ts in the world. Going after illegal encrypters should keep the FBI & DOJ busy :)

.
...

JesseJune 23, 2015 3:51 PM

@Clive Robinson and everyone else mentioning "Money" on the security side of things:

Please do not confuse money with any kind of a privately owned asset that you get to secure any sort of control over.

After years of battling Bitcoin detractors, the one thing they will always remind you is that "encryption/math/technology does not keep your money safe, the bank and insurance does". They are not afraid of Home Depot / Target / Citibank being hacked and everyone's PII being stolen because the bank will supposedly make everybody whole.

And to an extent, it makes sense. Insofar as a cabal of billionaires control what a dollar is and what it means, what purchasing power it has and how many are in supply at any moment, then it is an insignificant cost for them to directly pay off any citizenry who might otherwise feel insecure about their trivial pocket books.

One might argue that what is really at stake is prosperity.. but Money is only a score kept by corrupt referees and has nearly the same bearing on prosperity these days as does Reddit Karma.

It can spell the difference between good food, better food and starvation, it can spell the difference between a CRT TV or a 60" flat screen or reading at the library, but along with Happiness it also cannot buy you safety, peace of mind, control over your destiny or in most cases even social mobility: lottery winners and college sports stars more often than not crash right back down into poverty again.

So just remember, for every mind you hope to sway with "Encryption defends your money!" your adversary will more than happily rebut with "Here's $10 if you turn it back off again."

TimJune 23, 2015 5:05 PM

I'm not sure we need total encryption to protect dissidents. For instance, suppose we encrypt all of our messages that really need secrecy, plus 20% of the remaining messages.

Now there is enough "innocent" encrypted traffic that criminals and snooping governments cannot infer that a message is important from it being encrypted, so the goal of protecting dissidents is achieved. People would not stand out for using encryption.

However, if law enforcement has good intelligence that something bad is being planned, and needs to snoop to try to isolate the bad guys by traffic analysis or something similar, they can filter out a lot of irrelevant traffic easily (our messages that don't need secrecy and that don't fall under the 20% that we randomly encrypt anyway).

The idea here is that both non-dissidents in a country and dissident citizens should generate a lot of traffic that does not need to be secret (dissidents are still citizens and members of society, and so presumably still participate in social networks, browse YouTube for funny cat videos, and so on).

Actual terrorists, at least those like the 9/11 people, who are outsiders sent in with the goal of terrorism, would not, I expect, have as much non-secret traffic. They'll have a much higher ratio of encrypted to non-encrypted traffic than internal political dissidents, and so will stand out.

d33tJune 23, 2015 5:33 PM

One more reason to encrypt for me, is to make the naked ape / robocops a little more uncomfortable. Encryption also makes traditional police work and dependency on actual personnel more common (real talent). If encryption becomes illegal here, I'm going some place else to encrypt. One of the sweet ironies left right now in the US, is that you can be a peace loving person, generally trying at all times to do the right thing, and still end up on all kinds of stupid lists and or in prison. That has always been true, but it's just a little more true now than usual as far as I can tell. Maybe they'll lock everyone up? Of course, if you happen to be not white, and involved with orgs that Uncle Scam finds unpleasant, you can spend 43 years in solitary after being acquitted repeatedly right now.

Also, to deal a serious blow to encryption right now would just take an arm load of NSLs to all of the crypto folks at large in the US. The other five brown eyes would follow suit. Or just scare people into perpetual plain text. It's easy to see why they are afraid of public focus and the usage of crypto. Look at the progress made on Kryptos. That must be irritating. A lowly artist making an amateur crypto piece (yes, had some pro help, but how much really?) they haven't completely broken. Not even with several clues from the maker and 3 of 4 quadrants solved. I guess those unknowns can go a long ways sometimes. Sanborn is worried that after 25 years, Kryptos will go unbroken in his lifetime. CIA already has the solve (just in case it was an embarrassing message to or about them). Why haven't Hayden's / Alexander's super expensive / useless surveillance tools been used to intercept the complete key to Kryptos? Sanborn must have talked about the solution over a cell phone or email at least once after the release of Turing's Hollywood homage and the newest hint of the Berlin Clock. Pretty funny.

Cool how Sanborn made the initials of his name with the physical layout of the sculpture itself.

JdLJune 23, 2015 6:59 PM

The government may outlaw encryption, but steganography will make such laws moot.

PubliuserJune 23, 2015 8:18 PM

At a time when every major institution in America seems rotten to the core, it's reassuring to see eminent wise men such as our host find unimpeachable integrity, even if they have to look abroad. Privacy International and Article 19 are the gold standard.

This state has fought tooth and nail to keep human rights out of Americans' reach and make them settle for a few pathetic scraps of rights from slaving days. When Americans think of human rights at all, they're made to see them as second-class rights for skinny brown people in chow lines at refugee camps. It's the greatest con in history. If Bruce and his NGO confederates can smuggle them in here, it's the end for life as we know it, as abject brainwashed dupes.

ThothJune 23, 2015 10:12 PM

@Jesse
Most people's view of Cost-Benefit Analysis that happens in their brains (instinctively or intellectually) don't seem to get privacy and personal security. The reason is they don't see the immediate problems with a broken privacy system or when they have been invaded in some ways.

It goes the same for most organisation's security budgets when given a choice, most organisations go for the cheapest and least troublesome security solutions just to fulfill ... audit and compliance ... not security !!!

The reason the process is called audit and COMPLIANCE is because you simply comply as being told by legal and industry procedures. There are tangible backlashes for not complying with regulations (FIPS 140-2, CC EAL, EMV, PCI-DSS ...) for their particular industry. Tangible consequences for failing audits and compliance checks range from serving jail time in extreme cases to monetary fines or being fired from the job.

On the individual basis, there are no known "audit and compliance checks" we need to face if we have breached personal privacy and security and neither do be have an immediate tangible lost of sorts if a person finds that their personal data and security gets breached (in most cases).

As a collective whole (in-regards to 1st World Environments), most of us are comfortable with our environments and expects organisations, banks and Govts to "clean-up the mess" otherwise we will "make noise and take action". It is a certain level of complacency on our side that lowers our intellectual and instinctual "guard".

In essence, it is how the individual perceives threats and models their environment. Most people have a very relaxed and easily trusting threat model in their brains.

Note: Jail time can be more common in Asian regions than in Europe/America for breaching regulations in extreme cases.

David WebbJune 23, 2015 10:22 PM

Encryption can hide secrets for a while. Perfect encryption perhaps for a while longer. But like a chain a communication channel is only as strong as it's weakest link. Which is easier for a reasonably well connected organization - breaking encryption or owning the end system? How long (or how much) would it take to find (or buy) a zero day? Or to convince the OS provider to push out an (automatic) update with a known flaw? If you can identify via meta data what systems are of interest, and you can own them, do you really need to capture and store ALL communications or to break strong encryption?

@Wm, @albert - As albert noted guns are not a solution to a police state because of police militarization. The "police state" is already here. See How to Escape the Age of Mass Delusion (http://thefederalist.com/2015/06/08/how-to-escape-the-age-of-mass-delusion/). When one can be forced out of a CEO position (think Brendan Eich) for contributing a paltry $1000 years ago to support the truth that men and women are not interchangeable, guns are not a solution.

CuriousJune 24, 2015 3:30 AM

Speaking of the 'Central Intelligence Agency', in the movie "The Wild Geese" there is a scene in which there is a reference to a "charlie one allen" on the radio. I like to think I got the reference right away; and I thought i was very amusing as the identity of the speaker wasn't really explained or even implied in the movie.

JeffJune 24, 2015 4:27 AM

Awesome post. I've started using Tutanota with automatic email encryption. What are your thoughts on this? Should we use it - because it's better than gmail and the likes - or should we not because it's not proven that it's as secure as pgp?

PeterJune 24, 2015 7:27 AM

"If only dissidents use encryption in a country, that country's authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal...The government can't tell the dissidents from the rest of the population. Every time you use encryption, you're protecting someone who needs to use it to stay alive."

I'm all for encryption, but this argument for it is pretty weak. If you are a dissident in a country where the government would physically harm or kill you for being a dissident, believe me, they already know who you are. You just haven't become enough of a nuisance yet for them to come after you.

ConceptJune 24, 2015 8:34 AM

@Jeff

Tutanota looks very interesting, particularly the ability to integrate it with your domain and/or Outlook albeit the free version appears limited to using their domain. Their pricing structure confuses me - what's the difference between Premium and Outlook for example? Both flavours say they support Outlook!

Many other services offer 'portal' functionality and therefore the administrators have the ability to decrypt your email. Tutanota appear to do the decryption locally in the recipients browser for external recipients (i.e. non-tutanota users) by using a pre-shared password. Browser based decryption comes with some problems, particularly if used on an untrusted computer of if there is a 'backdoor' in the applet, insufficient entropy generated etc.

A free way of doing the above (i.e. for people not using Tutanota) would be to send an encrypted PDF or ZIP file. It does the same thing and leaves encryption/decryption firmly in the hands of you and the recipient - not a third party.

If you want to stay with a trusted format (ZIP using AES) and you need Outlook integration and mobile decryption apps (iPad, iPhone and Android) then you may be better served by SecureZIP. For a one-off cost of $40 you press a button in your email client, or do it directly from the desktop, and it sends the message via an encrypted ZIP file. You can also use PGP and S/MIME with SecureZIP instead of a passphrase to increase the security.

Tutanota don't offer a one-off cost solution. Or stick with free (open source) software such as AxCrypt; although it's more labour intensive for the recipient.

Remember you need to trust Tutanota. Whilst they SAY they don't have access to the plaintext how can you be sure? It's proprietary encryption and not open source.

The main thing Tutanota have going for them is usability. It can integrate with mobile devices (only Apple and Android) and uses 'transparent' encryption. It doesn't seem a bad service and they do tout themselves as a zero-knowledge provider.

HOWEVER if you are exchanging really sensitive information then you should use PGP. Tutanota would be too easy to compromise compared with its older brother (where the encryption/decryption is done by the parties concerned).

ConceptJune 24, 2015 8:36 AM

ADDED FOR CLARITY:

In my post above I'm referring to their mobile apps which don't seem to be open source.

ConceptJune 24, 2015 9:38 AM

@Jeff

After doing some more research it's s I thought unfortunately:

http://www.theregister.co.uk/2014/07/11/tutanota/
https://www.bestvpn.com/blog/16671/tutanota-private-email-review-vs-protonmail/

Being browser based it is vulnerable to JavaScript exploits. The applets can be easily hacked.

Stick with PGP.

Or for attachments use AES-256 ZIP (if you're super-paranoid a protected PDF within an encrypted ZIP in a PGP-protected email with triple-wrapped S/MIME). Overkill.

CGHMartiniJune 24, 2015 11:23 AM

@Bruce:
Encryption is like vaccination - the more people get vaccinated, the more secure the non-vaccinated get as well, e.g because unsigned spam will be mostly discarded even by gullible people instead of being read & clicked upon & installing a Trojan. Plus all the other arguments already named.

Encryption is like vaccination - it's a hazard, i.e. to robust communication, and it's a hassle.

Encryption & vaccination is a risk & hassle responsible adults are taking upon themselves to protect their families, foremost, and their society and themselves.

TimJune 24, 2015 1:42 PM

@CGHMartini

I wish that all email was digitally signed. I've certainly got colleagues who install their S/MIME certificate onto their mobile handsets (and obviously on their computer) so that all emails they send are automatically signed. The option to encrypt is there if we need to.

Searching PGP encrypted messages is far more difficult than S/MIME; hence our preference for the latter. I realise that the former is arguably more secure.

The problem is the business model of large email providers. Gmail, Google Apps for Business, Outlook (consumer version) and Yahoo do not display an indicator that an email has been signed. They attach the signature as a text file that most people don't understand and they can't be bothered downloading separate software to read the signature - thus you've got to send the message in cleartext.

On the Outlook desktop software you get a visual symbol (a red medal) automatically and in the Office 365 Outlook software you get a symbol providing you download a plugin.

Even if the likes of Gmail displayed only a symbol (and didn't necessarily let people sign emails themselves) that would be a start. My guess is that if people were to start signing their emails that would naturally transition to encrypting their emails. Now that WOULD mess up their business model - the main reason they probably don't want to implement it.

Jim MooreJune 24, 2015 2:01 PM

Dave's comment from 7:58 regarding encryption in general, and TrueCrypt specifically is important. A different angle on the same thought has to do with when we had to dispose of a large number of disks. They used an older encryption method, and key information was stored in a header on the disk. It was in the first 100 blocks. When we were retiring a system, and they were looking at wiping a large number of disks, I suggested just wiping the first 100 blocks. With the key information gone, well, the information was beyond the reach of most.

What a lot of people don't realize is that if the key information gets jostled, a lot can be lost. Yes, there is a lot of good work in error correcting codes, but I question how much is implemented in key handling, and what assumptions are made regarding the likelihood of certain types of corruption.

Marcos PauloJune 25, 2015 9:41 AM

This is so important for the internet privacy.

We need it and we need to encrypt all our data, Improving our security and our lives and the others people around the world. On time of IoT, this will be so necessary!


Nice post.

Sim PleuseJune 26, 2015 6:54 AM

A multi-platform encryption module designed to provide software developers with a guided procedure enforcing correct implementation and integration would help speed up the process of securing applications.

Using a well designed interface both developer and user can be walked through steps that teach the correct approach to using encryption safely. The module could use standardised build templates compatible with a wide variety of software, hopefully providing a relatively pain free pathway towards the universal adoption of data encryption.

Bank customers have already been taught to use the secure login procedure for online banking, learning a new procedure via a well designed user interface will not be difficult if it becomes a regularly required practice.

If you take precautions you should avoid locking yourself out of your encrypted data due to a forgotten pass phrase. If you are really worried then do something like writing separate words from your pass phrase on small pieces of card and store them in a separate room from you computer (home users can probably get away with this).

Of course don't ever write your pass phrase on a piece of masking tape stuck under your keyboard or anything similar that requires only one simple step for another individual to gain complete access to your private information, rendering your encryption pointless.

copynotmoveJune 26, 2015 10:39 AM

Spamming the NSA et al. is independent of whether or not your correspondents encrypt. Hide the real content in noise.

NaNJuly 6, 2015 4:20 PM

is GPG enough ? i've read that an Italian company was selling software to breack mail, etc..

Knud Henrik StrømmingJuly 15, 2015 5:59 AM

"Encryption protects our data."

Sadly, in most discussions about encryption the word "temporarily" is left out. Encryption can only protect our data temporarily. In quite many cases, temporary protection is fine, but in some cases it's not. And, as encryption intrinsically is a (con)temporary protection mechanism, encryption is simply the wrong choice as the protection mechanism in such cases.

Health information, for example, could reveal information about hereditary diseases, possibly not yet known to be hereditary. Such kind of information could be "interesting" way beyond the life cycle of any known encryption algorithm, indeed way beyond the life of the person herself.

To protect such kinds on information, encryption is just a misunderstanding.

Clive RobinsonJuly 15, 2015 7:05 AM

@ Knud Henrik Strømming,

Such kind of information could be "interesting" way beyond the life cycle of any known encryption algorithm, indeed way beyond the life of the person herself.

As far as "public crypto" is concerned, at present much of it has either failed or become inadvisable to use within a quater of a century.

I've had gas and electricity meters in my home, unchanged for a longer period than that. The utility companies have had equipment in place and functioning for even longer than that, and in London the Victorian sewers are well over a century, whilst in York and Rome, Roman sewers are still functioning after a couple of millennium. Further "land leases" can be upto 999 years in duration.

Further we are now looking at medical implants that are expcted to last for upto thirty years or more...

All of these now require encryption in some manner to protect them from all sorts of attack...

Thus as I've said many times before here and in other places, we need not only protocol and crypto primatives, but "frameworks" in which they can be sensibley and securely upgraded. Not just on paper but as a legal requirment in all products.

The "unregulated" or "freemarket" always becomes a race for the bottom where only very very short term profits are the goal. We have seen this in all privatised utilities, and all publicaly traded companies.

Thus the "to hell with the future" mentality which can only be met buy insecure behaviour at all levels, this includes "company suicide" where the execs cut not just the maintanence that is sensible, and goes way beyond that where the company becomes to fragile to survive even minor misfortune, and beyond the safety of the employees but upto the point where it effects not just safety of everyone but the environment as well, to the point it will be effecting people five, ten and a hundred years out.

Effective and properly policed regulation is what is needed, and that has a price. But that price over even moderatly long term periods is nothing to what a properly managed company will return over the same period.

Look at it this way, work out the compound effect of my loaning you 1 dollar at 1% per day for a week, month, quater, a year and five years.

That's the advantage of not just living for tomorrow but the day after rather than blowing it all today.

To look at it another way, what's the cost of installing a Smart Meter today 250USD as a one off, maybe 50USD when you do all the houses in the same street at the same time. Of that maybe 10USD is the actual price of the smart meter.

What's it going to cost to replace them every five years because they did not design them to be upgraded in place? Then compare it to the less than 1USD price to make the meter future proof for it's expected user life of a quater of a century or more?

DamonSeptember 30, 2015 3:50 AM

Do we really protect privacy by encrypting everything? If I want to keep everything private, then I am projecting that on the world. Is it not a problem if we keep all our conversations "private"? If so, then how does community consciousness arise, from encrypted bytes? IMO, http is one of the greatest gifts we have, facing premature extinction from forces of their own making; that would know how to corral citizens to a marketing dogma. http is the park down the street; what should ordinary people have to hide (and collectively, to be able to defend, against criminals, competitors, neighbors, and family members..)

AnthonyJune 24, 2016 11:30 PM

This animated infographic shows how much data is consumed every second globally:

https://www.vpnsrus.com/data-consumption/

Look at those numbers spin. it's mind boggling. The thing that worries me is Governments worldwide are trying to intercept as much of this as possible, doing the bidding of quite often private companies.

It's disgraceful.

ianfJune 25, 2016 7:46 AM


It's not an animated infographic of global/ regional data volumes, it's a dynamic multi-counter of aggregated CISCO router traffic. It would be an infographic if the numbers were represented as colored visual staples, or slices of an "apple pie" superimposed on a global map. Still not sure what it is supposed to convey other than an Aha! Data! sensation.

I agree that trying to harvest/ harness it all is distasteful, but what's grace got to do with it?

Also, the sheer (let alone accumulated) volumes of the data speak against those dis-something governmental activities being of much use.

Tricia BellasarioAugust 6, 2016 8:25 AM

A well-researched and well-written article by Bruce. Really happy to see that at least someone realized how much Encryption is the dire need of this hour, not only for big corporations or organizations but individuals themselves. That is why we have observed in the uprise of so many VPN services telling you why you actually need a VPN. Bruce concluded the article by saying, "we're all much more secure when we all have strong encryption"; and I totally agree with it. Small steps lead to big things, and encryption may seem like a small issue today, but it literally feels big when you face unforeseen consequences of your negligence.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.