In the wake of violent modern tragedies such as the terrorist attacks in Paris, what usually emerges is an accompanying battle: that of privacy versus security. Data is traveling all around us, between our phones, through the air, across cables under the ocean. You're entitled to that data being private. But some members of the government don't want it to be that way, and they're saying it's for your own good.
Encryption is what keeps your data private. But if it weren't so private, law enforcement could just listen in on all the conversations happening, peek at the websites you visit, and theoretically would be able to identify potential criminals and terrorists, stopping them before crimes are committed. You might think, "Sure, that's fine, I have nothing to hide. Read all my sexts, I don't care!" But there are some big flaws — and equally large consequences — that would come with eliminating secure encryption.
Heading into the 2016 elections, and a world that's shifting ever more online, it's imperative to understand what encryption is and why it's important, as it's going to be a big talking point over the next 12 months.
Okay, so what is encryption?
Encryption is the process of encoding a message so that the intended recipient is the only one who can read it (sort of like how you used Pig Latin when you were 8). Let's say you write an iMessage on your phone. When you hit "send," your phone uses a mathematical algorithm known as an encryption key to scramble your message. If someone were to intercept it, the message would look like gibberish. But your intended recipient has the proper decryption key to decipher what you wrote. What is it used for?
Encryption is used for all kinds of things. Every time you visit a webpage and there is a little lock symbol to the left of the Web address, or you see "https" appended to the address, it means that data sent to or from that website is kept private. Your iMessages are encrypted on your iPhone. Your digital credit-card transactions are also encrypted. Emails aren't necessarily encrypted but can be. You can also encrypt data on your phone or computer hard drive so you're the only one who can see it. (If you lose your phone, encryption is what keeps the finder from gaining access to what's inside.) What happens if things aren't encrypted?
When information isn't encrypted, someone — anyone — can tap in and see what information is being sent. If you buy a shirt online and it's not sent over an encrypted connection, someone could learn your private credit-card information and then use it to make unauthorized purchases with your card number, for example. Without encryption, all of your online doings can be tracked — and not just by our own government agencies but also by hackers and foreign agencies, too. This is why it's so important to follow the privacy practices we outline here. Why does law enforcement want to end encryption?
Law-enforcement officials want to end the widespread use of encryption because they say it allows criminals to contact one another securely. They say that without encryption, they can help prevent crimes and terrorist attacks, and more quickly and easily get access to data (without a warrant) in criminal cases. They want tech companies to hand those secure "keys" over to them, so that it's not just your recipient that can unlock your message — government agencies can, too. This is also called a "backdoor."
What does this have to do with Paris?
At a cybersecurity conference this week, the head of the FBI, James Comey, said that investigators are able to track Islamic State Group efforts on public forums like Twitter, but not once they move to encrypted means of communication. Though he didn't outright say it, he was insinuating that, if the perpetrators' communication had not been encrypted, the attacks in Paris could possibly have been prevented. Since the attacks, both American and French officials have suggested that the attackers used advanced encryption technology to keep their intentions secret. However, there is no evidence to support this. In fact, it looks like they may have used regular old unencrypted SMS messages to communicate. (SMS messages work differently from Apple iMessages.) Is their logic flawed?
Absolutely. As Wired's Kim Zetter explains in detail, a savvy cybercriminal could still communicate secretly even with widespread data encryption eliminated. Although U.S. or U.K. agencies might require backdoors into various software, apps from other countries — one made in Russia, for example — wouldn't have to abide by those laws. All criminals would have to do to get private, untracked communication is download one of those apps instead. They could also build their own encryption apps themselves. As for phones or computers that are encrypted, there are ways authorities can get at that data if they really want to — that's one definition of the word "hacking," after all. And even with encryption, communications often leave a cookie-crumb trail that investigators can follow: metadata. While your exact message may be encrypted, they could still see who you're talking to, the date and time of the communication, and even each individual's location. Here's the thing: Even if government agencies had open access to all our digital comings and goings, there is so much happening, and they would have so many suspects, that it's still improbable that they'd be able to thwart every single planned crime. Historically, the inability to stop an attack stems from not focusing on the correct individuals, and not sharing information quickly enough with various departments in order to take action in time. For example, Zetter writes that France has a list of 11,000 suspected individuals — how do you even begin deciding who are the biggest threats to zero in on?
And what does this have to do with the 2016 elections?
President Obama recently decided that it wouldn't be worthwhile for tech companies to hand over the secure keys that keep encrypted data encrypted (hooray!). But now, it looks as that debate is heating up again: Which is more important — your personal privacy or the welfare of the nation? Your ability to keep your Snapchats secret could also be letting terrorists plot their next attack, or so some will say. This will likely be a topic in upcoming presidential debates, as well as among current lawmakers. Encryption is important. You have a right to private data. And keeping our digital world secure makes it a safer place for everyone.
Encryption is the process of encoding a message so that the intended recipient is the only one who can read it (sort of like how you used Pig Latin when you were 8). Let's say you write an iMessage on your phone. When you hit "send," your phone uses a mathematical algorithm known as an encryption key to scramble your message. If someone were to intercept it, the message would look like gibberish. But your intended recipient has the proper decryption key to decipher what you wrote. What is it used for?
Encryption is used for all kinds of things. Every time you visit a webpage and there is a little lock symbol to the left of the Web address, or you see "https" appended to the address, it means that data sent to or from that website is kept private. Your iMessages are encrypted on your iPhone. Your digital credit-card transactions are also encrypted. Emails aren't necessarily encrypted but can be. You can also encrypt data on your phone or computer hard drive so you're the only one who can see it. (If you lose your phone, encryption is what keeps the finder from gaining access to what's inside.) What happens if things aren't encrypted?
When information isn't encrypted, someone — anyone — can tap in and see what information is being sent. If you buy a shirt online and it's not sent over an encrypted connection, someone could learn your private credit-card information and then use it to make unauthorized purchases with your card number, for example. Without encryption, all of your online doings can be tracked — and not just by our own government agencies but also by hackers and foreign agencies, too. This is why it's so important to follow the privacy practices we outline here. Why does law enforcement want to end encryption?
Law-enforcement officials want to end the widespread use of encryption because they say it allows criminals to contact one another securely. They say that without encryption, they can help prevent crimes and terrorist attacks, and more quickly and easily get access to data (without a warrant) in criminal cases. They want tech companies to hand those secure "keys" over to them, so that it's not just your recipient that can unlock your message — government agencies can, too. This is also called a "backdoor."
What does this have to do with Paris?
At a cybersecurity conference this week, the head of the FBI, James Comey, said that investigators are able to track Islamic State Group efforts on public forums like Twitter, but not once they move to encrypted means of communication. Though he didn't outright say it, he was insinuating that, if the perpetrators' communication had not been encrypted, the attacks in Paris could possibly have been prevented. Since the attacks, both American and French officials have suggested that the attackers used advanced encryption technology to keep their intentions secret. However, there is no evidence to support this. In fact, it looks like they may have used regular old unencrypted SMS messages to communicate. (SMS messages work differently from Apple iMessages.) Is their logic flawed?
Absolutely. As Wired's Kim Zetter explains in detail, a savvy cybercriminal could still communicate secretly even with widespread data encryption eliminated. Although U.S. or U.K. agencies might require backdoors into various software, apps from other countries — one made in Russia, for example — wouldn't have to abide by those laws. All criminals would have to do to get private, untracked communication is download one of those apps instead. They could also build their own encryption apps themselves. As for phones or computers that are encrypted, there are ways authorities can get at that data if they really want to — that's one definition of the word "hacking," after all. And even with encryption, communications often leave a cookie-crumb trail that investigators can follow: metadata. While your exact message may be encrypted, they could still see who you're talking to, the date and time of the communication, and even each individual's location. Here's the thing: Even if government agencies had open access to all our digital comings and goings, there is so much happening, and they would have so many suspects, that it's still improbable that they'd be able to thwart every single planned crime. Historically, the inability to stop an attack stems from not focusing on the correct individuals, and not sharing information quickly enough with various departments in order to take action in time. For example, Zetter writes that France has a list of 11,000 suspected individuals — how do you even begin deciding who are the biggest threats to zero in on?
And what does this have to do with the 2016 elections?
President Obama recently decided that it wouldn't be worthwhile for tech companies to hand over the secure keys that keep encrypted data encrypted (hooray!). But now, it looks as that debate is heating up again: Which is more important — your personal privacy or the welfare of the nation? Your ability to keep your Snapchats secret could also be letting terrorists plot their next attack, or so some will say. This will likely be a topic in upcoming presidential debates, as well as among current lawmakers. Encryption is important. You have a right to private data. And keeping our digital world secure makes it a safer place for everyone.
For full coverage of the attacks on Paris, click here.