The following article was written by Kenny Tan, North American Executive Board member.
Anyone who uses the internet should consider using strong encryption to safeguard personal information and private communications.
Why ? Consider the recent news highlighting the extent of NSA surveillance. Almost all telecommunications (e.g. email, social networks, voice calls) operate through central service providers that store records of all user activity. As a result, the Feds can easily access that data without a warrant by requesting it through a Foreign Intelligence Surveillance Act (FISA) request or National Security Letter (NSL).
But what if someone has nothing to hide from the government? The NSA’s strategy of massive data mining and indefinite storage in centralized data centers still leaves many areas for concern. A concentration of sensitive information is a treasure-trove for malicious hackers. Even if the government thwarts all external attacks, consider how much data was available to leakers like Bradley Manning and Edward Snowden. As Snowden admitted in his interview with Glenn Greenwald, it would have been quite lucrative for him to sell data to foreign intelligence agencies. It’s not hard to imagine far less honorable government employees abusing their power for criminal gain. If the government cannot protect its own secrets why trust it to protect yours?
How does encryption work? First, an encryption algorithm takes two inputs, the data to be encrypted and usually an encryption key. The algorithm then applies its complex series of mathematical operations, potentially altered by the key, to the data. The output will be unreadable text. Encrypted data is similarly decrypted using a decryption algorithm and a decryption key.
To offer an example, we’ll examine Bitmessage, a peer-to-peer communications protocol. Bitmessage allows users to send and receive encrypted messages. Think of it as a substitute for email. Instead of email addresses and passwords, users can generate 36 character addresses along with public keys (encryption keys) and private keys (decryption keys). Bitmessage, similar to Bitcoin, runs on a decentralized distributed network, meaning that messages do not run through a central server. Instead, each user’s client/software forms incoming and outgoing connections with a limited number of random clients. New messages are forwarded throughout the network, thus distributing all messages to all users running the software. Users do not know the intended recipient of messages. Instead, each user’s client will attempt to decrypt each message using previously generated private keys; if it is successful then the message was meant for that user. As a result, Bitmessage hides the identity of original sender and recipient. This feature can be especially useful considering that the National Security Agency is collecting vast amounts of metadata from Verizon. Analysis of metadata, or non-content data, can reveal much more than the content itself.
Tools such as Bitmessage could become much more popular in the near future. In the past, technical expertise has posed barriers for wide adoption of encryption technology. However, the growing threat of government surveillance and recent advances in hardware and software could make wide adoption more likely. Like Bitcoin, websites could be developed to integrate Bitmessage and provide interesting statistics about the network while mobile applications and QR codes could reduce the effort required in dealing with 36 character long addresses. A detailed guide to installing and using Bitmessage can be found here.
Of course Bitmessage is not the only encryption application you can use. Timothy Lee offers a list of other useful tools and tips for anonymous internet browsing, sending encrypted chat, securing phone calls, and thwarting cell phone tracking. In the future, encryption could become mainstream but in the meantime, the government is racing to catch up with the world’s fastest supercomputer.