Private I: It's time to encrypt everything
If we’ve learned anything from the last few years, it’s that given the opportunity to snoop on or scarf up our data or our metadata, criminals, business, and governments have a lot in common. They may have different ends that drive why they want to look at our email and transactions, listen in to phone calls, track with whom we communicate, and follow our location, but it all involves a lack of consent.
We can take action into our hands and reject their assault on our privacy by encrypting as much of our data as we can, mostly in transit when it’s at its most vulnerable. Tools have never been more powerful, and we’ve never had as many options from which to choose. It’s about to get even better.
FBI Director James Comey complained in September that iOS 8 and the latest versions of Google’s Android enable encryption so strong, the FBI can’t break it easily or at all. As is so often and so tediously the case, Comey trots out terrorists, pedophiles, and other criminals, who represent a vanishingly small percentage of all mobile users, as the reason to compromise everyone’s security.
So far, Apple and Google haven’t budged, likely because their users are happy to hear about their stance. Tim Cook has spoken quite strongly about the need for technology users to control what and how their data are accessed by others—including governments.
But there’s certainly more we can do. The Internet was developed in a ridiculously open fashion, because it was designed by and for academics, and it still retains many vestiges of that behavior. Some of this used to be related to processing power: encrypting and decrypting information in real time as it speeds among devices and through routers was once much more expensive than it is today. Custom chips and circuits, such as is built into iOS hardware, reduces the computational overhead and cost. A large percentage of Web servers are hosted on hardware that can easily handle all traffic running through HTTPS without a hitch. There’s really no excuse for an information provider to avoid offering a secure method.
What you can do right now
On a Mac or in iOS, you have a lot of options service by service or overall.
Use a VPN. A virtual private network connection puts an encrypted wrapper around every bit of data between your hardware and a termination point elsewhere on the Internet. Companies have long used VPNs that terminate inside a more heavily protected corporate network. But any individual can hook up with Cloak, TunnelBear, AnchorFree, and many others. (I wrote an overview of VPNs back in 2012 for Macworld.)
A VPN is comprehensive, covering all your traffic, but it’s also incomplete. Because it isn’t fully end-to-end (it terminates at a data center somewhere), it’s better at protecting weak local and nearby links, such as in coffeeshop or even a local ISP.
Use client-to-server encryption. I remember a time when it was rare and a pain to use encryption for receiving and sending email. Now, it’s nearly universally available, and Apple Mail and other email clients do their best to set up a secure connection by default. For any server connection, prefer or configure your settings to use a secure option. With some sites or services, you may need to set up your account first, and then use a security preference to require HTTPS or an encrypted connection. With software that uses Web services, preferentially find the HTTPS endpoint—you may have to search for it—instead of the plain HTTP.
Like a VPN, client-to-server encryption has a termination point: if the mail, file, or other server is compromised by a criminal, an employee (including executives!), or a government agency’s demands, your information can be intercepted. Data has to be encrypted and decrypted at the server, whether it’s Dropbox, email, or what have you. Almost always, you can have secure transit (SSL/TLS, SSH, or other) and secure storage, but a stage in the middle where decryption must occur to transfer back and forth.
There’s work happening on the Web in this regard, too: many Web sites could and should use SSL/TLS, but the cost and technical complexity for small firms outside of ecommerce, finance, and health have prevented a full-scale adoption. The Electronic Frontier Foundation just announced a plan called Let’s Encrypt to integrate the creation, installation, and automatic renewal of security certificate for Web sites that could dramatically expand encrypted Web connections, keeping one’s casual habits safe as well.
Use end-to-end or peer-to-peer encryption. The gold standard is having client software that allows for no compromise between users on either end, offering only the parties on either side to interact with the data that’s flowing. This has been relatively rare in the past, because a client/server architecture allows for heterogeneity—a fancy way of saying that you can have a clever server that speaks either a standard or can handle many different protocols, and then many different kinds of clients.
Heterogeneity avoids the need for everyone to use the same client software, and makes the reach of a given service or product much broader, because it avoids platform or OS version lock-in. There are thousands upon thousands of email clients, even though a handful are the most widely used. Likewise, hundreds of Twitter clients remain, even after the firm tightened its access rules a few years ago.
Peer-to-peer clients require that everyone with whom you want to communicate installs the same software, which may be limited to one or a few platforms, or chooses from a much more restricted set of choices. That limits utility, and it’s what has driven people to less-secure client/server configurations. The trend is shifting, though, in part for security concerns. Skype has always used end-to-end encryption, as has iMessage. But both have significant flaws in how their integrity is verified by regular users and validated by outsiders.
ProPublica, a journalism non-profit, recently published a deep evaluation of secure messaging tools, scoring one point for each of seven measures, including whether the source code was open to outside auditing. Only a handful of serious, but relatively thinly used systems received seven points; the most commonly used tools scored much lower. AIM received one point as did Skype, while iMessage and FaceTime each scored five.
This scorecard will change rapidly. Just this week, WhatsApp, the Facebook-acquired massively popular messaging app, announced it’s integrated TextSecure into its Android client for interacting via text, taking Android-to-Android connections from two points on ProPublica’s scale up to seven. WhatsApp will add iOS and other kinds of message support in the future. And a firm founded by former Navy SEALS and veteran iconoclastic encryption gurus, Silent Circle, also scores seven for its text and phone call services available through iOS and Android apps.
You may have a lot of different feelings about whether or not government bodies—with or without the varying legal processes ostensibly guaranteed to you in the country in which you reside—have the right to listen in, intercept, or decipher data on demand when national security or other interests are at stake. But any method by which a government agent can access our data is a conduit for thieves, companies, and other governments to use as well. Law enforcement has to adapt; we need to protect ourselves, as they cannot.