Big Tech Surveillance Thomas Knapp

Don’t Wait: Get Into the Encryption Habit Now

Photo by Christiaan Colen via Flickr

By Thomas Knapp / CounterPunch

In early August, a Nebraska prosecutor charged a mother and daughter with violating the state’s ban on abortion after 20 weeks. That ban was passed in 2010, but didn’t go into effect until the Supreme Court’s ruling earlier this year overturning Roe V. Wade.

Part of the state’s evidence consists of Facebook messages between the two, indicating that the mother obtained “abortion pills” for her pregnant daughter.

Police obtained those messages in the usual way: They presented a search warrant to Facebook and the company turned over the data.

If the two women had used Facebook’s optional “end-to-end encryption,” the police would still have been able to get that data — but they wouldn’t have been able to read it.

Facebook has since announced its intention to make end-to-end encryption the default, rather than an option, in its Messenger service.

That’s a good thing.

Whatever your opinion of abortion in general, or of Nebraska’s laws and the women’s alleged actions in particular, the case illustrates how easy it’s become for government to eavesdrop on our communications in real time, or seize and read our private files after the fact.

Between constantly advancing technical means, the tendency of judges to defer to law enforcement, and government’s willingness to just plain break the law when the law doesn’t suit their purposes (see Edward Snowden’s disclosure of the NSA’s illegal spying programs for examples), it’s become far TOO easy.

Some politicians on both sides of the major party aisle disagree. They don’t think it’s easy enough. They’re constantly working on laws they hope will make strong encryption less available (or, with “back door” schemes, just less strong).

This is the kind of battle that’s easier to fight now than later.

Strong encryption has been widely available for more than 30 years now.

But in order for the government to lose its war on our privacy, we need to see far more widespread adoption at both the individual and corporate levels … and we need that adoption to outpace unscrupulous politicians’ ability to keep up with it.

In a mostly unencrypted world, encrypted communications (of most kinds — there are exceptions) tend to stand out. In such an environment, it’s not unlikely that at some point, encryption will itself be deemed “suspicious” and its use treated as grounds for investigations and searches.

But if we’re all using encryption, all (or even most) of the time, prosecutors will need other pretexts, maybe even real evidence, to get permission to pry into our private affairs.

Which is exactly as it should be.

By using encryption on principle at least some of the time, and by asking your messaging providers to enable it by default, you’ll be protecting your privacy. And everyone else’s.

Thomas Knapp

Thomas L. Knapp is director and senior news analyst at the William Lloyd Garrison Center for Libertarian Advocacy Journalism (thegarrisoncenter.org). He lives and works in north central Florida.

6 comments

  1. It would be helpful to distinguish between the various types of communication and means of encryption.
    Most internet traffic is encrypted via the HTTPS protocol between the person and the website. That is what allows us to enter our personal information (credit card, etc) without worrying about it being intercepted. The older HTTP protocol sends information via clear (unencrypted) text. Websites doing so are flagged by our browsers.
    Though HTTPS is used when accessing email, it does not prevent our email providers (looking at you, Google and Yahoo with your email ads) from scanning our email and making use of that information. For that, one would need an email encryption service.
    However, even using HTTPS, our Internet Service Providers (and the authorities) can see which websites we are accessing. For that one needs to use a Virtual Private Network (VPN). A VPN encrypts our requests to access websites, whereas HTTPS encrypts the contents of our communications with those websites. Both should be used.
    What you are referring to in this article is end-to-end messaging encryption, which WhatsApp, Signal, Telegram and Viber do by default, but Facebook Messenger does not.

    1. Good points.

      Yes, there are various things to encrypt, and various ways of encrypting them.

      Thankfully, HTTPS is getting close to universal and VPNs are increasingly popular (my wife’s workplace will only allow her to log in from home via VPN).

      I was just addressing the messaging side — email and text messengers — specifically.

      As a side note, I don’t have a lot of faith in encryption in cases where a specific person is already under surveillance.

      That is, if the government is specifically interested in me, and specifically wants to know what I’m typing, it probably can find out in various ways, from getting a keystroke logger onto my machine to Van Eck phreaking, etc.

      Getting more people to use encryption is more a matter of making it less likely that the government will get interested in a particular person BECAUSE that person is using encryption. Instead of giving them a shiny needle to find in the haystack, give them a stack of needles.

      Thanks for reading and commenting, and thanks to ScheerPost for finding the piece interesting enough to pick up!

  2. I have been using Signal. I started getting messages that it would have to be updated within a certain number of days. Each time I saw the message I had two responses.
    1) update it right away – which could be done by pressing UPDATE NOW – which I did
    2) When I did that, it wasn’t actually updated and the countdown of days contunued.
    3) When the time was up, I continued to use the App and a couple of people said they received my messages.
    4) In the meantime, everywhere I saw encryption discussed, people were saying that it’s impossible to encrypt messages that can’t be read by the Intel/military spooks. FRUSTRATED

    1. Unless the NSA or whoever has developed mathematical techniques that we don’t know about, it’s possible to encrypt a message that they can’t read NOW (unless they intercepted it before you encrypted it, that is).

      Of course, they may HAVE developed such techniques. And it’s likely that e.g. quantum computing will make it possible for them to decrypt messages later that they intercepted and saved but couldn’t decrypt at the time.

      That’s one reason why it’s good to have a LOT of people using a lot of encryption now. Even better decryption technology and use resources. If they have a stack of 10 billion encrypted messages to work on instead of, say, 100 million such messages, it will take more time and more resources to decrypt them, and make it harder for them to know which ones to attack in the first place.

      I remember a movie or TV show — I can’t recall which one — in which there’s a bank robbery, and the robber is dressed as Santa Claus. Normally, that would be an easy guy to catch. But in the movie or TV show, it’s a few days before Christmas and the streets are crawling with Salvation Army Santa Clauses ringing bells, department store Santa Clauses who just got off work, etc.

      Think of lots of people using encryption like that: If they try hard enough, they can invade anyone’s privacy, but if everyone’s using encryption, they have to make choices based on other things like, you know, EVIDENCE of a crime, instead of just reading everyone’s mail because they can.

  3. Decades ago, the NSA went to libraries across the US and stole all books on cryptography. They didn’t want Americans to understand how to create unbreakable codes. When I asked a friend who was a former member of the NSA about this, he said with a grin, “I can neither confirm nor deny that statement.” Enough said.

Comments are closed.

%d bloggers like this: