Why You Should Encrypt Everything and the Reason You Probably Don't

Why does much of the world stubbornly resist data and email encryption? Why don’t we enable it on all our devices all the time?

Most of the more than 2.5 billion people who use email have more than one account, and 95 percent of the email they send is unencrypted. In real numbers, that’s just over 194 billion emails sent every day in the clear. With the Edward Snowden leaks, the increased attention to online privacy, and the steady increase in data breaches around the world, it would seem imperative — in fact, negligent otherwise — to encrypt the emails we send, the data we store on our phones, and information we send up to the cloud. But, we don’t. And even now, when we’re advised that mainstream email providers like Google and Yahoo offer end-to-end encryption, we refuse to enable the technology. Why does much of the world stubbornly resist data and email encryption? Why don’t we enable it on all our devices all the time?


For most, it’s about convenience. It’s too cumbersome to set it up, and the potential for irrevocable data loss is too high if you forget your password. Unlike technologies that allow for the automatic back up and recovery of your data, if you forget your password to an encrypted device, you may lose all your data. There is no safety net. 

The technology to encrypt consumer email has been around since 1991. Phil Zimmerman released Pretty Good Privacy (PGP) that year and provided to the average citizen encryption technology that heretofore had been the domain of large corporations and governments. Reportedly, when it was released, the NSA couldn’t break it. And while not simple to use, it afforded many with the ability to feel secure in sending and receiving email traffic.

"It's easy to see how encryption protects journalists, human rights defenders, and political activists in authoritarian countries. But encryption protects the rest of us as well. It protects our data from criminals."

But, in a famous study by scholars at UC Berkeley and Carnegie Mellon University, researchers found that most people didn’t use email encryption technology like PGP because it was too complex to use. The user interface was clunky. “User errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or near-nonexistent,” the authors argue. “User interface design for effective security remains an open problem.”

In fact, The Washington Post reported back in 2013 that Snowden had to personally explain how to set up PGP to Glenn Greenwald, the reporter at The Guardian he contacted:

"When Edward Snowden, the man who leaked the details of the PRISM program, first contacted Glenn Greenwald at The Guardian in February, he asked the journalist to set up PGP on his computer so the two could communicate securely. He even sent Greenwald a video with step-by-step directions for setting up the software. But Greenwald, who didn't yet know the significance of Snowden's leaks, dragged his feet. He did not set up the software until late March, after filmmaker Laura Poitras, who was also in contact with Snowden, met with Greenwald and alerted him to the significance of his disclosures."

“Encryption works best if it's ubiquitous and automatic,” computer security guru Bruce Schneier writes. “The two forms of encryption you use most often — HTTPS URLs on your browser, and the handset-to-tower link for your cellphone calls — work so well because you don't even know they're there.”

"Encryption is the most important privacy-preserving technology we have, and one that is uniquely suited to protect against bulk surveillance — the kind done by governments looking to control their populations and criminals looking for vulnerable victims."

To that end, privacy nonprofit Open Whisper Systems announced last week announced the release of Signal for Android. And while the app doesn’t encrypt and protect email, it does allow for the sending and receiving of encrypted messages and voice calls. And it does it in an idiot-proof manner. When the app was first released on iTunes last year, Open Whisper Systems’ founder Moxie Marlinspike told Wired magazine, “In many ways the crypto is the easy part. The hard part is developing a product that people are actually going to use and want to use. That’s where most of our effort goes.” Lauded by privacy advocates globally — including Snowden — Signal has been downloaded to over a million Android phones.

Whether or not apps make encryption simpler and easy to use, it’s vital that you use technologies that encrypt and protect your information. Personal data security and privacy is your problem. No one is going to solve it for you; neither is an app developer, your government, your child, nor your tech-geek neighbor. Protecting your data is the responsibility of one person: you.

As Schneier reminds us:

"It's easy to see how encryption protects journalists, human rights defenders, and political activists in authoritarian countries. But encryption protects the rest of us as well. It protects our data from criminals. It protects it from competitors, neighbors, and family members. It protects it from malicious attackers, and it protects it from accidents. ... Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting. ... Encryption is the most important privacy-preserving technology we have, and one that is uniquely suited to protect against bulk surveillance — the kind done by governments looking to control their populations and criminals looking for vulnerable victims. By forcing both to target their attacks against individuals, we protect society."
--
Jason is Chief, Innovation for Thomson Reuters Special Services where he facilitates, oversees, and executes long-term solutions to emerging technology challenges. He works closely with governments, the private-sector, and non-governmental organizations to identify opportunities that will shape the future. The views expressed are his alone and do not necessarily represent the views of Thomson Reuters or Thomson Reuters Special Services.

Compelling speakers do these 4 things every single time

The ability to speak clearly, succinctly, and powerfully is easier than you think

Former U.S. President Barack Obama speaks during a Democratic Congressional Campaign Committee rally at the Anaheim Convention Center on September 8, 2018 in Anaheim, California. (Photo by Barbara Davidson/Getty Images)
Personal Growth

The ability to communicate effectively can make or break a person's assessment of your intelligence, competence, and authenticity.

Keep reading Show less

This 5-minute neck scan can spot dementia 10 years before it emerges

The results come from a 15-year study that used ultrasound scans to track blood vessels in middle-aged adults starting in 2002.

Mikhail Kalinin via Wikipedia
Mind & Brain
  • The study measured the stiffness of blood vessels in middle-aged patients over time.
  • Stiff blood vessels can lead to the destruction of delicate blood vessels in the brain, which can contribute to cognitive decline.
  • The scans could someday become a widely used tool to identify people at high risk of developing dementia and Alzheimer's.
Keep reading Show less

How 'dark horses' flip the script of success and happiness

What defines a dark horse? The all-important decision to pursue fulfillment and excellence.

Big Think Books

When we first set the Dark Horse Project in motion, fulfillment was the last thing on our minds. We were hoping to uncover specific and possibly idiosyncratic study methods, learning techniques, and rehearsal regimes that dark horses used to attain excellence. Our training made us resistant to ambiguous variables that were difficult to quantify, and personal fulfillment seemed downright foggy. But our training also taught us never to ignore the evidence, no matter how much it violated our expectations.

Keep reading Show less