Why Encryption is Good

After watching recent events regarding our Federal Government reading the phone records of American citizens, and the acknowledgement by the NSA chief that they’re monitoring the phone calls of Americans, I’ve decided I’m getting a little annoyed with these casual little incursions into our privacy. Since it seems that our Federal Government has show no interest in preserving our privacy rights, I’ve decided that in the little ways that are afforded to a private citizen, I’m going to begin pushing back.

I’ve started once again encrypting my email, as I’m able. Of course, in order to do this, the person that I’m writing to must be able to support reading that encrypted email. So, I’m writing this to offer my reasons for encrypting my email, and encourage others to do the same. At the end of the post, I’ll include links for you to begin encrypting your email.

In 1991, Phil Zimmerman wrote an interesting little application that he humbly titled Pretty Good Privacy. I say humbly, because the software that he released brought real data encryption to the common folk. For a while, Zimmerman was prosecuted for violating munitions export laws.

During the time he was being prosecuted, Mr. Zimmerman wrote a defense of PGP and email encryption in general entitled “Why Do You Need PGP?“. Many of the thoughts I’m writing are echos of Phil Zimmerman’s ideas written is that article.

More fundamental than the question of whether we should encrypt email is the question of whether we should keep secrets in the first place, and from whom we should keep secrets. As Zimmerman notes, as a rule, we naturally consider our letters confidential enough to put them into an envelope instead of using postcards. We would also be upset if we received a letter opened by someone unknown. Yet, for some reason, we have no problem sending emails in an easily readable format.

More importantly, the easy of our electronic communication directly leads to the ease by which anyone who listens between you and your recipient can gather and read all your email. Zimmerman writes the following:

Today, if the Government wants to violate the privacy of ordinary citizens, it has to expend a certain amount of expense and labor to intercept and steam open and read paper mail, and listen to and possibly transcribe spoken telephone conversation. This kind of labor-intensive monitoring is not practical on a large scale. This is only done in important cases when it seems worthwhile.

More and more of our private communications are being routed through electronic channels. Electronic mail is gradually replacing conventional paper mail. E-mail messages are just too easy to intercept and scan for interesting keywords. This can be done easily, routinely, automatically, and undetectably on a grand scale. International cablegrams are already scanned this way on a large scale by the NSA.

Sadly, Zimmerman’s analysis is out of date, as the NSA is not limiting their surveilance to international communications. The NSA has installed in AT&T’s switching office a software package that can “reconstruct all of their [users] e-mails along with attachments, see what web pages they clicked on, we can reconstruct their (voice over internet protocol) calls.”

The problem is that the people who are reading your email to check for terrorist activities are human… it could be your next-door neighbor, your old college ex-girlfriend, or some guy who’d love to dig up dirt on you. While the law has always allowed for surveilance of suspects, that surveilance always had the checks and balances of the courts, who were responsible to make sure that both your privacy and the 4th amendment are being preserved. It seems that this is no longer the case.

Religious Persecution

Think about sending an email to a Christian in China or Saudi Arabia. If their government found out that one of their citizens is a practicing Christian, it could subject them to prison, or even death. The benefits of encrypted email are obvious in this situation. However, think about the problem that encrypting sensitive email causes. While an observer may not be able to read the contents of the message, the fact that the message is encrypted can alert an enemy that the communicants are hiding something.

That’s why it’s important to make encrypted email the norm, and not merely the exception. Just like a letter in the mail does not signify sensitivity of its content, neither should an encrypted email imply that the content is anything but normal.

I encourage you to consider using email encryption on a regular basis, and to convince others to do the same.

How to Start Encrypting Your Email

You probably won’t even need to change your email client in order to start encrypting your email, as encryption plugins exist for every major email software, including Outlook, Outlook Express, Thunderbird, and Eudora.

Thunderbird – A free email client
GnuPG – Free encryption software
GPG4Win – Windows version of the GnuPG software. Also includes a standalone email client, and a plugin for Microsoft Outlook.
Enigmail – An encryption plugin for Thunderbird
My GPG Public Key – What you need to encrypt an email to me.

May 18, 2006

Tom Albrecht

Articles, Privacy, Tom

4 responses to “Why Encryption is Good”

Mark says:

05/23/2006 at 2:00 pm

But then the NSA sees that you are encrypting your email, so they think you are hiding something.

P.S. Be sure to drink your Ovaltine.
Tom says:

05/23/2006 at 2:14 pm

Exactly. Read my last section under religious persecution. Encryption should be the norm, and not the exception. Are people who send letters instead of postcards more suspicious? No… because letters are the norm.
David Carlson says:

10/20/2006 at 11:11 am

It is refreshing to see that PGP has been made useable in real applications such as Thunderbird!

I have been signing my E-Mail with my Thawte Encrypted Authentication Signature for a couple of years now, which allows others to send me encrypted E-Mail, but so far I have not had any of my associates ask me how to do that, or how to prepare to receive encrypted E-Mail.

I would like to have my bank statements E-Mailed to me, but not unless they are securely encrypted. This won’t happen unless a lot of us ask our banks to implement a method such as PGP.

The other advantage to encrypted E-Mail, which you did not mention, is that the source of the E-Mail can be verified(if you trust the authentication service such as Thawte, Verisign, etc.)! This means that SPAM can be readily identified and ignored, deleted, or even automatically reported to the government if it is believed to be illegal impersonation of either yourself or your bank.

Scary, isn’t it?

I agree that all E-Mail should be encrypted.

David Carlson
Kevin says:

11/20/2006 at 6:58 pm

The main problem with email encryption is the lack of a common standard. I’ve mentioned this a few times that the public/private key should be connected to the email address, and that the email server/host should handle this automatically.

Say I want to email fred@yahoo.com. Whether I’m using web based mail or an email client, I should be able to type an email to Fred, and then hit send. When I hit send, instead of sending the email, it sends an inquiry to yahoo and says, “Send me Fred’s public key.” The public key should make it’s way back to my client or browser, which should then encrypt it using that public key, and then sending the encrypted message.

When reading encrypted email, my password to my mailbox should also be my private key password, thereby allowing me to read the emails in plaintext as they are decrypted automatically in my browser or client.

This needs to be implemented in the next email standard.