Regarding Privacy, Security, and EFFective Encryption

 Courtesy  Leonardo Rizzi

It's no secret that nowadays, your data can [likely] be accessed by anyone under the sun. If it IS new to you, well, then hold on to your butts.

In 2017 alone, tens of millions of records were stolen or leaked and we're only in August so far. By far some of the biggest of those are from telecom and wireless providers like Verizon and Bell, arguably some of the companies who should benefit most from having secure practices and bulwarks against cyber-crime. The blame here though isn't one solely of the corporations in control of that data, but also the producers of said data.

One estimate says that we produce an average of 2.5 quintillion (that's 2.5 followed by 17 zeroes, or 2,500,000,000,000,000,000 for you visual folks) bytes of data annually. Converted to something perhaps more reasonable, that'd be 2.5 million terabytes per year - even more reasonable, that'd be roughly one billion (with a B) iPhones worth of data. Check out this infographic by Ben Walker for some interesting comparisons, notably that this amount of data would have to be stored on 10 million blu-ray discs, which would stack as high as four Eiffel Towers.

"I've Got Nothing to Hide"

Now that I've sufficiently bored you with math, on to discussion. Often the argument I hear when talking to people about why they should be encrypting their data or protecting their privacy is "Why should I? I've got nothing to hide." Yes, that may be what you tell yourself, but it's inherently false. Consider this: You're at Starbucks, chatting to your partner about your workday. As you're mulling over your coffee, you don't shout for everyone around you to hear I assume. I also assume that if someone with a notebook were to stop next to the table you were sitting at conversing with them, you'd bristle up and demand to know their reason for standing there. That right there is the reasoning on why privacy is important, and people are implicitly granted and often vehemently expect it.

Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.
— Edward Snowden

Now let's imagine the person next to your table opens the notebook, ready to write. You don't know what they're listening for, what they might be watching for, nothing. You see them scribble something here and there. Sounds uncomfortable, no? This in turn would likely lead to you and your partner leaving, or, if you were for some reason comfortable with this intrusion, beginning to watch what you say lest they jot it down. This is the chilling effect of non-consensual surveillance, and consensual surveillance to some degree. This is a rather benign and silly example, but it happens on a Big, digital, panoptic scale every day, and you can't walk out of that arena so easily.

The irony: freedoms are not being taken away, we are just afraid to use them.
— Tijmen Schep

Privacy vs. Security vs. Secrecy

So now, you might be sold on the premise of privacy. So you commit to reading through privacy policies and terms of service, or something close to that anyway, turn off locations services and recent places on your phone, and limit your ability to be tracked (to the best of your ability). You, who didn't click those links, please go back and do so.

So you're good, right? Ehh, not so much. Don't get me wrong, these are fantastic places to start.  But your best bet on keeping your information secure (think: under lock and key) is to make sure your passwords are strong (better yet, use a password manager) and you can ensure your crucial websites utilize HTTPS. Luckily for you, most websites default to this (check your browser for a little green lock in the address bar - if it's there, you're good! For the lazy among us, myself included, the EFF has a great tool for this.)

That little green lock basically ensures that even if a hacker happens to be watching what you send and receive to and from Mr. JP Morgan Chase, he only gets to see black envelopes versus your account number, passwords, or worse/more. HTTPS isn't perfect, but it's moving the internet forward in the right direction, and can only get better. There's many more back-end tech and other tools to talk about, but that's for another time. We're aiming for simple for now.

Going back to the argument above, being "What's the need for security if I've got nothing to hide?" Well you sir are flat out wrong. You have nothing to hide in your home or car, and yet you lock those to keep thieves from taking your electronics or cash. The USPS is not allowed to open packages or envelopes addressed to you under federal penalties. The same should apply in the digital world.

Alternatively, think of it this way: everyone knows what you do in the bathroom, that's no secret. But it takes someone special to do it with the door open, much more so in public, all the time. H/t to Cory Doctorow for this analogy.

Again, while it might not be a secret what you're doing, you wouldn't want someone peering over your shoulder to see exactly what it is. When even those with the most direct line to your most secret of secrets go all in-on privacy and encryption, it stands to reason you probably should too.




So let's recap. 2.5 quintillion bytes of data annually that needs protecting. Tens of millions of people that produced said data had it stolen.

Not all that needs to be a secret, but it should be private. Even more so, it should be secure.  There indeed have been some wins lately, but much of that has been because of private companies standing up for their consumers - WHICH THEY SHOULD. Do you read me? Apple preventing entities that are not you - the sole owner - from accessing an iPhone or Apple mobile device is a GOOD thing. But don't get it twisted. We are the driving force of this progress.

So what do you do? Among the tools and strategies linked and discussed above:

I sincerely hope this helps clear things up a bit on what privacy/security/secrecy really is, how it affects you, and how important it is.

I also hear often that encryption is only for criminals. Well, actually it's for everyone. But if they're the only ones using it, who's really the smart people here?

Also, shouts out Chelsea Manning.

*Please note: Not an ad or anything for the EFF - just a big fan.