Article 12 of the UN’s Universal Declaration of Human Rights states that “no one shall be subjected to arbitrary interference with his privacy, family, home, or correspondence.”
It’s that last one that’s gotten everyone’s attention lately. Just how private is your correspondence online?
Depending on your politics, NSA whistleblower Edward Snowden is either a vile turncoat or a revered hero, but either way he has advice on how to stay two steps ahead of the NSA.
He held an awesome “press conference” of sorts on The Guardian’s website, taking written questions from readers and typing out his answers online.
We were most intrigued by his response to a question about encryption. If someone wants to stay off the NSA’s radar, could he or she encrypt emails and send them without arousing any suspicion?
Snowden’s response: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.”
A brief caveat before we dive in deeper with encryption. This whole “NSA domestic spying” news item is weird and scary, sure, but it has much more to do with the “connectivity matrix,” or the relationship that exists between personal and commercial computers all around the world and the fact that the NSA can exploit it. Yes, your privacy matters, but the real issue raised here is that the NSA can basically use a “cheat code” to become all-powerful in the internet “video game.”
That said, it’s useful to know how to effectively encrypt your email. Let’s talk about PGP encryption, one of the most popular ways of doing so.
PGP stands for “Pretty Good Privacy.” It uses two “keys,” one publicly viewable to the world, the other kept solely to yourself. You can generate PGP keys to your heart’s content using the free tool at iGolder and a number of other services around the web.
Here’s a sample public key:
ScreenshotThis looks like a random string of numbers and letters to you, but to a computer, it’s a set of instructions on how to properly encode a message. But this is only half of the recipe, because for every public key freely available to the world, there’s a private key that the recipient keeps locked away.
Here’s the private key that’s tied to the public key above:
ScreenshotIt’s pretty much the same story here – random nonsense characters. But your computer looks at this and sees the instructions on how to properly decode any messages that were encoded using the public key above.
If we want to send the message “Hello world.” to a recipient using our example public key, we use an encryption tool (also freely available at iGolder and elsewhere around the web). Copy and paste the recipient’s public key into the appropriate box, then type out your message as you normally would.
ScreenshotThe last step is easy. Just click on “Encrypt Message” and it spits out your very unreadable secret email:
ScreenshotThen copy and paste this into a new email and press send:
ScreenshotYou’ve officially unleashed an encrypted message into the world. Since it looks like a bunch of nonsense, it contains no keywords that could trigger any alarms at the NSA. And if the message should somehow be intercepted, no one would have the first idea what to do with it.
Think of PGP encryption like a Star Trek transporter. Instead of disassembling a human being’s atoms and reassembling them elsewhere, we’re breaking down written language, emailing the “junk,” and then having the recipient turn the junk into a readable email using his private key.
Nico Sell is the founder of Wickr, a mobile security app that boasts a slew of features like “self-destructing” messages that disappear after a preset amount of time and Dropbox integration. But its greatest strength (other than its “military-grade encryption”) is how user-friendly it is. By bringing this PGP-style encryption method to your phone as a non-threatening and intuitive app, Wickr might just be the ticket to a world where even your technophobic uncle is sending you encoded emails.
Sell told Business Insider that both her three-year-old son and 70-year-old mother use Wickr all the time.
How well does PGP work? Well enough that it’s been actively used since it was introduced in 1991, making for 22 years of active privacy-protecting service. And in internet time, this makes PGP a grizzled but fearsome veteran. Just take it from Sell, who told us: “When it comes to email, PGP’s about as good as it gets.”
Let’s revisit the last half of Snowden’s comment. He said: “endpoint security is so terrifically weak that NSA can frequently find ways around it.”
While “endpoint security” encompasses a lot of different ideas – everything from using strong unguessable passwords to setting up a firewall – we presume that Snowden is referring to the potential for someone to gain hardware-level access to your computer.
You’ve seen this happen before in cheesy thriller movies. A hacker sits down at a computer, whacks a few keys, and someone else’s desktop appears on the minitor. The hacker reclines in his chair and watches everything this faraway other person does on his computer, every word typed, every website visited.
While we strongly doubt it’s that casual, it’s far from impossible and the NSA would be just the organisation to gain hardware-level access to someone’s computer. An uninvited guest watching you go about your business online would obviously be troublesome for anyone, but people who make heavy use of PGP encryption have their own set of worries here – what good is an encrypted message when someone watches you type it out in plaintext ahead of time?
We assume that authorities would only monitor someone’s computer on the hardware level if that person made his way onto a watch list by engaging in suspicious behaviour. So for the Regular Joes out there, PGP is a really solid bet on making sure that your sensitive message arrives safely to the intended recipient.
Anyone who’d like to give this a shot is welcome to email me using my own public key here.
Business Insider Emails & Alerts
Site highlights each day to your inbox.