Why Encrypt?
First off, encryption is having your plain english message look like this...
hQEMA9AqdZr/mrO9AQgAr+hD+MLFFgUNwPpQkLduA3lXWu5vBOeejMf6EEWoYv4K
Ru/JZk9yiwTjKHfIJQ3DKSMzXgDm7iIAbCzhzSq0Kr+1y7pLiDX5fqJhzs/ITAzw
mvgwPkFoqFwh3JMrMo39LUztLVb7CmYRGHW2stJvg8AKq+nTJJr2JbAIX3YipinE
12CjPzZgbrGhbzu+64W+cW5uk990WbK8Tvs9SxPJuNlQ71tgw34Cyiw7eciqnayo
6YeP+nQRMO6k3MTzjaO8ynMVhzCE1iHOTAyazu16tV8NPJhuRjQC4OZmbYk9agWW
PzJfUuUyqZ6BMoc/K3Bkz24FZftsJWT/6XvmsRN0t6UDzdXWikM9dvCI2ToVhUKe
xSGvKdPKxs1b9dsFwu8SEFCTtXTizs9deu+QtxRhVT0OfR7RAxmYkHYClNyuNYCG
Nl1DFZ38xJXO9DpItGI287Dqx6QwDAP3xKkmOEii3/FP8TtLwZr8uHzFCjfES3Nr
1oaKQgs5cYEZTcNSRDmZGRmDbCzSliIAxiztX1ITimAOPZEUmuolKV9OTnfe866h
a8/y6wzZf6upWjZpfULVuMyDDpGnhs48Fo3fs74hxkV73l52aeGa47UJUayjqH+Y
V8+dpdSgYsbwTTThlsplJf9wgGRBZoaK/pifLc6XW9pkHffA4b5GswNn49rdpbDy
...Obviously unreadable.
If you listen to the police and FBI, you would believe that only unsavory
individuals such as drug dealers, pornographers, terrorists, and spies
encrypt their E-mail and computer files. However, ordinary individuals might
want to Encrypt and here are some reasons...
* Two lovers exchanging love notes via E-mail might want to encrypt
them. To the lovers, these notes may seem only amorous. Others might
view them, however, as erotic or even worse. In any case, these notes
should be protected from others viewing them.
* The development team for a company's new product should definitely
encrypt all E-mail regarding the product. Prior to the product being
patented, the company's policies should mandate encryption. But even
after receiving the patent, marketing and pricing plans, expected
production volume, and other such information should also be protected.
Thus, not only should E-mail be encrypted, but so should data files.
* A wife and husband share a PC and an Internet account. They can see
each other's E-mail. While the wife has access to her husband's private
key, he keeps his passphrase only in his head. Because he is concerned
that she might pick up the telephone at the wrong time, his plans for a
surprise birthday party for his wife are made via encrypted E-mail.
* Union leaders planning a job action should definitely encrypt all
E-mail to each other and to anyone else involved. Members of the flight
attendants' union at Northwest Airlines learned this lesson the hard
way. When their job action became a wildcat strike against the airline,
the airline filed a lawsuit against the union. To support its case, the
company obtained a court order to seize the personal computers of some
employees so that files on the hard drives could be copied and examined.
Northwest was looking for E-mail and other evidence that union leaders
conspired to conduct a strike that was contrary to the existing labor
contract. The subpoenas were issued without any prior warning to the
owners of the PCs. They were served at the same time the computers were
seized. The airline was then able to browse through all files on each
hard drive, not merely files related to the strike. If you want to keep
anything on a home computer that you do not want your employer (or
anyone else) to see, the file should most definitely be encrypted. It is
far too late to start erasing files when a subpoena is thrust into your
hand.
* On my PC at work (before I retired), I kept a file containing a list
of all my credit cards with the account numbers and the phone numbers of
the issuers. I might want to talk to an issuer about my account during
their business hours, which coincided with my work hours. Of course,
this file was encrypted.
* Father William J. Morton (an Episcopal priest in Canada) sometime
counsels members of his church via E-mail. Such sensitive communications
are encrypted.
* A company is bidding on a major government project in competition with
other companies. For submitting their final bid, the bid team is
traveling to the site where the work will be done. Their bid data are on
laptop computers the team is carrying. These data include their cost
estimates, lists of key employees who will work on the project,
technical details on how the project will be accomplished, and
spreadsheets they will use to make the final adjustments in their bid
after they examine the site. Even if the company has never previously
been a victim of industrial espionage, all files on the laptops should
be encrypted.
* 60 Minutes on 27 February 2000 described how a super-spy project of
the United States (with help from Canada, the United Kingdom, New
Zealand, and Australia) intercepts phone calls and E-mail. Even a slang
use of bomb (e.g., describing a great automobile or a really bad stage
play) in a supposedly private E-mail message can trigger an
investigation of the sender and recipient. In the aftermath of the 11
September 2001 terrorist attacks, the FBI now has the authority to
intercept E-mail messages without a judge issuing a search warrant. If
this offends you, you definitely should encrypt your E-mail.
* When I took my PC for repairs, I encrypted all files containing my
personal financial data and certain other personal files.
* A real estate developer wants to build a new shopping center. The land
is owned by six different individuals. If the plans were leaked before
the developer can buy all six parcels, the price of each parcel would
jump. E-mail between the developer, his attorney, and his real estate
broker should be encrypted.
* A school district is involved in intense contract negotiations with
the union representing its 3,000 teachers. The district's Superintendent
of Education wants to instruct her hired negotiator regarding the
district's absolute limit on salaries and benefits while allowing the
negotiator to possibly get the teachers to settle for less. The
superintendent suspects that staff members in the district's
headquarters sympathetic to the teachers have been eavesdropping on
her phone calls and listening at her office door. She sends encrypted
E-mail to the negotiator.
* The CEOs of two corporations are discussing a merger. They exchange
E-mail messages, which must be kept from other companies that might want
to interfere.
* A company offers employment to a top executive at another company, who
does not yet want his current employer to know he is leaving. Since many
employers routinely monitor and read E-mail on their company computers,
any E-mail exchanged during contract negotiations should be encrypted.
* Anyone who provides information to a lawyer regarding a lawsuit or
criminal case via E-mail should use encryption to ensure
confidentiality. With U.S. Attorney-General now having the FBI listening
to phone conversations between lawyers and their clients without any
judicial supervision through a warrant or court order this has new
importance if the attorney-client privilege is to be preserved.
* Roger Cardinal Mahony (Roman Catholic archbishop of Los Angeles)
should have encrypted the E-mail he sent to his diocese's attorney. As
in other Roman Catholic dioceses across the United States, the church in
Los Angeles has been wracked with claims that priests sexually molested
children. E-mail messages from Mahony to his attorney in which he
apparently confirms the reality of the claims, admits prior knowledge of
the molestations, and even comments on a cover-up of the cases were
read on KFI-AM radio and published in the Los Angeles Times in April
2002. An FBI investigation into how 60 E-mail messages from Mahony to
his lawyer regarding civil lawsuits were copied and sent to the media
will provide little consolation to the Cardinal, a case of closing the
barn door after the horse escaped.
* According to one company's internal User's Guide to PGP,
encryption should be used when sending information that:
o Would cause us to lose our technology advantage if the
information falls into competitor's hands
o Is a trade secret
o Could mean loss of business if given to the competitor
o Contains personnel information
* According to an article in the "Business" section of the Los Angeles
Times ("Laptop seizure raises concerns over firms' data", 4 November
2006), agents of U.S. Customs and Border Protection have the right not
only to examine laptop computers carried by international travelers
including laptops carried by U.S. citizens but also to seize them, all
without any warrants. While they are searching for child pornography,
proprietary business data are placed at risk. This is not peculiar to
the U.S. Any international traveler carrying a laptop should definitely
encrypt all files containing sensitive, confidential, or merely
embarrassing data.
* As noted in the Ventura County Grand Jury 2005-2006 Final Report, the
practice of using a commercial service to archive unencrypted data
places sensitive data such as payroll and personnel records at risk of
unauthorized disclosure.
The loss or theft of removable data media is a recognized problem
affecting financial institutions, government agencies, colleges, and
other organizations. Instances of this loss may lead to the compromise
of sensitive data and the possibility of identity theft using those
data. [citing a 28
April 2006 news article in the Boston Globe]
Although no such loss had yet impacted Ventura County, the Grand Jury
recommended...
When backing-up data, all files should be encrypted before release
outside of the ISD [Information Services Department]. Only designated
security personnel within ISD should have access to the related
decryption keys.
Of course, a little thought would add more entries to this list. If such
information were hardcopy on paper, it would be in a filing cabinet with a
lock or even in a safe. Encryption provides an electronic safe where this
information can still reside on a computer or even in a company's computer
network, where access remains convenient.
Nothing sinister should be inferred when someone wants to keep personal data
and private communications secret. Like sealing a personal letter into an
envelope for postal mail or locking a checkbook into a desk drawer,
Encryption seals E-mail and keeps files safe. Of course, if proper care is
taken,it is far stronger than any envelope or desk drawer.
Someone who read this page wrote to me, suggesting that all messages and
files should be encrypted, thereby confusing any snoop by hiding important
data among trivial data. This concept was used by Edgar Allen Poe in his The
Purloined Letter. To me, this would be more bother than it is worth. Since I
am not a drug dealer, pornographer, terrorist, spy, or otherwise committing
a felony, I do not really need to hide my important data. Encryption is
sufficient. The effort and cost of decrypting my encrypted files exceed the
value of the data I have secured.
That same writer expressed concern that the mere use of encryption could be
dangerous. "A corrupt or corrupted regime will use your use of encryption as
de facto evidence of criminal/treasonous behavior." This is indeed valid. In
some nations, the mere use of encryption may be a crime, although that
cannot be confirmed. He then argues that more widespread and routine use of
encryption would temper such suspicions. I am not sure that would be true
with a paranoid government.
I do use "PGP", (Pretty Good Privacy) and "FireTrust Encrypt" to encrypt
confidential files and send secure personal and confidential email such as
medical and financial information, and of course to share certain passwords
with family and friends to private pages on my website, ---some of which are
encrypted also.
It's personal. It's private. And it's no one's business but yours. You may
be planning a political campaign, discussing your taxes, or having an
illicit affair. Or you may be doing something that you feel shouldn't be
illegal, but is. Whatever it is, you don't want your private electronic
mail (E-mail) or confidential documents read by anyone else. There's
nothing wrong with asserting your privacy. Privacy is as apple-pie as the
Constitution, and encryption can insure that privacy.