Why Encrypt?

First off, encryption is having your plain english message look like this...

hQEMA9AqdZr/mrO9AQgAr+hD+MLFFgUNwPpQkLduA3lXWu5vBOeejMf6EEWoYv4K Ru/JZk9yiwTjKHfIJQ3DKSMzXgDm7iIAbCzhzSq0Kr+1y7pLiDX5fqJhzs/ITAzw mvgwPkFoqFwh3JMrMo39LUztLVb7CmYRGHW2stJvg8AKq+nTJJr2JbAIX3YipinE 12CjPzZgbrGhbzu+64W+cW5uk990WbK8Tvs9SxPJuNlQ71tgw34Cyiw7eciqnayo 6YeP+nQRMO6k3MTzjaO8ynMVhzCE1iHOTAyazu16tV8NPJhuRjQC4OZmbYk9agWW PzJfUuUyqZ6BMoc/K3Bkz24FZftsJWT/6XvmsRN0t6UDzdXWikM9dvCI2ToVhUKe xSGvKdPKxs1b9dsFwu8SEFCTtXTizs9deu+QtxRhVT0OfR7RAxmYkHYClNyuNYCG Nl1DFZ38xJXO9DpItGI287Dqx6QwDAP3xKkmOEii3/FP8TtLwZr8uHzFCjfES3Nr 1oaKQgs5cYEZTcNSRDmZGRmDbCzSliIAxiztX1ITimAOPZEUmuolKV9OTnfe866h a8/y6wzZf6upWjZpfULVuMyDDpGnhs48Fo3fs74hxkV73l52aeGa47UJUayjqH+Y V8+dpdSgYsbwTTThlsplJf9wgGRBZoaK/pifLc6XW9pkHffA4b5GswNn49rdpbDy

...Obviously unreadable.

If you listen to the police and FBI, you would believe that only unsavory individuals such as drug dealers, pornographers, terrorists, and spies encrypt their E-mail and computer files. However, ordinary individuals might want to Encrypt and here are some reasons...

* Two lovers exchanging love notes via E-mail might want to encrypt them. To the lovers, these notes may seem only amorous. Others might view them, however, as erotic or even worse. In any case, these notes should be protected from others viewing them.

* The development team for a company's new product should definitely encrypt all E-mail regarding the product. Prior to the product being patented, the company's policies should mandate encryption. But even after receiving the patent, marketing and pricing plans, expected production volume, and other such information should also be protected. Thus, not only should E-mail be encrypted, but so should data files.

* A wife and husband share a PC and an Internet account. They can see each other's E-mail. While the wife has access to her husband's private key, he keeps his passphrase only in his head. Because he is concerned that she might pick up the telephone at the wrong time, his plans for a surprise birthday party for his wife are made via encrypted E-mail.

* Union leaders planning a job action should definitely encrypt all E-mail to each other and to anyone else involved. Members of the flight attendants' union at Northwest Airlines learned this lesson the hard way. When their job action became a wildcat strike against the airline, the airline filed a lawsuit against the union. To support its case, the company obtained a court order to seize the personal computers of some employees so that files on the hard drives could be copied and examined. Northwest was looking for E-mail and other evidence that union leaders conspired to conduct a strike that was contrary to the existing labor contract. The subpoenas were issued without any prior warning to the owners of the PCs. They were served at the same time the computers were seized. The airline was then able to browse through all files on each hard drive, not merely files related to the strike. If you want to keep anything on a home computer that you do not want your employer (or anyone else) to see, the file should most definitely be encrypted. It is far too late to start erasing files when a subpoena is thrust into your hand.

* On my PC at work (before I retired), I kept a file containing a list of all my credit cards with the account numbers and the phone numbers of the issuers. I might want to talk to an issuer about my account during their business hours, which coincided with my work hours. Of course, this file was encrypted.

* Father William J. Morton (an Episcopal priest in Canada) sometime counsels members of his church via E-mail. Such sensitive communications are encrypted.

* A company is bidding on a major government project in competition with other companies. For submitting their final bid, the bid team is traveling to the site where the work will be done. Their bid data are on laptop computers the team is carrying. These data include their cost estimates, lists of key employees who will work on the project, technical details on how the project will be accomplished, and spreadsheets they will use to make the final adjustments in their bid after they examine the site. Even if the company has never previously been a victim of industrial espionage, all files on the laptops should be encrypted.

* 60 Minutes on 27 February 2000 described how a super-spy project of the United States (with help from Canada, the United Kingdom, New Zealand, and Australia) intercepts phone calls and E-mail. Even a slang use of bomb (e.g., describing a great automobile or a really bad stage play) in a supposedly private E-mail message can trigger an investigation of the sender and recipient. In the aftermath of the 11 September 2001 terrorist attacks, the FBI now has the authority to intercept E-mail messages without a judge issuing a search warrant. If this offends you, you definitely should encrypt your E-mail.

* When I took my PC for repairs, I encrypted all files containing my personal financial data and certain other personal files.

* A real estate developer wants to build a new shopping center. The land is owned by six different individuals. If the plans were leaked before the developer can buy all six parcels, the price of each parcel would jump. E-mail between the developer, his attorney, and his real estate broker should be encrypted.

* A school district is involved in intense contract negotiations with the union representing its 3,000 teachers. The district's Superintendent of Education wants to instruct her hired negotiator regarding the district's absolute limit on salaries and benefits while allowing the negotiator to possibly get the teachers to settle for less. The superintendent suspects that staff members in the district's headquarters sympathetic to the teachers have been eavesdropping on her phone calls and listening at her office door. She sends encrypted E-mail to the negotiator.

* The CEOs of two corporations are discussing a merger. They exchange E-mail messages, which must be kept from other companies that might want to interfere.

* A company offers employment to a top executive at another company, who does not yet want his current employer to know he is leaving. Since many employers routinely monitor and read E-mail on their company computers, any E-mail exchanged during contract negotiations should be encrypted.

* Anyone who provides information to a lawyer regarding a lawsuit or criminal case via E-mail should use encryption to ensure confidentiality. With U.S. Attorney-General now having the FBI listening to phone conversations between lawyers and their clients without any judicial supervision through a warrant or court order this has new importance if the attorney-client privilege is to be preserved.

* Roger Cardinal Mahony (Roman Catholic archbishop of Los Angeles) should have encrypted the E-mail he sent to his diocese's attorney. As in other Roman Catholic dioceses across the United States, the church in Los Angeles has been wracked with claims that priests sexually molested children. E-mail messages from Mahony to his attorney in which he apparently confirms the reality of the claims, admits prior knowledge of the molestations, and even comments on a cover-up of the cases were read on KFI-AM radio and published in the Los Angeles Times in April 2002. An FBI investigation into how 60 E-mail messages from Mahony to his lawyer regarding civil lawsuits were copied and sent to the media will provide little consolation to the Cardinal, a case of closing the barn door after the horse escaped.

* According to one company's internal User's Guide to PGP, encryption should be used when sending information that: o Would cause us to lose our technology advantage if the information falls into competitor's hands o Is a trade secret o Could mean loss of business if given to the competitor o Contains personnel information

* According to an article in the "Business" section of the Los Angeles Times ("Laptop seizure raises concerns over firms' data", 4 November 2006), agents of U.S. Customs and Border Protection have the right not only to examine laptop computers carried by international travelers including laptops carried by U.S. citizens but also to seize them, all without any warrants. While they are searching for child pornography, proprietary business data are placed at risk. This is not peculiar to the U.S. Any international traveler carrying a laptop should definitely encrypt all files containing sensitive, confidential, or merely embarrassing data.

* As noted in the Ventura County Grand Jury 2005-2006 Final Report, the practice of using a commercial service to archive unencrypted data places sensitive data such as payroll and personnel records at risk of unauthorized disclosure.

The loss or theft of removable data media is a recognized problem affecting financial institutions, government agencies, colleges, and other organizations. Instances of this loss may lead to the compromise of sensitive data and the possibility of identity theft using those data. [citing a 28

April 2006 news article in the Boston Globe]

Although no such loss had yet impacted Ventura County, the Grand Jury recommended... When backing-up data, all files should be encrypted before release outside of the ISD [Information Services Department]. Only designated security personnel within ISD should have access to the related decryption keys.

Of course, a little thought would add more entries to this list. If such information were hardcopy on paper, it would be in a filing cabinet with a lock or even in a safe. Encryption provides an electronic safe where this information can still reside on a computer or even in a company's computer network, where access remains convenient.

Nothing sinister should be inferred when someone wants to keep personal data and private communications secret. Like sealing a personal letter into an envelope for postal mail or locking a checkbook into a desk drawer, Encryption seals E-mail and keeps files safe. Of course, if proper care is taken,it is far stronger than any envelope or desk drawer.

Someone who read this page wrote to me, suggesting that all messages and files should be encrypted, thereby confusing any snoop by hiding important data among trivial data. This concept was used by Edgar Allen Poe in his The Purloined Letter. To me, this would be more bother than it is worth. Since I am not a drug dealer, pornographer, terrorist, spy, or otherwise committing a felony, I do not really need to hide my important data. Encryption is sufficient. The effort and cost of decrypting my encrypted files exceed the value of the data I have secured.

That same writer expressed concern that the mere use of encryption could be dangerous. "A corrupt or corrupted regime will use your use of encryption as de facto evidence of criminal/treasonous behavior." This is indeed valid. In some nations, the mere use of encryption may be a crime, although that cannot be confirmed. He then argues that more widespread and routine use of encryption would temper such suspicions. I am not sure that would be true with a paranoid government.



I do use "PGP", (Pretty Good Privacy) and "FireTrust Encrypt" to encrypt confidential files and send secure personal and confidential email such as medical and financial information, and of course to share certain passwords with family and friends to private pages on my website, ---some of which are encrypted also.

It's personal. It's private. And it's no one's business but yours. You may be planning a political campaign, discussing your taxes, or having an illicit affair. Or you may be doing something that you feel shouldn't be illegal, but is. Whatever it is, you don't want your private electronic mail (E-mail) or confidential documents read by anyone else. There's nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution, and encryption can insure that privacy.