Watchlist: Encryption

What are we talking about?

Encryption puts information into a secret code so that only those with the correct ‘key’ can read it. If you send an encrypted message to a friend, as it travels to its destination, the message will be unreadable to the networks that control the wires of the internet. Only when your friend decrypts that message with her key will it become readable again, which often happens in an instant. In the context of digital information, such as on your computer and mobile phone, encryption protects important information like your internet banking details, credit card numbers and passwords from being stolen. Encryption is also important to protect your privacy on the web, and stop your personal information or messages from being eavesdropped on.

Who does it effect?

Everyone who uses the internet. The simple fact that you’re reading this right now means that encryption is directly relevant to you. The entire modern banking system and many websites rely on encryption to work properly.

What are the key policy issues?

Encryption protects the safety and privacy of ordinary users of the internet as they go about their daily lives, but it can also be used by criminals to hide their activities. Intelligence and law enforcement agencies are increasingly looking for ways to break or weaken encryption to access information as part of specific investigations and broader surveillance activities.

The problem with this is that by weakening encryption, the safety of internet users everywhere is undermined. It’s a bit like if the police created a key which could open the door of every home in Australia – it might help police with their investigations, but if it gets lost or stolen or copied by criminals, everyone could be at risk. And many criminals will do anything to get their hands on that key! Without strong encryption, it is much easier for hackers and fraudsters to steal important information like your credit card number or bank account details, or commit other sorts of crimes involving your data. Finding the right balance between allowing security and intelligence agencies to do their jobs, and protecting the rights of ordinary people to safety and privacy is at the heart of the policy debate about encryption today.

What can I do about it?

There are a number of things you can do to improve your personal security online using encryption. Things you can do right now include:

  • Use a messaging app with End-to-End encryption such as Signal or Telegram.
  • Never send passwords, PINs or important private information in plain text emails. Many email providers offer options to encrypt your emails, which is an option worth considering.
  • Install HTTPS Everywhere, a browser extension made by the Electronic Frontier Foundation which will encrypt your communication with many major websites.
  • When shopping online, always look for the https:// in the URL. If the URL begins with http:// do not enter your credit card details or other important information (for more information on how to tell if a website is secure, go here).

Where can I find out more?

  • See the Electronic Frontier Foundation’s Encrypting the Web
  • Visit the UK Government-supported Get Safe Online
  • Read consumer advocate CHOICE’s guide to email encryption.
  • Contact your bank or other service providers or visit their websites to learn about the security measures they have in place.