Why we encrypt
I offer the readers of “Habrakhabr” a translation of the text “Why we encrypt” by the information security guru Bruce Schneier .
Encryption protects our data. It protects our data on computers and in data centers, protects them during transmission over the Internet. Protects our video, audio and text conversations. Protects our personal information. Protects our anonymity. Sometimes it protects our lives.
This protection is important for everyone. It is easy to see how encryption protects journalists, human rights defenders and politicians in authoritarian countries. But encryption also protects everyone else. Protects our data from criminals. Protects against competitors, neighbors and family members. Protects against malicious attacks and accidental incidents.
Encryption works best when it is omnipresent and works without user intervention. You most often use encryption in two cases: HTTPS and encryption of the connection between a mobile phone and a base station, and they work so well precisely because you don’t even think about them.
')
Encryption should be enabled by default, and not as an additional feature that you enable when you are going to do something that is worth protecting.
It is important. If we use encryption only when we work with important data, then the fact of encryption speaks about the importance of data. If only dissidents use encryption in the country, the authorities have an easy way to identify dissidents. But if encryption is used by everyone and always, it ceases to give out the importance of information. No one can distinguish everyday chatter from confidential conversation. The government will not be able to distinguish dissidents from other people. Every time you use encryption, you protect someone who has to use encryption to survive.
It is important to remember that encryption does not provide security in a magical way. When encrypting, there are many ways to do something wrong, and we often read about such cases in the media. Encryption does not protect your computer or phone from hacking; it cannot protect metadata, for example: the e-mail address must remain unencrypted so that your letter can be delivered to the addressee.
But encryption is the most important privacy protection technology we have; a technology that is best suited to protect against mass surveillance like the one that governments use to control the population and which criminals use to find vulnerable victims. By forcing governments and criminals to precisely target their attacks, we protect society.
Today we see governments resisting strong encryption. Many states, from China and Russia to more democratic governments like the US and the UK, are talking about restricting strong encryption. This is dangerous, technically impossible, and such an attempt would seriously harm the security of the Internet.
From the above, this is what follows. First, we must influence companies to offer encryption to everyone by default. And second, we must resist the demands of governments to weaken encryption. Any weakening, even with the goal of ensuring law and order, puts us all at risk. Although criminals benefit from strong encryption, we are all in much greater security if we have strong encryption.
This text was originally published in Securing Safe Spaces Online .
Encryption protects our data. It protects our data on computers and in data centers, protects them during transmission over the Internet. Protects our video, audio and text conversations. Protects our personal information. Protects our anonymity. Sometimes it protects our lives.
This protection is important for everyone. It is easy to see how encryption protects journalists, human rights defenders and politicians in authoritarian countries. But encryption also protects everyone else. Protects our data from criminals. Protects against competitors, neighbors and family members. Protects against malicious attacks and accidental incidents.
Encryption works best when it is omnipresent and works without user intervention. You most often use encryption in two cases: HTTPS and encryption of the connection between a mobile phone and a base station, and they work so well precisely because you don’t even think about them.
')
Encryption should be enabled by default, and not as an additional feature that you enable when you are going to do something that is worth protecting.
It is important. If we use encryption only when we work with important data, then the fact of encryption speaks about the importance of data. If only dissidents use encryption in the country, the authorities have an easy way to identify dissidents. But if encryption is used by everyone and always, it ceases to give out the importance of information. No one can distinguish everyday chatter from confidential conversation. The government will not be able to distinguish dissidents from other people. Every time you use encryption, you protect someone who has to use encryption to survive.
It is important to remember that encryption does not provide security in a magical way. When encrypting, there are many ways to do something wrong, and we often read about such cases in the media. Encryption does not protect your computer or phone from hacking; it cannot protect metadata, for example: the e-mail address must remain unencrypted so that your letter can be delivered to the addressee.
But encryption is the most important privacy protection technology we have; a technology that is best suited to protect against mass surveillance like the one that governments use to control the population and which criminals use to find vulnerable victims. By forcing governments and criminals to precisely target their attacks, we protect society.
Today we see governments resisting strong encryption. Many states, from China and Russia to more democratic governments like the US and the UK, are talking about restricting strong encryption. This is dangerous, technically impossible, and such an attempt would seriously harm the security of the Internet.
From the above, this is what follows. First, we must influence companies to offer encryption to everyone by default. And second, we must resist the demands of governments to weaken encryption. Any weakening, even with the goal of ensuring law and order, puts us all at risk. Although criminals benefit from strong encryption, we are all in much greater security if we have strong encryption.
This text was originally published in Securing Safe Spaces Online .
Source: https://habr.com/ru/post/262103/
All Articles