Economic Privacy


Tyrone Monday June 2, 2014

The first thing you should learn how to do in your programme to secure a future with greater economic privacy for yourself and those you care about is: encrypt.

Learn about encryption. Learn what it is, what it does, what it protects, and how well it does these things. Learn, also, what it isn't, what it cannot do, and what can be done to you to break or circumvent your encryption. Once you have some understanding of encryption as a concept and as a technology, go get some.

It turns out that the last step has become increasingly easy to implement. The "Enigmail" plug-in for Mozilla Thunderbird e-mail application is easy to use. It allows you to create your own encryption key-pair. You can set up your e-mail account in Thunderbird to encrypt by default, which means that it will bring up a screen asking you to identify the encryption keys you want to use, or select "do not encrypt," in those cases where you don't have an encryption key for one of your correspondents.

You correspond, for the most part, with people you care about, right? Otherwise, why bother? So, you really want to encourage those people to learn and use encryption, too. That way, the people you care about are doing useful things to secure their own future with greater economic privacy.

What Is Encryption?
Encryption is a technique for substituting "cipher-text" or seemingly-random characters for "clear text." In the old days, going back to ancient times, substitution codes were worked out manually. Some readers may remember "secret agent decoder rings" and other toys used in writing and reading codes. Today, substitution ciphers are not very secure. The secure forms of encryption all use mathematics to obtain better results.

Also in the old days, as recently as the Second World War, top secret codes were kept secret. The people transmitting the cipher text often did not know the code for what they were sending, they only knew the cipher text to be sent. Of course, as soon as spies obtained a copy of the enemy's code book, they were able to break the code. Even when secret codes were implemented by machines, such as the famous-among-code-geeks Enigma machine of the German military during WW2, the capture of the machine, or even just key parts of the machine, could make it possible to break the code. Secret codes turn out to be only as secure as the ability to keep the secret.

Today's best codes are published. Code writers or "cryptographers" to use the Latin word for the same concept are mostly mathematicians, mostly interested in very difficult mathematical problems like factoring very large numbers, and entirely dedicated to posting their results in public. Published results mean published critiques. Since the 1970s, publishing the source code of cryptographic techniques has resulted in exceptionally effective coding systems. All known mathematical "attacks" against a given code system are tried and the results published so that the effectiveness of a given coding system is well understood.

Public Key Cryptography
It has been known for many decades that if you take two very large prime numbers and multiply them together, that operation is simple and easy. The reverse operation, taking the product of two large prime numbers and factoring that number into the two relevant prime numbers, is not so easy to accomplish. As a result, prime numbers play an important role in what is called "public key cryptography."

Public key cryptography works by having a computer use random data available to it, such as the movements of a mouse or the intervals between keystrokes from a keyboard, and "generating" a pair of very large prime numbers. "Pretty Good Privacy" or PGP has been a widely used application of this technique since about 1991. It works with prime numbers as large as 4096 bits.

After your computer has generated a key pair, which is basically a pair of very large prime numbers, you will have a public key and a private key that are associated. The public key is used by anyone to encrypt messages to you. So, you can publish that key on a web site, on a key server, or simply send it around to your e-mail correspondents. You don't have to worry about it being compromised, because it isn't very useful without the private key.

Your private key is secured on your computer by a passphrase. You should choose a password that is long and complicated for best results. If you have difficulty remembering a long passphrase, you can build one from things you think about often, such as the names of sports teams, vital statistics, or events in your life. You should avoid using things that other people can learn about you, such as your birth date, the birthdays of people you are close to, and so forth. The private key of your key pair is used to decrypt messages that have been encrypted using the public key. That operation is possible if you have both the public and the private key, and very difficult if you don't.

Recently, Edward Snowden revealed that the National Security Agency has broken the encryption scheme used by secure web sites. That encryption typically uses 128-bit encryption keys, so it is probable, though not certain, that the NSA has not broken the 4096-bit encryption used by many PGP users. Even if they have, you are better off using encryption to secure your economic privacy from everyone other than the NSA.

Why Does It Matter?
Encryption is important for the same reason that you use envelopes when mailing letters rather than postcards. Yes, it is possible for someone to stop a piece of mail in transit and remove the letter without destroying the envelope, read it or copy it, and put it back in the envelope, without you noticing, but it is very difficult. Obviously, anyone who encounters your postcard can read it. So, most people use envelopes much of the time.

Any e-mail message you send goes across the Internet using whatever route is available. You have no way of knowing what happens at intermediate servers. It now turns out, as Snowden revealed, that the NSA has been making copies of nearly all Internet traffic that goes through the United States, which is a very large percentage of the total. Nothing prevents any company that runs nodes on the Internet from making copies of all the traffic that passes across their servers, or across their routers. Only by encrypting the messages you send can you have at least some privacy from such attacks.

How To Do It Wrong
There are right ways and wrong ways to encrypt. You should not use a Webmail application that encrypts your messages on the servers of the application. Doing so means that the encryption keys are kept on those servers and are almost certainly easy to compromise by law enforcement, by people who work for the company that operates that application for you, and possibly by others. Instead, you should only use an encryption programme that operates on your local computer or device.