The digital arms race.
As computer users across the globe are aware, digital privacy and data security important for everyone, from the average person to the largest corporation. The ability to prevent data from falling prey to theft or interception is critical for even the average person, and even more so for those who wish to protect sensitive data. Most people use encryption to secure data online daily whether they know it or not, but what about your personal computer, and the treasure trove of information held therein?
The digital answer for those who wish to secure their data against theft and prying eyes is encryption, and there are many tools designed specifically for that purpose. Encryption is the use of complex mathematical formulas to make digital data unreadable to anyone that does not have the proper passkey. Fortunately for users, there are many tools available to make encryption very user friendly. Unfortunately, there is a great deal of incorrect information on many of these tools and their proper use. I will attempt to simplify the technical aspects, while providing the reader with a moderate understanding not only of how to use some common tools for proper data security, but also to understand the methodologies behind them and why they do, or don’t in some cases, work against particular threat models.
For many, the task of learning how to thwart the electronic eyes and ears of the State may seem quite daunting. However, the good news is that this need for basic communication between private individuals has been met by technophiles who are constantly working to make sure that the average person has the ability to communicate via electronic medium in a secure manner without great effort. This skillset is not hard to gain and the software required is free. If you can follow simple instructions and install software using the software’s included installation wizard, then you can do this. This article will teach the beginner to send and receive encrypted email.
The method of encrypting email we will use is known as PGP (short for Pretty Good Privacy) and it is as of yet considered unbreakable. The two facets of PGP that make it extraordinary for this task are its use of asymmetric encryption and digital signatures. Asymmetric encryption simply means that if you wish to send an encrypted email to a person or entity, you can email so that only their specific passphrase, or private key, will decrypt the message, only knowing publicly available information, which is referred to as their public key. This public key will allow a person to lock the message, but only the private key of the pair will unlock the message. This makes it an excellent tool for contacting persons that you do not know personally, such as reporters (think Edward Snowden contacting Glenn Greenwald). Digital signatures allow a person to verify the veracity and integrity of the data being sent, which prevents any tampering with the message. The contents of the email, but not the subject line, will be fully encrypted.