When Does Encryption Become a Political Practice?

Is it time to turn encryption from something technologists worry about into a practice that constitutes a political stand? It’s unsettling, but perhaps not surprising, that the first government to order a major tech manufacturer to create a compromised operating system is not China or Russia, but the United States.

I believe there are ways of ensuring that warrant-based search orders can be executed, but they require the consent of the governed, as well as robust identity and authentication solutions. But this backdoor nonsense needs to be stopped dead in its tracks.

The larger issue is that commercial entities — like Google and Facebook — are already feeding on our personal data, able to link our data-in-the-world with our personal identities in ways that governments envy. Corporate access to our personal data is the very source of their power, posing an ever growing imbalance of power. Increasingly, the tendency is to use their knowledge of our interests and concerns to tailor what we see in our search results, and to profit from that knowledge. At what point does the seemingly benign ability of tailoring become manipulation, as demonstrated in Facebook’s emotion manipulation experiment? When — not if — this occurs, their power will begin to shrink our zone of liberty and capacity for self-projection within an illusion of self-determination.

So, encryption — and the power of managing your own identity and encryption keys — is becoming pivotal to liberty. I think we need to take a political stand and begin encrypting as much as we can, beginning with simple activities like email and file sharing. Encryption is a way of taking your power back.

One solution worth attention is offered by CloudMask, a Canadian firm that has produced a Common Criteria certified data-masking engine deployed in its first iterations for Gmail and Google Drive. While they’ve made public key encryption for Gmail drop-dead easy and frictionless, the main hurdle remains getting people to care about encryption and to get prospective users to adopt new practices of personal security when it comes to data protection. I’m speculating that encryption as a political stand might be the only way to build some critical mass.