Why Encrypt if You’ve Got Nothing to Hide?

Some people ask, Why bother with encryption when I have nothing to hide? It’s a good question that I’ve pondered at length.

I don’t have anything to hide either. But, there’s a big difference between hiding and not wanting to share private information. We all have a right to privacy. I’m certain you have things you want to keep private. As we enter into what some are calling the golden age of surveillance you might find your email is not very private. Here’s just one example:

Recently, unknown to the users, Yahoo mail was forced by the NSA and FBI to install surveillance software that scans each and every email for keywords and phrases (see https://protonmail.com/blog/yahoo-us-intelligence/ ).

I expect this type of surveillance to become commonplace if it’s not already — and we’ll be the last to know. The new US political regime has stated they will use every method possible to enforce their desires, so our online communications are low hanging fruit and their first resource. Currently, they search for criminals, but in time these searches will become much more granular and selective.

My Personal Experience as a Spy

A long time ago, I was administrating my father’s business computer system (ok, that’s not quite a spy). I could read everyone’s email and it didn’t take me long to realize that reading out of context portions of conversations is a really bad thing. One can’t help but make assumptions, and those assumptions are very likely wrong.

In any large quantity of information, associations can be made between completely unrelated topics. In the machine interpreted world we’re in now here’s a couple of simple hypothetical examples:

Let’s say you know someone who visited the library and checked out a book on cancer. About the same time frame she buys a wig. It’s an easy algorithmic jump to conclude that this person has cancer and is in chemotherapy. Maybe this isn’t such a big deal, but it’s probably information that she would rather be in control of — it’s a private matter. Furthermore, if true, it’s a conclusion that circumvents the existing HIPAA privacy protections afforded everyone in the US.

Let’s take a more serious possibility. Go back in time to the Boston Marathon bombings that killed three and injured hundreds. Your friend in Boston likes to cook and garden. She investigates pressure cookers online and buys one. About the same time, she buys fertilizer. “Fertilizer” and “pressure cooker” (that’s what the bomb was made of) could be enough to initiate a very unpleasant visit from the authorities.

To quote Cardinal Richelieu’s statement from antiquity:

If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.

A recent vicious example Richelieu’s premise was the clever selective editing of videos done to discredit Planned Parenthood. Today you probably have thousands of writings sitting idle on hundreds of devices completely beyond your control.

All those emails stored in your Gmail (or other accounts) are really potential liabilities. Furthermore, they’re liabilities not only for you but for everyone you’ve communicated with. Every Gmail is read and interpreted automatically by Google — they always have been — that’s how you get those ads. This couldn’t be done if the email was stored encrypted.

Like Phil Zimmermann, the inventor of a major encryption technique said:

Today, email can be routinely and automatically scanned for interesting keywords, on a vast scale, without detection. This is like driftnet fishing.

To date, and to our knowledge, Google has not interpreted your email for other factors — but Google can change that in a heartbeat. It’s worth noting that Google’s CEO Eric Schmidt has made it clear he’s not your friend in these regards.

About Criminals Using Encryption

There is a valid argument that criminals can also use this to their advantage. But, we can choose to live in a world where everyone is under surveillance or in a world where everyone has privacy. Encryption isn’t new, it’s been around for decades and as a whole technology has made vastly more information available in many more forms that enable tracking down criminals. The idea that law enforcement is going dark is ludicrous.

How About a Back Door?

Apple stood up against the FBI for good reason. It’s not possible to create technical “back doors” that can’t be used against encryption. This has been proven repeatedly. If Apple were to create a back door, in essence a “key” to their operating system, it would be one of the most valuable keys on the planet. A key to unlocking over a billion devices, each with unique personal data of all sorts. I’m all for catching bad guys, but not by letting them through my back door.

I feel, and the US constitution concurs that the right to privacy is a fundamental right. There’s no doubt that under our upcoming Trump regime that we will need to fight to retain this basic right. I hope we succeed better than those in the UK who have just had everything taken away.

Today, we’re still free to say anything we’d like, but it’s worth remembering, “Anything you say, can and will be used against you.