Encryption is a hot topic, as law enforcement and tech companies debate the ethics and legalities of encrypting data. Encryption can keep the bad guys from accessing sensitive data. That’s a good thing, right? But it also allows the bad guys to hide information from law enforcement. That is where the waters get muddier. Should companies handling personal data provide “backdoors” for law enforcement access? Doing so could allow them to stop terrorists and other criminals and save lives. But a backdoor for law enforcement can also make it easier for hackers to access sensitive data.
One case that got a lot of attention was when the FBI requested Apple’s help in unlocking an iPhone used by Syed Rizwan Farook in the December, 2015 mass shooting in San Bernardino, California. According to a report in the New York Times, the issue is not as simple as it may seem. Apple said that to bypass the phone’s security and access the data they would need to write new software, and it could create a permanent way for law enforcement and perhaps foreign agencies (or even criminals) to bypass iPhone password protection. Ultimately, the FBI found a way to access data on the phone without Apple’s help. However, the issue is far from settled, as there are many other cases that go beyond this one phone.
There are reasonable positions on both sides of this issue, but before you can enter the debate about encryption, you need to understand what it is. Encryption is simply a way of scrambling or coding data to make it unreadable. In its simplest form, think of the secret agent decoder ring you may have owned as a child. It allowed you to send “secret” coded messages to your friends, who would then use their decoder rings to translate the message back into readable form. Computer encryption uses keys (like a high-tech decoder ring) to encrypt data on one end of the transmission, then decrypt it on the other.
The encryption used by today’s computers is, of course, much more sophisticated than your decoder ring. EETimes says that it would take a supercomputer one billion years to crack 128-bit encryption by trying every possible combination. And many of today’s computers use even stronger 256-bit encryption.
You are using encryption whenever you access a secure website with a URL beginning with “https.” That “s” means that the website is using a secure socket layer (SSL). Think of SSL as a tunnel that safeguards your data as it travels between your device and the bank, retailer or other website. Most data breaches take place at the end of the tunnel, where the data is not as well protected, not during transmission.
So why do we not encrypt everything that can be accessed on the web? It’s complicated. Companies would have to put massive systems in place to handle the encryption of all of their data. And they would have to decide which employees have access to the encryption keys that control all of the security. Although eventually all data may be encrypted, we are not there yet. Until then, use two-factor authentication, be cautious when using public Wi-Fi, do not click unknown links in emails and adhere to other best practices to avoid being hacked.