Today is July 2nd. Let’s say that today, at 12 pm noon, I decide to add money to my bank account. I go to the website, log in, and a few clicks later the dollar signs rise. Yeehaw! But what if my computer had been tapped? What if a rogue hacker wanted to steal my credit card information and all my money? Or what if a company wanted to see my purchase history to target advertisements? Or what if a government agency watched me to see my purchases and make sure I wasn’t a criminal? How do I know that these groups can’t see my information when I click on that website and log in? These questions boil down to one: what is encryption?

In short, encryption is coded messaging. Think spy codes from middle school. Those were all simplified encrypted messages. Sure, they could probably be deciphered easily, but at first glance the message would appear meaningless. Advanced encryption, such as online website data, appears as strings of random characters. Your computer displays it as something like this if you try to open it:

\85#\8C##ȤA\B7\CCx\E3#\00\A1B#\CA\D2\F8#p\E1p`#\89#\F2J\DEf\CE\E8\E0!\F6\88\EEi\F8,\A0\AD\9A&Q5\AC\CE\F5\F3#\AD\8C\86\9C\86\F6b#-“y\A0\C2\FFX\F4\A7\9EȾ\94\8FH\E0J\AD\B8Án#\92\9FVYtJ/Ċ\F3\F4\B1 !\BF\C0\B6H#\CE#\EDb\F2\92gTу\C2\C1\8F1\D4%\BA\A9RRܩ!\D3d#\D6\F0$1\83\D3䖉\86\A4Q

(Translation: “Hello, this is an encrypted message!")

Any information, including online data, can be encrypted. By doing so, outside observers who would want to see the information are unable to do so. Any information they retrieve is in code, unless they have access to the decryption keys (i.e. password to your bank account). So someone could see that on a certain day I accessed my bank account website, but they wouldn’t know any of the information I sent or accessed.

But how do I know that my online bank account is encrypted? Or any website for that matter? Essentially, most companies host two websites simultaneously. There is the older Hypertext Transfer Protocol (HTTP) website, but now most websites host a Hypertext transfer Protocol Secure (HTTPS) website. The s means the website is encrypted. That’s it. All you have to do is scroll to the top of the page and check to make sure you’re using https rather than http. If you are not, switch over instantly. Your traffic could be intercepted and credit card information, among most other data, could be stolen.

Fortunately, most web browsers now automatically direct to HTTPS websites. But just in case, the Electronic Frontier Foundation created a handy-dandy browser extension that ensures you always use encryption: HTTPS Everywhere. Just click on the link, add it to your browser, and you’ll be set!

Now, what about these encrypted messengers? Essentially, anyone with access to your text messages can see what they say. That could be a government agency, a company, or even a hacker who managed to hack into your device. An encrypted messenger, such as Signal Messenger, encrypts every message that you send over the service. The code for the app is open-source, meaning that anyone can read the code and verify that the encryption works and no data is collected about your information.

So why should we care? Two simple reasons:

1. Encryption protects your information from prying eyes. In the United States, privacy is protected by the Fourth Amendment. Your data contains more sensitive information about you than almost anything else in your possession, and those who have access to it can control everything about your life. Hackers could blackmail you and governments could find crimes to try you for, even if you weren’t aware of the crime. As Stalin’s secret police chief Lavrentiy Beria famously said, “Show me the man and I’ll find you the crime.”

2. Encryption protects your valuables. Without it, your credit card data would be easily stolen, your bank accounts drained, and the internet as we know it would cease to function. That’s why, when the FBI and other government agencies tend to advocate for encryption backdoors to pursue terrorists, they should never be granted those powers. Besides the privacy concern, the simple fact is that no backdoor exists in a vacuum. If the government were given backdoors to encrypted apps, a vulnerability would be created for that app. It would only be a matter of time before a hacking group, or a foreign government, discovered the vulnerability and also had access to all the data of the users. Creating encryption backdoors is a security risk for all users.

Now, with that information under your belt, go forth and educate all you know about internet encryption!

Action Items:

Quick/1-10 Minutes

1. Install HTTPS Everywhere: Firefox extension or Chrome extension (but please don't use Chrome or Google products if you care about privacy).

2. Want to communicate privately? Use a TRUSTED encryption messenger like Signal or Element/Matrix.

Longer/In-Depth

1. Want to create your own encryption key and get into the nitty-gritty? Look into GNU Privacy Guard (GnuPG). Feel free to email us any encrypted comments, questions, or concerns by using our PGP key (accessible here)