The Browser

Encrypt it

If I wanted to, I could read any e-mail that you write. So could the government, your boss, and the system administrators of every computer your messages pass through. Every time you send an e-mail without encrypting it, it's like putting a letter in the mail with no envelope—and forfeiting your right to privacy.

Though strong encryption has been available since 1991, and a Gallup poll conducted last September showed that 81 percent of Internet users are concerned about privacy on the Internet and 86 percent are concerned about software that can scan thousands of e-mails for keywords, most e-mails get sent with no protection at all.

So why isn't it common practice to seal them? Most people don't even know they can. But teaching people to encrypt their e-mails is the easy part. There are two more hurdles to jump before we all realize the importance of protecting e-mail.

First, it's a misconception that there is no need to protect e-mails in which nothing wrong is said. Second, the existing encryption options aren't user-friendly.

We don't let just anyone read our letters, look at our medical records, or peruse our credit reports, regardless of how squeaky-clean they might be. If the police want to bug your phone or search your house, they have to prove probable cause and get a warrant. Though they technically need a warrant to gain access to your e-mails, with programs like Echelon, and with ISPs leery of legal battles, the government can scan every e-mail you send for "suspicious" keywords—without you ever knowing it.

Of course, there are those who argue that this doesn't happen. They have faith that the government doesn't want to look unless there is probable cause. They say that wanting to hide harmless e-mails means that you are paranoid. Maybe so. But for those of us with a healthy fear of the government, using encryption isn't about hiding anything; it's about removing the temptation to peek.

Then there are system administrators and customer service reps. These folks get bored at work just like you and me. Instead of surfing the Web for entertainment, they have much more tempting diversions. They have open access to everything on their servers, and can spend hours reading personal e-mail.

I know of a UNIX administrator at a local company with a penchant for copying executives' e-mails and sending them out to acquaintances for fun. Imagine what goes on at Hotmail or your local ISP. Customer service reps—who get paid nothing and have no loyalty to you or their company—help you change your passwords, and then what? Read The Onion again? Doubtful. At a place like Hotmail, administrators have access to every password and account, so why not enjoy a few extra perks? Trust me: Your steamy passages, rants about the government, and just plain private notes get read all the time.

But we don't have to stand for this. When Phil Zimmerman wrote the original code for PGP, or Pretty Good Privacy, he created an almost perfect encryption tool. PGP is so powerful that the NSA can't break it. Some even think it could take trillions of years until every possible combination is tried and the 1024-bit algorithm is cracked. Until recently, the U.S. government banned its export in digital form by calling it a weapon. Even the Vatican uses it.

But PGP, for all its strengths, has one glaring weakness: It's not user-friendly. The interface isn't pretty, the messages it generates are unclear, and the terminology surrounding it is confusing. In short, it's never been marketed and packaged for those who need it the most: citizens interested in protecting their right to free speech and privacy.

That is, until Zendit. Based in Ballard, Zendit is a new software company that makes encryption technology easier to use, tweaking it to protect all the personal information we digitize and educating us about privacy issues.

Zendit's program, slated for release this week, is small, simple, and almost fun. It exists as a toolbar in Outlook (it works with Web-based e-mail too). With it, you write the e-mail and click "Zend" instead of "send." You choose a "public lock," type in a password, and a message of incomprehensible gibberish zips through the ether. On the other end your mom clicks "dezend" and uses her private key to unlock it. She types in a password, and the e-mail is once again readable. Even if mom has yet to join the 21st century and doesn't encrypt, she gets another message that explains how to decode the e-mail. The technology is already the standard for encryption. Its interface, though, is the missing link between PGP and us.

As Zendit gets ready to launch, and the government gets over its honeymoon with George W., encryption and total digital privacy will be the next big thing on the digital rights horizon. Which brings us to America's latest spy thriller.

The case against suspected FBI spy Robert Philip Hanssen includes allegations that a Palm VII with encryption was used to send secrets to the Russians. This little nugget will provide plenty of ammunition for those in government who want all encryption software and devices built with a back door to let them in if they want. Simply put, it provides the government with a copy of every private key out there. So encrypt now, before this law is passed, and make secure encryption the default. Afterwards, you'll never be safe again.

Charles Redell is a freelance writer based in Seattle. He can be reached at axis@speakeasy.org.

 
comments powered by Disqus