Behind the movement to encrypt all the things
Privacy on the Internet has to change if it’s going to survive.
Governments, Web browsers, nosy employers, and neighborhood hackers have never had more ways to spy on you. And while Internet users have an arsenal of strong privacy tools available to protect themselves, only a fraction of the general public has actually employed them.
That’s because encryption software seems painfully complex to the layman and, anonymity networks suffer from what’s essentially an image issue.
If privacy advocates want mass adoption of these tools—and they do, desperately—everything about privacy is going to have to become so simple that mom and dad will be able to hop online and easily encrypt their emails.
The good news is that we’re almost there. Soon, the world’s most powerful privacy tools—tools that largely already exist—will be accessible to everybody on the Web.
Get ready to say hello to the new world of Internet privacy.
The unmotivated user
In 1991, encryption was viewed as a weapon.
A few years after the initial release of the encryption program Pretty Good Privacy (PGP), its inventor, Phil Zimmerman, was investigated for munitions export without a license. At the time, cryptosystems the size of PGP were legally considered weapons.
Charges were never filed and laws have since liberalized. In the intervening years, encryption has transformed from a weapon to a necessary defense mechanism: It’s an essential tool to avoid online surveillance and to protect your private conversations.
The problem is that, traditionally, it’s been overwhelming for most people. The landmark 1998 study “Why Johnny Can’t Encrypt” showed that only 33 percent of participants were able to correctly sign and encrypt an email message with PGP in 90 minutes—a task that could take a fraction of that time.
Sixteen years later, little has changed for the better.
Case in point: When Edward Snowden first reached out to journalist Glenn Greenwald in early 2013 to leak thousands of classified documents, the National Security Agency contractor wanted to use PGP encryption to communicate so that the government couldn’t eavesdrop on the conversation.
Greenwald couldn’t do it. Even after watching—but never finishing—a homemade instructional video from Snowden and consulting with other journalists, it took him months to understand how to begin using secure communications. Even then, he never fully took advantage of the tools at his disposal.
Likewise, when Dread Pirate Roberts, the mastermind behind Silk Road, sent messages to employees about the black market’s security, he often couldn’t be bothered to encrypt his text. Many Silk Road drug dealers and customers—even the multi-million dollar kingpins and big-spending customers—didn’t bother with encryption even for sensitive data like names and addresses right up until the FBI shut the market down in October.
If journalists chasing world-changing stories and technocriminals making millions and risking prison can’t be bothered with security software, what are the chances that average citizens will adopt the tools that can protect them from prying eyes?
The technology is here. PGP and Off The Record messaging offer strong encryption for emails and chat. Anonymity networks like Tor and I2P can stand up to the most powerful adversaries. But if they intimidate the average user, they’ll never be the tools of mass liberation that their designers hope for.
Nobody wants to sit down at their computers or turn on their mobile devices and tediously manage their security. Instead, they want to know that the best security in the world is already in place to protect them, ready to use at a moment’s notice.
It’s the classic “unmotivated user” problem.
“It is easy for people to put off learning about security, or to optimistically assume that their security is working,” Alma Whitten and J.D. Tygar wrote in “Why Johnny Can’t Encrypt.” Security that is too difficult or annoying—i.e. most powerful security tools today—will cause people to give up.
The Electronic Frontier Foundation, one of the leading digital civil rights organizations, has long recognized the problem and is now acting on it. Last week, the group launched the EFF CUP (Crypto Usability Prize), a competition to see who can build “the first usable, secure, and private end-to-end encrypted communication tool.”
The resulting product would have a substantial impact well beyond the realm of activism. When the right product comes along, plenty of enterprises will be ready to pay. Companies like Just Mail see big growth and dollar signs in easy cybersecurity. Right alongside individuals seeking smart encryption technology will be massive enterprises who know that anything too complex can ultimately work against their interests.
After all, the most powerful encryption technology in the world is meaningless if no one actually uses it.
The future is Tor
The most famous security tool online today is Tor.
The anonymity network has connections to several of the world’s biggest headlines in the past few years, including the rise of WikiLeaks, Edward Snowden’s NSA whistleblowing, and Silk Road’s downfall.
At the apex of unrest, Tor was gaining 10,000 new Turkish users per day, proving once again that it’s an invaluable tool to circumvent censorship of all sorts.
Even so, Tor is far from perfect.
Browsing the Web with Tor can be as slow as a crawl. There’s also no built-in messaging functionality. If, like any normal human being using the Internet, you want to actually communicate anonymously, you’ll probably be looking outside of Tor to encryption programs or other external applications to do so.
If Tor can replicate the average person’s computing experience—complete with emails and instant messages—but do it in a secure and anonymous way, the potential for growth is enormous. The road will be long, but the the team behind the Tor is pushing forward in several key ways to make the famously powerful software easier to use and more capable than ever before.
Toroken, a tool being developed by a group of American programmers and entrepreneurs, seeks to make the Tor network faster. If there’s one single reason why more laypeople don’t use the tool, lack of speed is it. Toroken has numerous big issues to work out—most notably, can you maintain net neutrality if you’re pushing a pay-to-play model?—but fixing Tor’s speed will encourage wider adoption.
The next tool on the docket is both simple and profoundly important. A Tor anonymous instant messenger will finally allow users to not only view websites but to securely communicate with one another in the way they’ve become accustomed to over the past two decades.
Next, a powerful Tor-fueled mobile operating system will offer encrypted voice, video, and text messaging apps, as well as boasting security features that will disable location tracking. Given the seemingly endless growth of mobile computing—over 87 percent of the world’s population own mobile phones—getting a running start on phones and tablets may be the smartest move possible as Tor evolves with the rest of the Web.
Publishing anonymous websites, known as hidden services, on Tor has always been a particularly difficult task. The team is dedicating resources to simplify the process and make it as easy as a few point-and-clicks. Easy anonymous publishing will raise hidden services toward the level of blogs, a fundamental change that can revolutionize the way we communicate with the rest of the Web.
Add it all up and what you’ve got is an entirely new anonymous Internet where you can chat, blog, text, call, and surf anonymously faster than ever before.
All of a sudden, Tor is beginning to look like a tool that almost anyone could use.