Open Whisper Systems, a company that specializes in open source encryption technologies, just announced an upgrade for their free and dead simple encryption app for texts and phone calls, known as Signal. Users with the app can ensure that no one reads an intended message or hears a phone call other than the party on the other end: no men in the middle, no wiretapping, and no compromises from hackers. Wired reports that there’s absolutely no learning curve required—so you may as well start using it.
Signal’s ease of use marks an important turning point in such technology. Many Internet and smartphone users may struggle with encryption because it feels too complicated. Ars Technica posted a three-page tutorial in 2013 that reads like a dizzying trip into Wonderland for those unfamiliar with the practice. Even as people become more aware of government spying, hacking, and other issues, they’ve been reluctant to explore securing their own communications.
Just last week, we learned about the FREAK security flaw, which has been exposing most desktop and laptop users to serious security risks for nearly 20 years. The flaw can be traced back to the government’s insistence on only allowing “weak” encryption to be exported to other nations, concerned about the risks of strong security software being sent overseas. Remnants of the code have filtered through and remained deeply ingrained in software we use every day, putting us at risk of releasing secure information.
Even as the government sees what FREAK hath wrought, it’s still demanding backdoors and weakened security on smartphones. As Christopher Soghoian pointed out in an interview with the Washington Post, though, “you cannot have a secure and an insecure mode at the same time. … What we’ve seen is that those flaws will ultimately impact all users.”
Apple and Google are already considering building more robust security into their products, including encryption that will make it impossible for them to decrypt data sent by their users. But Signal provides another means for ensuring the safety and security of data sent over open wireless networks, phone networks, and more. There’s no way to make certain information is encrypted unless users control it, which is what Signal empowers people to do.
Oddly for an era in which evidence of security compromises are all around us, phones, arguably, are one of the most important places to encrypt data. Roughly 62 percent of the adult population uses a smartphone, with users relying heavily on their smartphones not just for texting and calling but also gaming, Web browsing, and more. Security compromises are a serious concern.
For those conducting illegal activities, there’s a transparent reason to be concerned about data security. People using their phones to coordinate drug deals, for instance, could benefit from encrypted software allowing them to text without oversight from law enforcement. These uses of secured communications are often cited by officials arguing for backdoor access, limitless wiretapping, and other restrictions on civilian privacy.
Unfortunately, there’s a common underlying assumption that the only people who would want encryption are those using their phones for illegal purposes; if you’re not doing anything wrong, why would you care if someone could intercept your phone and text data? The short answer, of course, is that everyone deserves privacy. In fact, in the United States, the expectation to privacy is such an enshrined national value that it’s embedded into the Constitution.
Moreover, before you say you have nothing to hide, think again. A number of utterly obscure laws remain on the books and you could technically be prosecuted for anything from sodomy to feeding garbage to swine without a permit.
At Wired, Moxie Marlinspike writes passionately against the “I have nothing to hide” argument:
Police already abuse the immense power they have, but if everyone’s every action were being monitored, and everyone technically violates some obscure law at some time, then punishment becomes purely selective. Those in power will essentially have what they need to punish anyone they’d like, whenever they choose, as if there were no rules at all.
There are also a number of communiques that need to remain private. An organization’s board members need to be able to communicate in confidence, for example, while a psychiatrist or sexual assault counselor who works with clients on the phone needs assurance that those phone calls are secure. Likewise, physicians emailing with patients to discuss a medical issue need a level of privacy. These entirely legitimate reasons to secure communications illustrate the need for encryption—and the all or nothing approach means that no matter how encryption is used, it must be total; partial encryption is a myth.
On a deeper level, this is also a safety concern. Encryption of data allows users to retain control of potentially compromising information, including data about where they are, their medical histories, and more. For phones in particular, this is a serious issue, as people generally bring their phones with them wherever they go. Texts coordinating a night out can be turned into a useful list for a stalker, endangering all of the people in the conversation.
Aarti Shahani at NPR says of domestic violence victims seeking shelter that “they’re oozing data—from their phones, their tablets, their social media accounts—data that an abuser can access pretty easily.” Shahani notes that many don’t realize how easy it is to track them, underscoring the fact that more encryption and security awareness is critical.
As Thorin Klosowski points out at LifeHacker, our entire lives are on our smartphones. Most people save detailed contact lists with home and address information, all their private passwords, travel schedules, and other revealing data. Should someone be able to spy on this information or obtain backdoor entry to a cellphone, it could result in a privacy breach of epic proportions.
There’s another benefit to the use of encryption software, one that acts almost like herd immunity. If an entire population picks it up and begins securing every communication, the practice becomes normalized, but something else happens as well. People who genuinely need privacy can hide among the herd, relying on the protection of millions of users with perfectly innocent encrypted data. This allows whistleblowers, undercover reporters, and many others to conduct their work with a much lower degree of risk.
Widespread acceptance of such software also creates a heightened awareness of data security and resistance to the security state. Members of a public who routinely use encryption and think about their data on a regular basis are also members of a public that resists civil rights violations and values its right to privacy. As more people adopt software like Signal, they create a snowball effect, creating more and more users and sparking a conversation about data security and who might be looking over your shoulder at that adorable kitten playing with a duckling.
Individuals who don’t see a personal need for encryption should still utilize it; the barrier to use is becoming lower and lower, and in the case of Signal and another innovative service called miniLock is virtually nonexistent. You don’t have to be James Bond to want a secure communication device.
Plus, you never know when you might need to send a private text or place a call that no one can listen in on.
Photo via Highways Agency/Flickr (CC BY 2.0)