All Tech Considered
Sat August 17, 2013
Cracking The Code: Just How Does Encrypted Email Work?
Originally published on Sat August 17, 2013 4:47 pm
If the past few months have taught us anything, it's that everything we do online leaves a digital trail. While it may seem like there's not much we can do about it, there are some tech companies that are working to obscure that trail a little bit, with a process known as encryption.
Micah Lee, a staff technologist at the Electronic Frontier Foundation who recently wrote a document for the Freedom of the Press Foundation about the encryption process, explains it for Weekends on All Things Considered guest host Don Gonyea. Most of us use encryption in one form or another every day, Lee says, even if we don't realize it. For example, the little padlock symbol on your Internet browser is a version of encryption.
"You know, let's say you're paying a bill at a coffee shop or on some other open wireless network — it means that other people on that same network won't be able to spy on you," Lee says.
But sometimes you want to keep information private not just from outsiders, but also from the services you use.
"Let's say you are sending a private message to somebody," Lee explains. "Maybe, you don't want Facebook, for example, to know the contents of this private message."
In that case, you need to encrypt those messages yourself. So you would use software that jumbles the text, making it look like jibberish. And the person you're sending the message to decrypts it in order to read it.
"You actually have to send encrypted emails with other people who are also using encrypted email," Lee says.
Decrypting messages is tough to do for an outsider or a government, but setting it up is complicated too. It takes a long time and a fair amount of expertise to be able to set it up. And Lee says, "...There's a million things that could go wrong."
For example, someone could just hack directly into your computer and monitor every single key you hit, and even if your messages are private, you're still probably leaving digital information everywhere you go in ways you can't even imagine.
"Let's say that you check your Gmail account on your phone, and your phone checks it every 30 minutes. You're essentially letting Google know what your IP address is every 30 minutes," Lee explains. "And your IP address can loosely be mapped to your location...and so this means that Google just has this information about where you are all day long, all the time."
But though Google or other providers are able to collect this information, it doesn't necessarily mean that they are using that information.
And because this entire process is so complicated and overwhelming, most people don't take additional steps to keep their information private.
"The problem, I think, is that it's just very hard. So it's just the very dedicated nerds that are using it right now," says Lee.
But Lee hopes that one day, those dedicated nerds will be able to make encryption automatic for everyone.