One of the biggest news stories of the summer is something that shouldn’t come as any surprise to even the least paranoid among us: Big Brother is watching. The National Security Agency spies on our Internet and cell phone usage, effectively turning law-abiding United States citizens into
suspected criminals.
So what’s a person to ensure that their communications remain private?
The word is encryption: using some sort of code to attempt to make your message indecipherable to all but the intended recipient. If Alice wants to send a letter to Bob but doesn’t want Chuck to read it, she might use one letter to represent another (“A” turns to “Z,” “B” to “W,” etc.) and give Bob the code ahead of time.
There are problems with this technique. Unless the message is very short, Chuck can look for patterns, such as assuming the most commonly used letter represents an “E,” to figure out the cipher. As anyone who’s ever solved a cryptogram can attest, this is not only doable, it’s also kind of fun.
So Alice needs to devise a method that’s even more clever. How about a machine that changes the code for every letter used? In other words, the first time the letter “A” is represented by a “Q,” but then, two characters over, it’s represented by a “T.”
The German army used such a machine called Enigma during World War II. The device was made up of several rotors, which would rotate according to a four-character code entered by the user. The encoded messages it created and deciphered were very difficult for the Allied forces to crack.
But they did. The code itself wasn’t weak — in fact, there were over a billion different codes that users could choose from — but the method of transmitting it was. Once the Allies built their own machine — which was no easy task since the Germans didn’t exactly make the schematics public — they could easily receive the four-character codes via radio and decode the transmitted messages.
The weakness in the Enigma machine was the desire to make the code portable and send messages over long distances. If Alice and Bob meet in secret to exchange their code, this isn’t an issue. However, that’s not always possible.
So how do you send somebody a locked message without also sending them a key?
One solution is if Alice, sufficiently clever, sends the message to Bob in a box with a lock on it. Bob doesn’t have the key, but he has his own lock, which he puts on the box so that it is now doubly locked, and sends it back to Alice. Alice then removes her lock so that Bob’s is the only one remaining and sends it back to him.
It works, but it’s also slow and convoluted, offering three times the chance of the message being lost or damaged.
And that leads us to RSA encryption. This is an asymmetric cipher where encoding differs from the decoding. The two keys are separate — one can’t figure out how to interpret a message from the code used to encrypt it. Bob can post his “public key” all over the world because it can’t be used to decode Alice’s message. In order to decode, one would need access to Bob’s “private key,” which he keeps to himself.
Of course, there are always subtle tricks to crack codes and no matter how clever Bob or Alice is, there’s always the possibility that someone else is even more clever. Short of living in a cave in the middle of nowhere, far removed from human contact, processed food and Internet access, there’s not much you can do to keep your privacy completely protected.
However, unless you’re in charge of a major military operation or working in organized crime, your life probably isn’t interesting enough for hackers or the government to want to infiltrate it. That doesn’t mean you shouldn’t be careful, though.
It’s a bit like the case of running from the bear: You don’t need to outrun the bear, just the other person you’re with. Check your credit report regularly, don’t reuse or share passwords and keep anti-virus software installed on your computer. If you want to be really safe, use a password manager like LastPass or 1Password and encrypt important folders on your hard drive using software like Boxcryptor or TrueCrypt, particularly files that you’re syncing to a cloud server.
You can’t ever be completely safe, but these tools should prevent you from losing too much sleep over privacy concerns. Some of these precautions may be unnecessary and even a slight inconvenience, but in a time when cameras follow us everywhere and identity theft is easier than ever, a little paranoia is probably justified as well as healthy.
