Encryption has been in the news ever since Edward Snowden revealed to the world the massive spying operation that the US and its allies in English speaking countries (UK, Canada, Australia, and New Zealand) perpetrates on the communications of people all over the world. The backlash has resulted in some curbs to the US government’s spying powers but the greater impact has been on the increased use of end-to-end encryption on the internet.
I came across this article by Andrea Peterson that describes the state of encryption in simple terms.
Congratulations! If you are reading this on The Washington Post website right now, you’re using encryption — or at least your browser is. The little lock that probably shows up in the URL bar of your browser highlights that our site deploys HTTPS, a process that creates a sort of digital tunnel between you and our website.
That encrypted tunnel helps protect you from governments, Internet service providers, your employers, or even the nefarious hackers who might want to spy on or even hijack your Web browsing while they lurk on the WiFi at your local coffee shop.
When a site has HTTPS turned on, someone trying to get a peek at your online activity can typically see only what site you’re visiting, not the actual page you’re on or what information you might share on a site. So right now, for instance, someone with access to the network you’re connecting through could see that you’re reading The Post, but not that you’re reading this specific article about encryption. Neat, right?
Major e-mail providers, social networks, and all sorts of e-commerce such as online shopping and banking rely on encryption to help keep users’ data safe, often without visitors even realizing it because the encryption is just baked into how users experience the Internet.
The government has been complaining that encryption prevents them from monitoring criminal activities and are calling for the manufacturers of hardware and software to install backdoors to the systems and thus be able to give governments the keys if they need them. But the arguments against allowing that are strong just for technical reasons alone, and pressure has been building on even the commercial tech companies to design systems where they essentially throw away the keys so that even they cannot unlock the messages that pass through their systems from one user to another.
I do not have any expertise in this area but her article seems a little too sanguine that we may soon no longer be at the mercy of the NSA and other government spying agencies. I know there are some serious experts among this blog’s readers who can weigh in on the merits of the article.