Bruce Schneier has a nice post on Why We Encrypt. Encryption maintains our privacy, keeps our money safe, and, sometimes, saves our lives. Most Irreal readers will be familiar with these reasons but here’s another that we hear about less often: if you only encrypt important data, you are putting a sign on that data saying, “this is something worth trying to exploit.”
The answer, of course, is to encrypt everything. The movement to deprecate HTTP and use only SSL/TLS (HTTPS) is part of that. If all of our Web transactions are encrypted, it’s hard to know which ones are worth trying to decrypt. The other, harder, major vector is email. I hardly ever encrypt email because almost no one I communicate with is prepared to deal with it.
That’s a long standing problem, of course, and one that doesn’t admit an easy solution. Schneier notes that encryption works best when it’s automatic. That’s what we need for email. A system that automatically encrypts the messages we send and decrypts them (also automatically) at the other end. That way, Aunt Millie doesn’t even have to know what encryption is; everything is handled behind the scenes. We’re still some way from that but I’m looking forward to the day when all the three-letter agencies are sad because it’s really hard to snoop on people anymore.