OVER THE PAST decade, the internet has come to occupy a central role in our lives. Instant messaging has all but replaced text messaging, and the means by which we communicate with one another are evolving rapidly. What is alarming is that many of the services which we now rely on for communication contain massive security holes. As a very basic example, Facebook allows multiple users to be signed into one account at the same time from different locations. This means that a hacker (or anyone who has access to a device which is signed into your account) can see you chatting with your friends in real time. Facebook messages are also logged whether or not you like it, and deleting them from your inbox does not remove them from that of your friend.
It is often said that our expectations of privacy have not evolved to fit this world in which our communications are almost constantly monitored, and that we should get used to the fact that our conversations with others online are not entirely private. I would argue no such evolution needs to occur. Encryption pre-dates the internet, and provides an effective means of protecting our communications from hackers.
The trouble is that encryption is a concept which is neither sufficiently understood nor adequately used. Most people seem to think that it is the sole preserve of entities which require operational secrecy, such as companies and government agencies. This is a perception of encryption that needs to be challenged and eradicated. Encryption does not exist only to safeguard the secrets of governments and corporations; it is just as good at protecting the Everyman from prying eyes. The tools to protect your instant messages and emails from multinational data brokers, omniscient and out of control intelligence agencies, criminals, and even nosy co-workers are free and surprisingly user-friendly. Without much technical expertise, you can protect yourself against intrusion.
The technical tools
As an example, Pidgin is an open source Instant Messaging application, which allows users to integrate almost all their Instant Messaging services – from Facebook Chat and Google Talk, to dinosaurs such as MSN and AIM. Pidgin also allows users to install plugins to enhance functionality, including the cryptographic protocol OTR (which stands for “off-the-record messaging”). While the programming behind OTR is complicated, the underlying concept is very simple. Instead of allowing instant messages to be transmitted in plain text (which anyone could read), OTR scrambles the messages according to a previously defined rule. We (or rather our chat clients) know the rule and are able to decrypt the message, but nobody else does. Thus our messages, both the scandalous and the mundane, seem like gibberish to anyone who is watching.
Sounds great, but why do I need OTR? First, there is the obvious fact that it prevents social media giants from mining your personal messaging data in order to tailor advertising to your “personality”. Second, encryption provides a defence against a myriad of possible threats. The problem is that you won’t recognise most of them until they have already breached your defences.
Imagine that you’re on a lunch break from work, and you are ranting about your boss over Facebook Chat. Unfortunately, you’ve also forgotten to log off from the work computer, and so your co-worker is able to see your complaints in real time. Spying a chance to steal your position, he takes a screenshot and emails it to your boss. You return to work and discover that you’ve been fired. Of course it’s arguable that this problem could have been avoided by logging out of your work PC. Moralisers may even go further and point out that you shouldn’t have been complaining about your boss like that in the first place. However, even the best of us make bad decisions when frustrated and tired; it is best to have precautions in place for these moments of weakness.
Privacy versus convenience
There is, however, one drawback to encryption, in that it only functions if both parties use it. Most people are content to use these unsafe and insecure means of communicating out of pure convenience. This means that privacy lovers frequently have to choose between communicating insecurely and not communicating at all. An ethical dilemma arises where the data in such communications is harvested, stored and analysed so that companies can offer us “better” advertising. Which is more unfair: for us to force our friends and colleagues to adopt a slightly less convenient form of communication, or for them – by their inaction – to force us to sacrifice our privacy in order to communicate with them?
Given the revelations of the past year, I would argue that privacy trumps convenience, and that the complacency of some should not be allowed to compromise the privacy of others. The failure of the EU to enact any meaningful data protection reforms ahead of the 2014 European Elections should serve as a reminder that we cannot rely on governments to fix our privacy problems for us. And why should we be reliant on governments in this matter? The power to protect our privacy lies in our own hands, and we have an obligation to ourselves and our fellow internet users to wield it.