Concerned by reports of hacking, data breaches and government spying, companies and consumers are looking for better ways to protect their data. Many are turning to encryption, a method of encoding messages that goes back millennia. Encryption is commonly used to secure online banking sessions and to protect credit-card data. But for the average computer user, it remains a mystery.
Here’s a brief guide to help readers unlock its secrets.
How does encryption work?
If you saw the recent movie “The Imitation Game,” you’ve seen a rudimentary, by modern standards, form of encryption. During World War II, the Germans used a machine to turn military messages into coded strings of symbols. These days, computers running complex mathematical formulas can do the same thing much faster, and the codes are much harder to crack.
What’s it used for?
If you’ve ever done banking online, you may have noticed a “lock” icon in the address bar, or that the bar turned green. That means the browser session is encrypted by your bank.
Consumers can download a growing crop of encryption tools for texting, browsing sessions and video and phone calls. Users usually must download an app or install software that scrambles messages as they are sent. (The recipient needs to be using the same app or software to unscramble the message.)
Apple has started encrypting personal data on its latest mobile operating system, iOS 8. This means an outsider who hacks into a device or into Apple’s servers would see a string of unreadable characters instead of actual messages or FaceTime videos.
Can I encrypt email messages?
Yes, but it’s tricky. Sender and receiver must use the same type of encryption. If you have encryption switched on, but the friend you’re emailing doesn’t have it, he or she won’t be able to read your message.
Since the revelations of former National Security Agency contractor Edward Snowden about electronic eavesdropping by the NSA, big tech companies have made moves to add encryption. Yahoo Inc. and Google Inc. both have announced plans to begin encrypting emails of users of their services, but the projects are moving slowly.
Can encryption really protect me from getting hacked?
Maybe. If a hacker obtains the encryption keys, or the formula that unlocks the code, all that encrypting was for naught. And that happens all the time in corporate data breaches, says Avivah Litan, a vice president and senior analyst focusing on security issues at market-research firm Gartner Inc. For example, as part of the 2007 breach at TJX Cos., hackers stole a TJX point-of-sale card-reader system and brought it home. The hackers were able to break the code used to encrypt card transactions and stole data from tens of millions of customer accounts.
How can I get started?
In addition to Apple’s built-in encryption in its new mobile devices, Android users can download WhatsApp, which encrypts text messages. WhatsApp, a company owned by Facebook Inc., says it is working on offering encryption for all communication sent between WhatsApp users, including images, audio and text.
A number of vendors—including Voltage Security Inc., Protegrity and RSA Security, a unit of Corp.—offer encryption of corporate data, including email and credit-card records. Silent Circle’s Blackphone is a phone for corporate users that can send encrypted voice calls, text, emails and other data—if both parties are using a Blackphone.
Why isn’t everything encrypted?
There are plenty of reasons. Encryption is time-consuming and difficult to implement. It’s hard to properly manage who has access to encryption keys, and it slows system performance.