Hey Hey, My My, Strong Encryption Will Never Die

There are two types of people in the world: people who will encrypt and people who will not. The former cohort is far smaller than the latter. That should change, but it won’t. In essence the argument over what anyone means about the “Manhattan Project” of encryption is a silly one. The Manhattan Project of encryption means nothing to millions of people who are just fine sending their data around the world in packages about as safe as a Cracker Jack Box and it is a spectacular bit of silliness for those who understand encryption at all.

Here’s the truth: we will encrypt ourselves all the way up to the point of inconvenience. You can email me using my public key all day long but (and follow my tutorial on encrypting your email) but you will be in a grand minority of strong encryptors and in a grander minority of my email correspondents. You can ensure https is everywhere but I just noticed we don’t even have as a default on our site and it seems our certificate is bad. We can chortle all we want about how the government misunderstands encryption but if we do not use it we expose ourselves to exactly the degree of informational transparency all the politicians are espousing.

In the end maybe encryption doesn’t matter. Maybe our efforts to keep eyes off of our Buckeye candy recipes are silly and overly paranoid. Maybe if we have nothing to hide we should expect no means to hide what little we have?

I, for one, should be far more careful. I try to manage a fairly active standard of encryption, especially on my home machines and servers, but I know I haven’t hardened the things that matter and, for that matter, I don’t know what I could harden further. In short I’ve encrypted up to the point of inconvenience. For me that bar is relatively high. For almost everyone else it is jarringly low.

But fear not: there is money to be made in them thar encryption hills. While politicians grumble about Manhattan Projects, we can make nuclear reactors in our back yards and sell or give them away. I love GPGTools, for example, because it plugs directly into my mail app and offers a single-click option to control my mail. Apple offers full disk encryption at the press of a button. Sucuri offers a free way to secure my WordPress instances and tell me what exactly I’m doing wrong. When I need to chat securely I fire up Zendo rather than iMessage. And that’s just the beginning.

Offer me a way to encrypt webmail messages. Offer me a way to encrypt FaceTime and Skype. Offer me a way to encrypt text documents as I write them. Make me feel like Jason Bourne and raise the level of convenience to a higher threshold. Instead of snorting on Twitter about the NSA maybe we can start encrypting our Tweets? Instead of chortling about the failure of privacy on Facebook maybe give me a way to encrypt my messages on Facebook messenger? Bolt strong encryption onto the tools we use instead of creating a sub par messaging apps that purport to be slightly more secure than IRC. Because open and free encryption exists but it is confusing and hard to use. And we technologists won’t educate everyone how to use it. The key is to show not tell and we show best by offering simple tools that do amazing things.

I wouldn’t encrypt my disk if Apple didn’t make it easy. I wouldn’t encrypt my mails if there wasn’t a button to do so. I’m a bad Internet citizen, I know. But I’m no different than millions of others. I have never had a pressing need to encrypt my communications. That said, I’m sure this lackadaisical attitude will come back and bite me and I’m ready to take the plunge. Your next startup project can address these needs and, rather than trusting the government not to bang on our back doors, create something that has no back doors. When we raise the bar of inconvenience we help the world grow, improve, and stay safe. It’s the least we as citizens and encryptors can do. The Internet needs us.