Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to avoid Big Brother 's gaze

Kenneth van Wyk | June 14, 2013
Deciding on the level of encryption you should be using requires careful consideration.

For encrypting email, you have several options. The Internet-standard S/MIME is the one that is most broadly available across various email platforms. But it's also perhaps the least used or understood. To use S/MIME, you need a client-side email certificate, which can be obtained from any of several commercial services. Enterprises with their own certificate authorities can manage their keys internally, but that option is generally beyond what most consumers are able to do.

As a result, although S/MIME is a strong option, it also usually requires relinquishing key management control to an external organization, which pretty much puts us back at square one with regard to possible eavesdropping on private communications. As a result, I like using S/MIME for digitally signing emails I'm sending, because it's quite easy for my recipients to verify with pretty good confidence that the messages are from me and haven't been tampered with. But when it comes to encrypting mails, I'm less inclined to use S/MIME.

For small to medium-size communities, I generally use PGP, or Pretty Good Privacy, tools. These are available for free as well as in commercial encryption products. I mostly use the GNU Privacy Guard (GPG) tools, which include plug-ins for my email clients. I combine that with a stand-alone PGP app on my mobile devices so that I can view and encrypt data on my mobiles.

The key thing — no pun intended — about PGP is that key generation and management are entirely in the hands of the end user. Although PGP requires a modicum of tech savvy to learn and use, it enables communication with a high degree of confidence, and it puts key management in your own hands. But again, by generating and managing our own keys, I have a lot more confidence that they haven't fallen into others' hands.

Depending on how extreme your privacy needs are, you can adjust how you implement encryption. For example, on most modern computers, putting a stand-alone or virtual machine image onto a USB stick is quite feasible. If you encrypt that USB stick using full disk encryption, you're adding an additional layer of protection to your secure communication system. Next, if you do your encrypting and decrypting only while the secure communication system is not connected to any network, you'll prevent your encryption keys and certificates from straying from your system without your consent.

Several commercial options are also available to encrypt email, voice communications, instant messages, etc. Again, my principal advice with those is to seek systems where the encryption keys are not generated or communicated off your own computer or without your consent.

Yeah, I know: What I've outlined are some pretty extreme measures. Many people will find much of what I've described to be unnecessarily burdensome. Finding the degree of detail that is right for you will require careful consideration of the value of the information you need to keep private and the risks inherent in the environment where you're communicating. We all must come to our own decision, but we shouldn't do so without the careful consideration these matters deserve.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.