Why encryption?

Part 2 of Science writer Marc Richly's series on encryption

Photo: Alking2002 , CC-BY-SA-4.0

by Marc Richly
on 20 May 2022

in Issue 1801

Let us quickly run through encryption in a communication setting: When we communicate, two types of data are encountered: content data (“Hey happy birthday today, Alicia!”) and metadata (Bob sent to Alicia, May 20^th, 12:37pm, location: South Kensington, battery: 54%...).

End-to-end encryption (E2EE) means that content data can only be read by Alicia and Bob, not by any other person or the communication provider (such as WhatsApp, Facebook Messenger etc.).

Nonetheless, metadata is key for companies and governments to run analytics. One can derive very detailed social networks by looking at who communicates (how often, at what time etc.) with someone else. For instance, a high frequency of messages, particularly at night, might point to a partner, while messages during 9am to 5pm might be tied to co-workers.

Using metadata in this manner, it is relatively easy to understand who one’s close contacts are. This basic information is already valuable, even if third parties do not have access to the messages themselves (content data). If companies know your friend just bought a MacBook, this could also be interesting to you and showing Apple ads may be especially valuable (called collaborative marketing).

In our society, there are three major groups that have interests in the digital space: criminals, governments (with its police/intelligence services), and companies.

I) Criminals

Cybercrime is on the rise, and it is natural that we want to protect ourselves from it. It is estimated that by 2025 global cybercrime will cost $10.5 trillion in damage annually. To put this in perspective – comparing the cost of cybercrime to GDPs would place cybercrime right behind the two biggest economies in the world, USA and China.

Cybercriminal activities can range from phishing emails (e.g. fake emails from your bank that ask for your PIN), to ransomware attacks (the criminal steals your data and asks for a ransom to unencrypt it), or using data leaks to gain username/password combinations for different services.

Best tips to protect yourself personally: use passwords only once per service (use password managers to keep track), activate MFA – Multi-Factor Authentication, keep your software updated, and encrypt your data – so that if your device is stolen, your data cannot be accessed.

II) Governments

In an increasingly digital world, governments are pushing for legal access to more of our data, in order to fight crime more effectively. Last week, remarkable news broke that the EU plans to build backdoors in E2E encrypted communication (used by WhatsApp, Signal and Co.) – to better investigate child pornography. Despite this, many childcare organisations, such as the Deutscher Kinderschutzbund (German Child Protection Alliance), have said that scanning all communication is unnecessary and disproportionate, as only a tiny proportion of child pornography happens via messengers.

This fires the assumption that politicians use the argument of child pornography to gain more access to data for their own benefit.

Here it might help to distinguish between free (such as UK, USA, Canada), partial-free (such as Singapore, Philippines), and non-free countries (such as China, Turkey). For years, we have seen a quite stable proportion of non-free countries, but an increasing number of countries are becoming more authoritarian. The rise of digital technology may have facilitated this shift – control of the Internet is tempting for governments, as it is an effective resource for owning conversation: Digital surveillance allows to identify and control controversial views and to monitor opposition members.

And in free countries? It is hard to say. To some extent, digital surveillance helps to prevent crime and terrorism (as in all countries). At the same time, it provides democratic governments with more power – and though they may not use it today in anti-democratic ways, they could in the future, for instance, by identifying (and possibly fighting against) opposing views to the government.

III) Companies

Shoshana Zuboff (American Author, Harvard professor) has established the term Surveillance Capitalism. Her argument reads as follows: Companies, in the neo-capitalistic world, seek to maximise profits. Increasing access to data in the past few decades has provided them with a new way to do so.

By analysing data, companies are not only able to better understand customers, but – and this is the crucial part – are able to predict and trigger demand from a specific person. A good illustrative example is Pokémon Go; you might remember the hype in summer 2016 about collecting Poké Balls while walking around with your smartphone. What many do not know is that companies, for instance fast-food chains like McDonalds, paid Nintendo to place valuable Poké Balls in their restaurants. The idea is simple – people walking into a McDonalds to catch a Pokémon are far more likely to buy a Big Mac.

Obviously, the hype behind Pokémon Go is gone today. However, it shows effectively that even behind a fun, free game, companies will go for ways to make money.

And this mechanism also applies when we google or scroll through Instagram’s or TikTok’s newsfeed. Companies show us targeted ads – things they know we are interested in and would buy. This consequently leads to far more effective advertisements – more people are buying the promoted products or services, which increases revenues for companies. Try an experiment yourself, the last time you bought something online: Have you seen an ad before buying these new wireless earphones? If so, would you have bought them if you had not seen the advertisement? Often enough, we would have not. And in those scenarios, our demand was manipulated. It is like parents knowing your favourite sweets – and motivating you to tidy up your room if you want yet another yummy chocolate ice cream. We do what they want because parents know what we want. And today firms know this, too.

Nonetheless, data privacy and security are very important – stay tuned for next weeks how-to guide: What you can do to better protect your digital privacy!