Rhodri Marsden: Use email encryption services? The trouble is, we can't be bothered

 

Rhodri Marsden
Saturday 26 April 2014 09:30 BST
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

When I was a boy I was given a fantastic book called The Knowhow Book of Spycraft. This hugely important volume did an excellent job of persuading young men and women of the importance of secrecy and stealth, with evocative illustrations of men in dark coats and sunglasses covertly passing notes to one another through shrubbery. For a whole summer, I found myself leaving bits of paper for friends at carefully allocated drop points, informing them of crucial nuggets of information.

The bits of the book dedicated to coding your messages, though, I wasn't that bothered about. I remember one tip involved writing a message in lemon juice and the recipient holding the piece of paper over a candle to read it. It just seemed like too much of a faff. My secrets didn't seem worth encrypting.

For years, I felt the same way about email. When I send a message to a specific email address, I figure that it'll be opened by the person who owns that email address, and even if anyone else did stumble across that message, it's unlikely that they'd be interested in the contents. I knew about methods of email encryption such as PGP (Pretty Good Privacy) and GPG (Gnu Privacy Guard), because I occasionally saw the email signatures of people who cared deeply about such things; they'd include a public key that you could use to send them encrypted messages. But rather like the lemon juice, dealing with the various keys and additional processes all seemed too much like hard work. I reckoned that the people who emphasised its importance were at best excessively geeky and at worst ridiculously paranoid.

But this thinking seems to be slowly changing, not least in my own head. The revelations over the past few months about the surveillance programs of the NSA have prompted people to toy with the idea of encryption, not necessarily because they have something to hide, but merely because they have something to type and find the idea of unauthorised interception slightly unappealing. When stories of the kind revealed by Edward Snowden have emerged in the media, some encryption services have seen spikes of interest in their products, and that's a good thing for privacy in future; as systems such as PGP or GPG rely on senders and receivers having the same encryption and decryption tools at their disposal, they are only as useful as the number of people using them.

But could encryption be made easier, perhaps to the point where we can actually be bothered to do it? This week, the website Venture Beat quoted a source at Google claiming that research is under way to "improve the usability of PGP with Gmail". This piqued my interest, for a bit. The idea of all my email being encrypted with a single click and unreadable to anyone except the intended recipients – not even Google! – held a very strong appeal.

But then I realised that the aforementioned faff, a lack of ease of use, is almost a necessary part of encryption systems. All the coding or decoding should happen on your computer before the email is sent or after it's received; as soon as you make it part of the system, with public and private keys stored for convenience in the cloud and "protected" by a password, you've made the whole point of encryption redundant. Convenience and encryption will never make easy bedfellows; that's why I still don't my write letters in lemon juice. (Don't tell GCHQ.)

twitter.com/rhodri

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in