UPDATED December 11, 2021 This piece has been updated to reflect the emergence of new technology
Christian Mathews Security Writer
The amount of encrypted data on the web rose by 34% up from 53% in 2016 until 2019. This is according to a report by Internet Trends. So what’s all the hype with encryption and what is an encrypted message?
For one, the answer could lie with the increasing speculation by many individuals that the NSA could be spying on their communication. It could be the government’s directive in the United Kingdom to Internet Service Providers making it a requirement that they keep a record of their users’ activities.
However, the rising cases of cyber-crime have also forced people to find ways to secure their data in this case using encryption.
While some of these actions by governments may be justified or in good faith, the issue arises with the security of the intercepted data.
In most instances, security is not a guarantee since there’s no law governing the protection of such data. This is because it’s not laid out in the open, with citizens having no idea their data is being intercepted.
Just to mention, cases of identity theft, blackmail, and even loss of money (both on the victims’ end and in efforts by the government to contain the breach) are what could happen in the event the intercepted data lands in the wrong hands.
In light of the above, the need for security and privacy afforded by encryption couldn’t be more pronounced. For a bit more indepth research read the book by Gerardus Blokdyk on Data Encryption.
In this article, you can expect to learn more on:
- What encrypted data means
- What encryption means and what it is
- How encryption works
- Why do you need encryption
- And things you should consider encrypting
1What does encrypted data mean?
Encrypted data refers to data that is secured using a cipher, ensuring only the sender and intended receiver of the message know the contents in the message being transmitted.
Suppose you send a message using a service that features encryption, the data you enter (referred to as plain text) is turned into what’s called ciphertext. On the authorized receiver’s end, the ciphertext is turned to plain text that’s understandable using a cipher or key.
2What does encryption mean and what is it?
Encryption is the process to secure data or information being transmitted to be accessed by only certain authorized individuals.
Encryption is what turns the data you enter from understandable plain text to unintelligible ciphertext.
Think of it as part of the “encoding” phase of the communication process.
The “encryption” process ensures only authorized individuals can make sense of the data/information being transmitted.
The main purpose is to prevent unauthorized individual access to the information being sent in the event the communication is intercepted.
3How does encryption work?
The encryption process works by utilizing a cipher or a unique key to turn the data you’re sending from simple plain text into unintelligible ciphertext.
Your communication is transmitted as ciphertext, which makes it almost impossible for anyone without a matching key/ cipher to understand what the communication was about.
As for the cipher, think of it as a key to encrypting and decrypting the message being transmitted.
If properly executed, whenever you send an encrypted message it should be safe from most prying eyes. Most, but not all. More about this is below.
There are two types of encryption methods available:
Public key encryption- this method utilizes both public and private keys in its encryption. The recipient’s public key is used to correctly identify them, then their private key is compared to the public key. If the two keys match, the message decrypts.
Public key encryption is the data that is encrypted by anyone with the public key, however, only the individual with the private key can decrypt the data.
Private key encryption- this method is quite similar to public-key encryption.
It utilizes two keys for encryption and decryption of data. The difference being the two keys are similar in that it gives both the sender and receiver the ability to encrypt and decrypt data.
Remember the mention of “almost impossible”?
Much as encryption provides a decent level of security, if the intercepting party is determined, skilled, and has the resources, they can easily decrypt your communication.
Another factor that may compromise your security and privacy is the issue with metadata.
Encryption secures the communication that is transmitted, but it doesn’t hide your identity. Who you’re talking to and even the time of communication remains unencrypted.
What may surprise you is the amount of information your metadata reveals about you.
Say, for instance, you are implicated in a case. While you encrypt your communication, your metadata still indicates that you communicated with the main suspect almost at the same time the crime was being committed. Additionally, at a different time with a car renting service, which happens to have rented a car to the main suspect.
Not much is gleaned from the encrypted information. However, going by the metadata you can be mentioned as complicit in the crime.
That was an extreme example, but you get the idea of how much metadata reveals about your communication.
So what can you do about this?
- Ensure you turn on end-to-end encryption on the messaging platform you’re using. Some platforms may enable this feature by default, while for others you’ll have to turn it on yourself.
- Always use internet-based encrypted messaging and calling services over phone messages and calls. Phone calls and messages are encrypted, however, the communication is decrypted at the cell tower before being relayed to the receiver. This means the communication can be easily intercepted when it’s decrypted at the cell tower and for some providers, the communication is never even encrypted.
- Ensure the messaging service and its encryption is independently verified i.e. by the EFF. Truth is, most messaging services lie about the encryption they offer, so it would be safe to verify.
4Why would you need encryption?
Anyone that needs to secure their data and communication needs proper encryption on their devices. But it’s not just about securing data. Below are some of the reasons why you need encryption.
- To avoid identity theft. Using metadata together with your Personal Identifiable Information (PII’s) can be easily accessed by cyber-criminals. In this, you just might be a victim of identity theft.
- To protect sensitive information. Depending on your line of work, you may need to have your communications kept confidential.
- Activists and members of suppressed groups find encryption valuable in countering government surveillance.
- It gives you some amount of control. The ability to decide who listens in on your conversation and who doesn’t is empowering to say the least. It just feels great knowing no one is eavesdropping on your conversation
- You deserve privacy. Despite the constant “, it’s for the greater good” rhetoric used by government agencies to justify the need for mass surveillance, you deserve to have your data and communication remain private.
5Things to consider encrypting
Now that you’re up to speed with encrypted communication, here is what you should consider encrypting:
Voice via mobile (calls)
Voice via mobile communications is not in any way secure from eavesdroppers. This is due to one reason, unlike internet-based encrypted calling services, voice via mobile is not secured.
While some may be secured, the most common encryption offered is transport-layer encryption. This means once the data gets to the service provider’s servers or cell towers it is decrypted before being relayed to the receiver.
This loophole makes it easy for would-be attackers or government agencies to snoop on your communication.
End-to-end encryption offered by some internet-based calling services makes it almost impossible to intercept or even understand your communication.
Text via mobile (SMS, telegram, Whatsapp)
Just like voice via mobile, the vulnerability lies in transport-layer encryption.
With telegram and Whatsapp, you can always turn on end-to-end encryption to secure your communication.
Another thing is, all these services are number-based. This means, there’ll always be metadata to identify you with.
To this end, other options offer end-to-end encryption for their messaging services while utilizing aliases instead of mobile phone numbers.
Emails (Gmail, Hotmail, Outlook)
Just like text and voice-over mobile, you need to encrypt your email communication.
Gmail has an encryption option but you have to enable it yourself. You can find out how to turn on hosted S/MIME on google. Outlook works the same way.
Unfortunately, Hotmail does not support S/MIME but it does support PGP/MIME. To encrypt your emails on Hotmail you’ll need a third-party tool to achieve this such as Virtru, Mailvelope, ProtonMail among others.
Video chats (Zoom, Hangouts)
Video chats and video conferencing meetings are other targets for cybercriminals.
This is because they are easy to breach.
To ensure that your communication is properly secured, always opt for video calling services that use end-to-end encryption instead of transport-layer encryption.
6Final thoughts
That sums it up for what is an encrypted message.
Remember, it only serves its purpose if its secure. For this reason, always ensure to go for end-to-end encryption services rather than transport-layer encryption. The less your data is stored by third-party servers, the better. Knowing what firewalls do, how they work, and whether you need one or not, is also important.
If you’re looking for even better security when transmitting sensitive data, consider Steganography. No one will bother intercepting your data if they don’t suspect you’re hiding it in the first place. If that interests you, you may want to know how to encrypt your hard drive, to further keep your data safe.