Do you use Gmail? If you do, you might have noticed a new addition to some emails you’ve been getting – a small red padlock in the upper left-hand corner of the email, right under the sender’s email address.
Is this red lock indicating that the sender has gotten hold of some new emojis and could use to place them more sparingly? Not exactly. This red open padlock indicates that the email that you are reading was sent without encryption.
Encryption is a hot topic nowadays. It sure does seem like it’s up for debate wherever you turn – from news outlets to Twitter, encryption has become a paramount issue of our times.
And surely you know a thing or two about it – Say for example, uh, encryption…. locks stuff. You also know that Apple likes encryption, and in fact, they are willing to go to huge lengths to support and defend it. And then there is the fact that Google also supports the strong implementation of encryption and has publicly announced that they back up Apple’s position. And, um, encryption is driving the government batty, so it must be cool, right? Well, like most things in our brave (not so) new digital world, the issue of whether or not encryption is our best friend or our greatest societal foe is multi-layered and utterly complex. We’ll get to that part a bit later but first, to make sure we are all on the same page, let’s look at exactly what encryption is and is not.
Plaintext vs Ciphertext**
In a nutshell, encryption is the conversion of data and text from plain text (like the text of this post) into ciphertext, or text that appears to be nonsensical mumbo jumbo. This scrambled text can only be decrypted by someone with the correlating key. Here is a pretty rudimentary example of how encryption works:
Let’s pretend I want to send my friend Joe the following message:
“Pizza and beer tonight at Bill’s house”
I’d like my message to remain uncrackable for whatever reason, (okay, really it’s because you’re not invited, no pizza for you) so I could use the following key:
a=z, b=y, c=x, d=w, e=v, f=u, g=t, h=s, i=r, j=q, k=p, l=o, m=n, n=m, o=l, p=k, q=j, r=i, s=h, t=g, u=f, v=e, w=d, x=c, y=b, z=a
It would come out “Kraaz zmw yvvi glmrtsg zg Yroo’h slfhv”. Throw in additional elements such as correlating numbers and there you have ciphertext, albeit, the example is wildly simplistic. The encryption used today on devices, email platforms and websites is highly complex and extremely difficult to crack.
Different kinds of keys
This is where things get really complicated -You might have heard the terms 64-bit, 128 bit and 256 bit – these are all different key sizes and the longer key size, the harder it is to crack. Then there are two different key systems – Symmetric Key Algorithms, also known as Secret Key Algorithms which use the same key to encrypt and decrypt data and Asymmetric Key Algorithms, also known as Public Key Cryptography. This second system uses two different keys, called the private and public keys, to encrypt and decrypt data. This method takes longer to encrypt and decrypt than the Secret Key Algorithm but there is no risky file sharing and the private key is never exposed so this is the preferred method of many security-minded folks
Is encryption good, bad or…. evil?
The answer: Encryption is, generally speaking, a good thing. In terms of conducting secure transactions, sending secure messages and keeping your emails private, encryption is essential to the integrity of your data. Encryption is what allows people to make secured transactions over computer networks while preventing eavesdropping and hacking. This is how we bank online, shop at Amazon.com and store information in the cloud. In these examples and in countless other scenarios, encryption is the key (no pun intended) to the protection and privacy of data. In fact, when devices, websites, and emails are hacked, it’s almost always not because the encryption itself was breached, but rather it was due to a flaw in the implementation of the encryption. All in all, encryption makes the bad guys’ job much, much harder.
Brands like Apple and Google have worked hard to design products and platforms that take the encryption of data super seriously and that’s great. The very fact that encryption is so effective is why the FBI is so peeved about it. They attest that encryption helps bad people “go dark” – or communicate in a way that they cannot access. They want a built-in backdoor which would allow them to access the information they want with the proper warrants.
But building that backdoor would negate the effectiveness of encryption in the first place, allowing any hacker to find and exploit its vulnerabilities. This would be disastrous for the state of digital security all together, not to mention creating a scary precedent. By asking for that back door the FBI would be putting the integrity of everyone’s data, even their own, at stake.
In Tim Cook’s now famous letter to all Apple customers he says:
“In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.”
Okay, now back to that little red padlock on your Gmail account.
On Safer Internet Day, which took place on February 9th, Google began to show the little red padlock to help Gmail users see when emails they have received have been sent with encryption or not. If it shows that padlock, the email was sent unencrypted. It has also started alerting users when they attempt to send emails to a recipient whose email platform doesn’t support encryption. According to Google “Not all affected email will necessarily be dangerous. But we encourage you to be extra careful about replying to, or clicking on links in messages that you’re not sure about. And with these updates, you’ll have the tools to make these kinds of decisions.”
It’s pretty handy that now we know when information has a better chance of being exposed and we think it’s mighty nice of Google to tell us, even if it does make us even more paranoid when we see that little red padlock. It’s an also a subtle reminder about the extreme importance of this “little” feature and how it’s been playing a crucial role in our safety even when it wasn’t making headline news. So the next time you get an email bearing that little red padlock, you better hope it doesn’t have your banking information or say anything about grandma’s surprise birthday party.
Oh, and you might want to encourage the sender to switch to something a bit more secure.