Thursday, February 11, 2010

Encryption should be built in.

Why has encryption not become part of the base operating system for the most used systems out there?  If you are not aware of applications like Pretty Good Privacy or the free alternative GnuPG, Google them. I highly recommend getting and installing one.

Why is encryption needed? Well there are obvious uses (preventing other people of reading your documents or email, unless they are the recipient). Here are two real life examples where having an encryption system would be beneficial. A while back, I had a problem with an insurance policy. I emailed the company and they were very good about getting it straightened out, but in doing that, they emailed another company and cc me. I was horrified by the fact that my Social Security number was in the email. In another case, I did some part time work for a friend. He asked for my ssn to fill out a 1099. We exchanged public keys and I emailed my number to him.   Since only he and I can unlock that document, I worry about it a lot less.

I've worked for companies that deal with personal information. The current work around for this problem that I've seen is to upload the email that contains the information to a website and emailing the recipient a URL and a password to access it. In my opinion, this is a very cumbersome solution.

What I would like to see? Encryption built into the operating system. When you install (or launch for the first time for pre-installed systems), the system could generate a private and public key on the spot. Apple could upload the public key to the users account automatically. Microsoft could build a keyserver overnight (or buy one). Ubuntu can use GnuPG's servers. All the major email applications already have plugins for both PGP and GPG (gets confusing to type, but those are two different products). It would not take much for the vendors to incorporate the ability to lookup someone's public key, encrypt a message, or even just sign a message.

Signing a message brings up an interesting solution. If users begin signing their emails (signing proves that a document comes from the person sending without alteration. It will show the name of the signer and if the document has been changed in transit). If the signer does not match the sender, the email can be flagged. If the signer is in your contacts list, the email can be trusted more than others. It would make it easier to spot spam or phishing emails. We can start doing that now, with the downloads I've already mentioned, but most of your friends, and certainly your mother, are not going to download them, set them up, and start using them. If they are built into the operating system, it much more likely for people to start using it.

One issue to be solved is the online email programs. It would be simple for Google, Yahoo, and others to use the encryption keys on your computer to encrypt and sign email, but you would have to have those keys on every computer you use to send and receive email. That's not feasible. The other solution is to upload your private key to your email provider. That's should make you stop for a second, and probably reject the idea. But think about this; they already have access to all your unencrypted email now. If you had two sets of keys, one on your personal and secure computer, that you had people encrypt stuff you are just rightfully paranoid about and a set that you upload to your provider. You wouldn't be able to read the stuff sent with the extra ultra super secret key on another computer, but that's why it's extra ultra super secret. In most cases, your provider has a lot more on it's mind than snooping through your personal email (and if your trying to hide stuff from the government, give up).  If your key gets compromised, regen a new one and upload it. Heck, I suggest doing that every 3 months anyway.  Set the expiration date for 3 months and generate a new key quarterly.  That way if you lose the private key (hard drive dies, etc), people will stop using the old one after a while.

Google, please be one of the first and build this into Android. Thanks.