Published on February 9th, 2015 | by Dr. Jimmy Wall0
Why Alice Should Shove Encryption Down Bob’s Throat
The new, fashionable claim is that privacy is dead. Which is understandable. Even I have made this claim.
As it is close to two years since we learnt that the NSA is keeping a very close eye on everyone connected to the Internet — especially if they use online services located in the United States. Yet there seems to be a collective ‘meh’ when it comes to privacy, even if we have a number of options to guard our privacy.
Also, any uproar regarding encroachment on privacy tends to be short-lived. I’ve lost count of how many times people have been upset with Facebook and how they approach privacy. People still use it and share whatever they think is interesting about their lives.
When I received an email from Whiteout, a service that provides end-to-end encryption for email, I came across an interesting piece they had written about the difficulty of making people use encryption titled Why Alice has a problem if Bob can’t encrypt.
They first make the argument that encryption should be usable for Alice. That she should be able to use it with ease, keeping the entry-level bar set low, which is something I agree with, but only to an extent.
Their second argument is that Bob, Alice’s friend, should also be able to access encryption without feeling like some kind of tech guru. Again, meaning well, but that is only half the problem.
There are ways to encrypt your communication, and to be honest, the bar is at a comfortable level for those who want to use encryption. You really don’t need to be a tech guru to use encryption. Although, it wouldn’t hurt to make it more appealing.
Or maybe it should be forced feature?
To be honest, the issue isn’t that using encryption software is too hard to use. It’s that a lot of people don’t think they need it. This forces us back to square one again, not bothering with encryption, resulting in the irony, that when another privacy breach happens, people will be up in arms about how their privacy isn’t guarded properly, but only for a short period of time — as we see with Facebook.
Privacy is one of those weird things that is deeply affected by what is called personal responsibility. That of course doesn’t take away the obligation of governments to guard citizens’ right to privacy — the right to be let alone.
Here’s the kicker. If you don’t feel you can rely on the government to guarantee your privacy, you have to take actions into your own hands – not sit on them, complain ad nauseam and wait for someone else to do it for you.
White Out’s suggestion that by making encryption easily accessible to Alice, it will also makes it easier for her friend Bob to use it, too, forgets that Alice also needs to be convinced that encryption is important. And as I’ve experienced myself, if someone doesn’t want to use encryption, they’re not going to — unless they’re forced.
If Alice wants to use encryption, she shouldn’t hope that Bob will also use encryption. Instead she should shove encryption down Bob’s throat. Send him an encrypted email without asking him if he wants, or can, use encryption.
If Bob objects, well, then maybe he’s not worth communicating with.
“Thank you Bob, that is why we can’t have private conversations anymore, because you’re a lazy, selfish bastard!”
“Great, you killed privacy, Bob!”
Both scenarios can easily be labelled as wishful thinking tho. The first assumes that as long as you make encryption easy, most people will adopt it. The second assumes most will adopt encryption if they’re forced.
The first scenario fails because we’ve become lazy. We don’t really care about privacy anymore. We’ve given in to convenience. We’re unaware of the history of Stasi and blindly believe this will never happen nor is going on right now on a global scale. The thing is, governments learned from Stasi, that they need to keep an even tighter lid on their surveillance. Also, they’ve learned that in this day and age no one cares about privacy anymore — looking at you Bob.
The second scenario can have a greater success rate. Not so much if people started forcing each other to use encryption, but if software or services were shipped with encryption as a default feature, a feature you could not opt out from. So it’s kind of up to software developers to fix this.