The need for better encryption has become painfully clear after countless hacking controversies. Sometimes, protecting personal information seems like such a daunting and potentially impossible task that I get overwhelmed and don’t know where to begin. Getting off Facebook or Gmail seems like a drop in the bucket. So it’s about time we get some good news about encryption — and surprisingly, some of that news comes from Google.
Google has recently announced that it supports end-to-end encryption for Gmail — they’re even going so far as to make the source code for an End-to-End Chrome extension available. The plug-in means that only the intended users can read the messages. Data leaving one’s browser will be encrypted, and only the user can decrypt them, and vice versa. This means that, theoretically, not even Google, or the NSA, if they’re tapping into Google’s data, can read the messages. Or at least, that’s the idea behind the plug-in. Where there’s an NSA, there’s a way, but I’m all for making it more difficult for them. The plug-in is in a test phase, but will be available in the Chrome Web Store as soon as it’s ready for mass use.
They’re also including encryption information in their Transparency Report that helps people discern whether their incoming and outgoing email messages are encrypted. According to Google’s data, roughly half of the emails between Gmail and other email providers aren’t encrypted. I’m heartened by this news from Google, though the skeptic in me wonders if it’s more lip service than a genuine desire to protect its users. Either way, it’s better than nothing.
But for those who are looking for more robust encryption than a plug-in can offer, there’s another possibility: time capsule encryption. The Boston Globe’s Jonathan Zittrain discussed the possibility in a recent op-ed inspired by something called the Belfast Project: tapes of interviews about the troubles in Northern Ireland that were recorded and sealed in Boston College’s rare books library with the promise that they wouldn’t be released until the death of the contributor. But once the British government learned about the Project, it demanded access to the recordings and, after a few months, ended up obtaining some of them — and making some pretty hefty arrests based on the information contained within. Such a lapse raises the question of whether we can put information in a time capsule and trust that it will be safe until the appointed time.
To that end, time capsule cryptography may be able to help secure information such that no one can access it until the right time. Technologies used in cryptocurrencies might be useful here; it’s also possible to devise a decryption key that’s split into pieces, such that it takes corralling them back together to unlock the information. Such encryption could help shift the responsibility away from information custodians such as Google or Facebook — if they’re powerless to turn over information, then they can’t be caught between their customers and whatever agency is pursuing the data.
Some people aren’t particularly optimistic about this possibility, however, especially when the NSA remains steps ahead of everyone. But it’s an interesting idea, and when it comes to privacy, we should consider all our options.