The essential guide to encryption: What is it and how to do it
Data protection and encrpytion is a hot topic in the news, what with the government threatening to ban encryption in the interests of national security and the nasty WannaCry ransomware causing widespread chaos. But there are plenty of non-criminal reasons to encrypt your data, and protecting your files, messages and browsing habits from prying eyes needn’t mean you’ve got something to hide. After all, it’s nobody else’s business what you say and do on your PC, phone and on the web.
In this data protection special, we reveal the best free ways to protect your data, encrypt everything in your digital life, and explain why you might want to do so. We look at how to secure your communications; encrypt files and folders; prevent anyone from spying on your browsing (and that includes your ISP); and protect all your devices.
We also look at the controversy currently surrounding encryption and examine how it actually works.
Data protection: Encryption FAQ
What is encryption?
Encryption is the process of encoding messages and information so they can only be accessed by authorised parties, usually via a key that’s generated using an algorithm. The encrypted data can only be decrypted by another party in possession of the key.
Are there different types of encryption?
The two main types of encryption are symmetric and asymmetric: symmetric uses the same key for both encryption and decryption; asymmetric uses a combination of a private and a public key. The private key is kept secret by the owner while the public key is shared for anyone to use to encrypt messages – PGP (Pretty Good Privacy) is one of the most widely used public-key encryption methods. Data encrypted with the public key can only be decrypted witha corresponding private key.
What is end-to-end encryption?
End-to-end encryption – as used by messaging services such as WhatsApp and iMessage, as well as online banks and security companies – is asymmetric. It is commonly used to prevent third parties from intercepting and reading sensitive and private data because it virtually eliminates the risk of messages and documents falling into the wrong hands. Anyone who intercepts the encrypted data without the private key will only see gobbledegook or nothing at all.
What are the arguments against encryption?
Following the Westminster terrorist attack on 22 March, it emerged that Khalid Masood had used WhatsApp seconds before carrying out his crimes. Home Secretary Amber Rudd was frustrated that the intelligence services were unable to access his encrypted messages to search for clues, and she called for tech companies to include ‘backdoors’ in encryption, saying: “There should be no places for terrorists to hide”. This led the Guardian to criticise her “hazy grasp” of the technology. Rudd repeated her call to weaken encryption services after the London Bridge attack on 4 June, suggesting her grasp still hadn’t improved.
Are such backdoors possible?
No. Encryption is binary, so either something is encrypted and therefore secure from everyone, or it’s not. There is no in-between. WhatsApp’s end-to-end encryption is there for a reason: to prevent cybercriminals, hackers and snoopers from seeing what users are sending each other. It’s so effective that WhatsApp itself is unable to see the content of messages.
The only way to break encryption by introducing a ‘backdoor’ would be to ditch the encryption altogether. The only other option is to ban all services that use end-to-end encryption, but this would only drive terrorists and criminals to find alternative tools.
Why don’t more companies use encryption?
That’s a question for those companies to answer. The technology is certainly there. Even Google, which is increasingly forcing websites to use encrypted HTTPS connections or else slip down its search results, only encrypts your Gmail messages on its own servers and not during transit. Similarly, most Android devices aren’t encrypted by default, whereas all passcode-protected iPhones and iPads are. Indeed, Apple caused controversy last year when it refused to let the FBI gain access to a password-protected iPhone belonging to a gunman.
How do I ensure that my data is encrypted?
Well, that’s the purpose of this essential guide. Most encryption tools are free and very straightforward to use, and we’ve rounded up what we believe are the very best available. It’s surprising how much content – both on the web and on your PC – remains unencrypted, when it so easily could be, so we hope the advice in this feature helps to put your mind at rest about keeping your data secure and private.
Can I encrypt anything?
Just about, although some websites limit the use of third-party encryption tools. We think you’ll be pleasantly surprised at all the different types of data that can be encrypted nowadays. Naturally, we’re not encouraging you to encrypt other people’s files without their permission, which would also require devious malware-writing skills!