echo ''

Virtru Security Insights

Join 10,000+ Security Professionals Who Receive Our Content Every Month

Privacy is Not a Crime: Why Everyone Needs Email Encryption

May 12, 2015

Is privacy a right everyone should enjoy?

Our national ethos of rugged individualism seems to point in that direction. The Fourth Amendment seems to back this up, protecting us against “unreasonable searches and seizures,” and promising that warrants require “probable cause.” Then again, the Internet wasn’t around when the Constitution was written, and things aren’t so cut and dry.

Section 215 of the Patriot Act, which greatly expands the authority of the government to collect phone records and other communications en masse, is set to expire in June — but some senators are trying to extend it through 2020. When Edward Snowden blew the whistle on programs like PRISM, which gives agencies access to records collected by the likes of Facebook, Google and Skype, it brought the issue of mass surveillance to light. Even if your Facebook settings are tightly locked down, how comfortable do you feel about strangers peering into your private conversations and statuses?

Are We Even Having the Right Conversations About Privacy?

As technology evolves, what constitutes privacy does, too. At one time, privacy might have meant four rooms and a locked door. Now that so much of our lives are recorded on social media and stored on servers in the cloud, it’s becoming less and less clear whether privacy is even possible, let alone a right.

But with the right technology, and implementation of security best practices like strong encryption (including email encryption), privacy is possible. However, the conversation about privacy often includes naysayers who believe that it’s a thing of the past, or even a crime. After all, if you’re logging into Facebook every day to post pictures of your lunch, aren’t you basically forfeiting your privacy? If you don’t have anything to hide, why would you feel the need to use something like email encryption?

Because privacy isn’t a crime, or a means of hiding from the law. Privacy is a basic right everyone deserves. Using email encryption — or simply caring about who can see your data — should not make you a target.

Why Privacy Matters Right Now

It used to be that privacy wasn’t so complicated. It meant being on your own property, in your own house, in a closed room. You could enjoy privacy in your office at work, or to a certain extent, in your car (sure, there are windows, but nobody needs to hear you belting out to Taylor Swift). In essence, unless you were bugged, privacy was a mostly physical matter. Nosy neighbors? Plant some trees, and close your blinds. Your friends or family keep blowing up your phone? Just unplug it.

The Internet changed all that, and it did it incrementally. First, there was email, then chat rooms, then social media, from MySpace to Facebook. Even gaming isn’t private anymore: where once, your PacMan could lose woefully to Inky, Blinky, Pinky and Clyde time after time again in the privacy of your own home, now you can’t suffer an injury on Call of Duty without someone making profane comments about you or your mother.

Think of everything you post on Instagram or Facebook, from social commentary to highly filtered images of the lunch you just prepared. Technically, anyone could use a search engine to determine everything from your political views to your dietary habits. Your friends aren’t just looking inside your brain, but also your stomach.

But it isn’t just the ubiquity of social interaction that makes the Internet so dangerous to personal privacy. It’s also the information we willingly disclose on any number of websites. Feel like buying a hard-to-find vintage item from eBay, or a popular shade of lipstick for yourself or your partner? You could get your credit card stolen. And the personal information we share with various websites doesn’t end with financial data. Have you paid your taxes or applied to college online? Your address, social security number and salary data are now sitting on servers somewhere — servers that can be hacked.

That’s why everyone needs email encryption.

Is Email Encryption Suspicious? When Security Looks Like a Cover-Up

While it’s reasonable to look at data encryption and email encryption as smart measures to protect your individual privacy and security, there are plenty of people who think it’s sneaky business. Despite how much sensitive data we store on various servers around the world, and despite recent revelations of widespread digital surveillance, a recent Pew study shows that 49% of Americans believe that it’s okay for the government to monitor those who use encryption software, including email encryption, to hide files.

And unfortunately, the encryption debate going on in Congress isn’t helping matters. Politicians have reacted to email encryption and data encryption efforts by the likes of companies like Apple and Google by claiming that crimes will be much harder to prosecute, given that the evidence is obscured. To bolster the argument that encryption should require a backdoor, the Department of Justice has been using very charged rhetoric. Encryption can kill a child, they say, or result in rampant upskirt photos. All because encryption, including email encryption, makes evidence harder to collect.

But as Gawker is keen to point out, so do locks on doors.

The idea that people who use data encryption or email encryption are trying to hide something is clearly predicated on the notion that encryption is a matter of secrecy, not privacy. If you’re some film noir villain trying to cover up a murder plot or heist, sure, you should probably use email encryption on all messaging lest you blow your cover. But the idea that we all must sacrifice privacy to make it harder for criminals to send email and files is more than a little outlandish, and it ignores the many risks that normal, everyday email users take when they don’t use email encryption.

The Many Threats to Your Digital Privacy

Everyone needs privacy. Whether you’re the President of the United States, the CEO of a major media conglomerate, the proud owner of a prize-winning blueberry pie recipe or just a regular law-abiding taxpayer with an email account, someone wants your stuff. Using email encryption protects you not only from government surveillance overreach, but also from hackers, nosy partners, seedy business rivals looking to ruin your reputation, credit card scammers and anyone who has a vested interest in your data.

Have you ever sent private medical data to someone — even a note to your mom about a worrisome mole you’re developing on your upper arm, or about your high cholesterol? You may think you have nothing to hide, but the truth is, there is likely plenty of data that you want to keep between you and the intended recipient. Maybe you’ve been working on a novel for years, and email it to yourself each time you make significant progress on your word count. Maybe you’re working on a patent for a game-changing product. You might not have dastardly secret plans, but you probably have secrets. Email encryption can keep them secret.

Plus, anyone with the ability to access your email can easily sew together bits of information to crack into your bank account, or gain enough data to commit medical ID theft. Name of your first pet? Your high school mascot? Given the thousands of emails you have likely sent using your personal account, there’s a good chance the answers to your security questions are buried somewhere in that inbox. If you’re using email encryption, that puts another wall between you and the hackers.

No, Mark Zuckerberg. Privacy is Still A Social Norm.

In 2010, Mark Zuckerberg infamously proclaimed his belief that “Privacy is no longer a social norm.” Of course, as CEO of Facebook, which mines statuses and messages to serve up creepily accurate ads to users, Zuckerberg has a vested interest in people deciding that privacy is no longer important to them.

And unfortunately, he’s right in a way. Social media and being constantly plugged in have inured people to the idea that their thoughts, feelings and actions are no longer private. Need proof? Visit any public page for a company or political organization and see how candidly people express themselves, right next to their full name and photo. This despite the occasional reminders that plenty of people have been fired due to unwise tweeting. (Note to any tech hire hopefuls: you might not want to use Twitter to publicly muse over whether hating the work is worth a “fatty paycheck.”)

So maybe it isn’t that people don’t value privacy or consider it a social norm — it might be that with the constant incentives to share, we’ve forgotten what privacy is. At least until it’s too late.

With Privacy, the Onus is On the User

As it turns out, people pay plenty of attention to privacy, but only when they lose it in a dramatic way. Even then, many argue that the inherently insecure nature of our digital lives somehow falls on the victims of data theft. Consider, for example, 2014’s infamous iPhone hack that resulted in the leak of celebrity nude photos. All of a sudden, iPhone users were confronting the fact that their devices and software weren’t as secure or private as they may have thought. But of course, in response to the mass privacy breach, people asked “Why were they taking those photos in the first place?” instead of, “Why isn’t this technology safer?”

Because the technology we use every day isn’t de facto private, we frame the privacy conversation as though it’s up to the user to make privacy work, as opposed to the technological paradigm. As opposed to building privacy into the devices and software and networks that govern our modern lives.

The Challenge of Privacy

Let’s address the elephant in the room: in the 21st century, is privacy even possible? The answer is yes, but only if you know what you’re doing, and have the budget to do it.

If privacy were completely incompatible with technology, those selfsame agencies that collect phone and email records would be in a lot of trouble, as would corporations. Despite the fact that high-profile data leaks do happen (see also: the 2014 hack of unclassified White House email servers or the infamous Sony Pictures hack), privacy and secrecy are the cornerstones both of good intelligence policy and of corporate intellectual property protection. The technology and the expertise are there, but it’s a matter of investing smartly and implementing policies consistently and correctly.

That’s all good for a business or government agency that can afford sophisticated firewalls, industry-renowned security officers and 24/7 data center monitoring. But what about individual users? Beyond using technologies like email encryption, what can can the average Gmail or Facebook user do to maintain optimum privacy?

And if these powerful corporations and government entities with thick security budgets can still get hacked, what chance does a private user have?

Opting Out Isn’t an Option

Of course, some would suggest that the solution to our technological privacy woes is simply to unplug. And while many of us have harbored fantasies of pulling a Henry David Thoreau and living in the forest for a few years, it just isn’t possible to live in and interact with the modern world without being connected. You could ditch your smartphone, but you wouldn’t be able to read work email or call your children during emergencies. You can withdraw from social media, but you would be missing out on contemporary culture and interaction. We’ve reached a point in social media where participation is more or less obligatory, unless you choose isolation.

And the fact is, unless that’s something you really want, you shouldn’t be forced to. There’s no reason that we can’t optimize the technology and platforms that conduct the orchestra of modern living for greater user privacy.

Privacy vs. Convenience

So to recap: privacy is a right, not a crime, but it’s also very difficult to achieve if you don’t have a security advisor on it 24/7. What can individual users do? What is the price of privacy?

One of the main issues holding us back is that while the technology exists to protect user privacy, it’s not convenient to use. While we like to think that the younger generations who have grown up using computers and the Internet their whole lives are so tech savvy that this stuff is intuitive, that’s really not true. People young and old can barely figure out Facebook’s privacy settings, let alone PGP email encryption.

Even if people do use enhanced privacy features, it’s usually at the cost of convenience. Facebook lists are time intensive and unintuitive to set up. The Gmail security checklist can feel long, and not everyone knows about it. And let’s face it: if millions of people still use passwords like “123456” and “baseball,” it’s easy to see that most users aren’t willing to give up convenience for privacy.

The solution to this conundrum, of course, isn’t full exposure and no privacy, but it also isn’t constantly running from the threat and sinking effort into making sure you’re always using your technology safely (basically, constant paranoia). The answer is to make the technology that we’ve incorporated into each facet of our lives de facto safe.

Where Privacy Meets Convenience

While users should always be aware of the privacy implications of the technology they’re using, the onus shouldn’t be on them to make that technology safe. This is where tech companies and startups can lead the way in creating a new privacy paradigm. Instead of having to go through complicated matrices of menus to configure your privacy settings, the software and hardware you’re using should not only be safe right out of the box, but should streamline the process of customizing your privacy settings.

That’s why at Virtru, we’re looking to disrupt the privacy industry by making data-centric email encryption as easy as flipping a switch. Without any add inconvenience, you can protect your email privacy by downloading a free browser add-on, walking through a quick tutorial and clicking an on switch. Within minutes, you can enjoy safer, more private email. Because Virtru works with the provider you’re already using, there’s no adjustment period, and the experience is seamless. To see how simple email encryption is to use, download Virtru today.

Email encryption — and privacy in general — isn’t a crime. Everyone is entitled to privacy and security when using the technology required for modern life, and that technology should be convenient and easy to use. One of the best ways to sway public opinion and turn the tables on the encryption debate is to simply start using the technology, and spread the word! If enough users make their voices heard, maybe fewer people will ask, “Is privacy obsolete?”

Instead, they’ll be asking, “How can we make privacy more convenient?”