Donate

In August 2019, the Internet Society and more than 30 organizations have signed an open letter calling on the G7 leaders to prioritize digital security. We asked the G7 leaders not to require, coerce, or persuade device manufacturers, application, and service providers to:

  • modify their products or services or delay patching a bug or security vulnerability to provide exceptional access to encrypted content
  • turn off “encryption-on-by-default”
  • cease offering end-to-end encrypted services or
  • otherwise undermine the security of encrypted services.

Protect Encryption, Protect Yourself

Encryption is under threat around the world. It’s up to all of us to take action to protect encryption, protect our data, and protect one another.

Use end-to-end encryption. Stand up for encryption. When we weaken or limit the use of encryption, all of us are put at greater risk.

Use end-to-end encryption. Take these actions to make sure you are as safe as you can be.

1. Use end-to-end encrypted messaging apps. Switch to using messaging apps that offer end-to-end encryption, e.g. WhatsApp, Signal, Threema, and Telegram. Some are better than others, so make sure to read the reviews.

2. Turn on encryption on your devices or services. Some devices or services will offer encryption, but not set it as the default. Make sure to turn on encryption.

Encryption can only be as good as the other security tools it relies on, so taking the following security steps are critical:

3. Use strong passwords. Do not just use a default password, a simple guessable password, or a password that uses personal information, e.g. your pet’s name. No matter how strongly your device or application is encrypted, if someone can figure out your password – they can access your data.

4. Keep up with updates. No system is perfectly secure. Security vulnerabilities are always being discovered and fixed with updates. That’s why it is so important to keep up with updates to your applications, devices and services. The update could be fixing a vulnerability and making you safer!

5. Turn on two-factor log-in (2FA). Two-factor log-in adds another factor (like a bank security fob) to your usual log-in process (e.g. a username and password). Adding another factor makes it even harder for criminals to access your data.

6. Turn on erase-data options. Some smartphones and services have an option that will erase your data after 3 or 10 failed attempts. Turn this on to protect yourself from thieves or if you lose your phone.

Stand up for encryption. When we weaken or limit the use of encryption, all of us are put at greater risk. Take these actions to help protect encryption, and yourself.

1. Stay informed. Keep watch of measures that could impact your use of encryption. Is your government introducing legislation that would impact encryption? Is your government mandating that companies provide exceptional access?

2. Inform others. Tell others about the importance of encryption and urge them to use end-to-end encryption.

3. Take action. When encryption comes under threat in your country, we need you to join us to keep it safe. Contact your local leaders and explain why encryption is important to you and to the country. Sign on to petitions, joint letters and other campaigns that support end-to-end encryption.

Global Encryption Under Threat

Criminals can also use encryption. So some law enforcement agencies are concerned that encryption will stop them from getting the evidence or information they need. To address these concerns, some governments are trying to make companies create ways for them to access the content encrypted by the companies’ systems (a practice known as “exceptional access”).

No matter the method, there is no such thing as “exceptional” access. Criminals could discover and use the same way to get in.

How do law enforcement plan to access our data? If law enforcement can access our data, who else can too? And can we catch the bad guys?

How do law enforcement plan to access our data?

Law enforcement has proposed several ways for getting “exceptional access” to encrypted data. These include:

An encryption backdoor, which is change to an encryption protocol, application or service that is supposed to allow authorized third party access to encrypted data. One way to do this is by weakening the encryption mechanisms or the systems supporting them.

The problem: Backdoors can be opened by anyone who finds them.

Key escrow, which is when decryption keys are stored in the custody of a trusted third party for later use by law enforcement.

The problem: Keys can be lost, copied or stolen.

If law enforcement can access our data, who else can too?

Information security experts agree that while backdoors and key escrow systems make it easier for law enforcement to access encrypted data, they make it easier for others, like criminals, to as well.

Backdoors can be opened by anyone who finds them.

Keys can be lost, copied or stolen.

But at least we’d catch the bad guys, right?

Unfortunately not.

Experts agree that exceptional access is unlikely to prevent criminals from communicating secretly.

  • Even if encryption without exceptional access were illegal, criminals could still find tools on the black market, or make their own.
  • Everyday users who comply with the law could be vulnerable to criminals who have discovered how to exploit exceptional access systems.

Exceptional access puts the everyday person at greater risk, while not solving the problem it was intended to fix!

What is Encryption?

Encryption is the process of scrambling or enciphering data so it can be read only by someone with the means to return it to its original state.

Encryption keeps criminals and spies from stealing information.  Although you might not realize it, you rely on encryption every day. It protects you while you browse the web, shop online, use mobile banking, or use secure messaging apps.

So encryption scrambles data, but how? What is end-to-end encryption? How else might encryption impact me?

So encryption scrambles data, but how?

Modern encryption scrambles data using a secret value or key. The data can then be decrypted, or made readable, by using the same or a corresponding key.

For data communicated over a network, the key is typically known by both the sender and receiver, while for stored data, only the owner knows the key.

What is end-to-end encryption?

End-to-end encryption is any form of encryption in which only the sender and intended recipient can read the message.

No third party, even the party providing the communication service, has knowledge of the encryption key.

End-to-end encryption is the most secure form of encryption that you can use. So where possible, always use end-to-end encryption to protect yourself and your data.

Examples of end-to-end encryption communication services include WhatsApp, Signal, Telegram, and Threema.

How else might encryption impact me?

Encryption helps protect your data from being exposed, it also helps you:

  • Protect your data (documents, files, etc.) from tampering;
  • Be sure who you are communicating with; and
  • Sign digital documents.

You don’t even have to use the Internet to feel the benefits of encryption! Encryption has a big impact on the global economy, and your daily life.

Companies use encryption to protect their sensitive information, like customer information, trade secrets, and financial records.

Critical infrastructure, like power plants, use encryption to protect their systems and keep your lights running. 

Automated teller machines, or ATMs, use encryption to protect your financial information from criminals. 

If you look closely, many parts of your life rely on the security that encryption brings.

How the Internet Society and Others Help

Encryption plays a vital role in increasing overall trust in the Internet and should be the norm for all traffic. The Internet Society is working to ensure encryption is available for everyone and is deployed as the default.

See how the Internet Society is working in this area to make the Internet more trusted.

Encryption News

What Is a Man in the Middle (MITM) Attack?
What Is a Man in the Middle (MITM) Attack? Thumbnail
Encryption 26 November 2019

What Is a Man in the Middle (MITM) Attack?

Simply put, MITM is an attack in which a third party gains access to the communications between two other...

Rachel Player Honored by Internet Security Research Group with Radiant Award
Rachel Player Honored by Internet Security Research Group with Radiant Award Thumbnail
Encryption 21 November 2019

Rachel Player Honored by Internet Security Research Group with Radiant Award

Internet security is accomplished by many unsung heroes. People who put their talent and passion into improving the Internet,...

Owning Your Keys: The Technical and Human Side of Encryption
Owning Your Keys: The Technical and Human Side of Encryption Thumbnail
Encryption 5 November 2019

Owning Your Keys: The Technical and Human Side of Encryption

Ever wonder if your next doctor’s appointment will result in jail time? Luckily most of us never have to...

What Scary Movies Can Teach Us About Internet Trust
What Scary Movies Can Teach Us About Internet Trust Thumbnail
Encryption 31 October 2019

What Scary Movies Can Teach Us About Internet Trust

Mad geniuses. Evil dolls. Slow zombies. This Halloween, we’ll see all of these horror film clichés come to life....

Your Day with Encryption
Your Day with Encryption Thumbnail
Encryption 22 October 2019

Your Day with Encryption

How often do you use encryption? It seems like the stuff of spy films, but you might be surprised...

Celebrating National Cybersecurity Awareness Month
Celebrating National Cybersecurity Awareness Month Thumbnail
Encryption 2 October 2019

Celebrating National Cybersecurity Awareness Month

Every October, we mark National Cybersecurity Awareness Month. From the U.S. Department of Homeland Security website, “Held every October,...

Load More