Cryptography 101: How to Lock Down Your Data

A few weeks ago, the San Francisco Public Library hosted an event with the Electronic Frontier Foundation, a nonprofit dedicated to fighting for citizen digital rights.  Since Edward Snowden's NSA spying revelations, surveillance and privacy have become hot button issues.

If your organization deals with sensitive information such as health records, confidential reports, or family issues, you should consider encrypting your data. Encryption is something you can easily do to protect your rights as an individual citizen, as well. If that's not enough to motivate you, consider this quote from The Guardian's report on the NSA spying revelations:

"Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with "brute force," and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves. Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software." 

Thankfully, you can take action by way of encrypting your data with third-party software recommended by the EFF. All of this software is free and much of it is open source.

Email

Encrypting emails from the sender to the receiver (also known as end-to-end encryption) is getting easier to do thanks to PGP (which stands for Pretty Good Privacy), a data encryption program.  OpenPGP is the free version of PGP and is the most widely used email encryption standard in the world. Enigmail is an add-on for Thunderbird (an email application from Mozilla) that provides OpenPGP message encryption and authentication to your messages. Lifehacker has a brilliant how-to on email encryption complete with a video. I highly recommend checking it out.

Browsers

You can't do end-to-end encryption for everything, but you can encrypt a lot of your Internet traffic. But many sites make encryption over HTTPS difficult to use. Sometimes sites will switch back to unencrypted or links will be unencrypted. HTTPS Everywhere is a handy browser extension for Firefox and Chrome from the EFF. Adding HTTPS to your browser forces websites to encrypt pages whenever possible.

Chat

When you have a conversation with a client, staff member, or volunteer, you want to ensure that it is completely confidential. You can do end-to-end encryption in chat with off-the-record messaging (OTR). You can use OTR with existing chat services, such as Facebook Chat or GChat (Google). The trick with OTR, however, is that you have to make sure the person you're chatting with also has it installed.  

Hard Drive

Picture it: You're on public transit after a long work day and you accidentally leave your laptop behind. Loss of valuable hardware aside, your laptop is full of confidential data. What if it ends up in the wrong hands? Encrypting your hard drive can prevent anything happening to your data (though it might not get your laptop back).  Here are some free (both third-party and OS built-in) software options for encrypting your hard drive:

• Windows: TrueCrypt,  BitLocker
• Mac: TrueCrypt, FileVault
• Linux: TrueCrypt, LUKS

More Resources

• EFF's Surveillance Self-Defense Guide
• Security in a Box
• Encryption Works
• 10 Steps Against Surveillance 

Are you using any data encryption tools? Is your organization concerned with privacy and surveillance? Please log in and share with us in the comments. 

Image: "I Love My Privacy," Shutterstock