Cracking The Code: Just How Does Encrypted Email Work?

Aug 17, 2013
Originally published on August 17, 2013 2:47 pm

If the past few months have taught us anything, it's that everything we do online leaves a digital trail. While it may seem like there's not much we can do about it, there are some tech companies that are working to obscure that trail a little bit, with a process known as encryption.

Micah Lee, a staff technologist at the Electronic Frontier Foundation who recently wrote a document for the Freedom of the Press Foundation about the encryption process, explains it for Weekends on All Things Considered guest host Don Gonyea. Most of us use encryption in one form or another every day, Lee says, even if we don't realize it. For example, the little padlock symbol on your Internet browser is a version of encryption.

"You know, let's say you're paying a bill at a coffee shop or on some other open wireless network — it means that other people on that same network won't be able to spy on you," Lee says.

But sometimes you want to keep information private not just from outsiders, but also from the services you use.

"Let's say you are sending a private message to somebody," Lee explains. "Maybe, you don't want Facebook, for example, to know the contents of this private message."

In that case, you need to encrypt those messages yourself. So you would use software that jumbles the text, making it look like jibberish. And the person you're sending the message to decrypts it in order to read it.

"You actually have to send encrypted emails with other people who are also using encrypted email," Lee says.

Decrypting messages is tough to do for an outsider or a government, but setting it up is complicated too. It takes a long time and a fair amount of expertise to be able to set it up. And Lee says, "...There's a million things that could go wrong."

For example, someone could just hack directly into your computer and monitor every single key you hit, and even if your messages are private, you're still probably leaving digital information everywhere you go in ways you can't even imagine.

"Let's say that you check your Gmail account on your phone, and your phone checks it every 30 minutes. You're essentially letting Google know what your IP address is every 30 minutes," Lee explains. "And your IP address can loosely be mapped to your location...and so this means that Google just has this information about where you are all day long, all the time."

But though Google or other providers are able to collect this information, it doesn't necessarily mean that they are using that information.

And because this entire process is so complicated and overwhelming, most people don't take additional steps to keep their information private.

"The problem, I think, is that it's just very hard. So it's just the very dedicated nerds that are using it right now," says Lee.

But Lee hopes that one day, those dedicated nerds will be able to make encryption automatic for everyone.

Copyright 2018 NPR. To see more, visit http://www.npr.org/.

DON GONYEA, HOST:

Once again, it's WEEKENDS on ALL THINGS CONSIDERED from NPR News. I'm Don Gonyea.

And perhaps you are listening to the show on a computer or on some kind of a mobile gadget while you check your email. Well, then you probably know that everything we do online leaves a digital trail. That includes all of our communications, sending an email, a message on Facebook or online chatting.

A few tech companies have been working to obscure that trail a little bit with the process known as encryption. But that got us wondering, what exactly is encrypted email?

MICAH LEE: That is a pretty big question.

GONYEA: That's Micah Lee, a staff technologist at the Electronic Frontier Foundation. And he helped walk us through how encryption works. He says most of us use some kind of online encryption every day without even knowing it. Sometimes you might notice a small padlock symbol on your Internet browser.

LEE: You know, let's say you're paying a bill at a coffee shop or on some other open wireless network - it means that other people on that same network won't be able to spy on you.

GONYEA: That kind of encryption happens all the time and pretty much automatically. But what if you want to keep your information private, not just from outsiders, but from the services you use?

LEE: Let's say you are sending a private message to somebody. Maybe you don't want Facebook, for example, to know the contents of this private message.

GONYEA: In that case, you need to encrypt those messages yourself. To do so, you'll need software that will jumble the text, making it look like gibberish.

LEE: The actual encrypted data looks like random data.

(SOUNDBITE OF ENCRYPTED DATA SOUND)

GONYEA: So the person who receives your message needs to be able to unjumble it back into words. They need to decrypt it.

LEE: You actually have to send encrypted emails with other people who are also using encrypted email.

GONYEA: Then you're both on the same page.

(SOUNDBITE OF ENCRYPTED DATA SOUND)

UNIDENTIFIED MAN: Hello. My name is Don.

(SOUNDBITE OF ENCRYPTED DATA SOUND)

UNIDENTIFIED WOMAN: Hello, Don. How are you?

GONYEA: I'm fine, thanks. So Micah Lee says those communications are very difficult to decode for an outsider, even for a government. But it just takes a long time and a fair amount of expertise for people to set that whole thing up.

LEE: And then also, there's a million things that could go wrong.

GONYEA: For example, someone could just hack directly into your computer and monitor every single key you hit. If all this sounds overwhelming, Micah Lee says you're not alone. Most people don't take any additional steps to keep their info private.

LEE: The problem, I think, is that it's just very hard. So it's just the very dedicated nerds that are using it right now.

GONYEA: But he says he hopes some of those dedicated nerds will one day make all of that encryption automatic for all of us. Until then, send email like the whole world is watching.

(SOUNDBITE OF MUSIC)

GONYEA: This is NPR News. Transcript provided by NPR, Copyright NPR.