Security

Understanding Encryption

By Michelle V. Rafter

Using encryption is like flossing your teeth or getting your car’s oil changed: it might be a hassle initially, but without it you’d end up with a set of hassles that are much, much worse.

Think of encryption as preventive medicine for your electronic life. By encoding the information you put in an email message, an instant message conversation, or on a Website, you’re protecting yourself from identity theft and other potential online ills.

Encryption software keeps digital personal information -- such as driver’s license, Social Security number, credit card numbers, medical records and tax returns -- away from intruders and identity thieves. Encryption can protect that data whether it's stored on your computer's hard drive or in an email. It also protects your information when you buy something online.

To understand encryption, remember the decoders kids used to play with that change one letter of the alphabet into another? Encryption works on the same principle. The process uses complex mathematical algorithms to scramble digital information. Only people or computers with the right software “key” can unlock the information and put it back in the right order. If you use public-key encryption software -- the most popular kind -- your computer employs a unique private key to encode information and sends a public key to any computer it wants to transmit an encrypted message to.

It may sound complicated, but it’s not, says Dr. Larry Ponemon, head of The Ponemon Institute, a Detroit computer privacy researcher and think tank. “The software that has been developed for average consumers is fairly easy to use," he says.

Encryption is here, there and everywhere
Though it seems like something you’d only see in James Bond films, encryption is a part of every-day computer life. You can use it to:

• Store files on your computer. You don’t necessarily need to encrypt all your computer files, but you should protect the most sensitive, such as medical records and financial documents, security experts say. This way, if your computer or laptop is stolen, or accessed by an intruder, they can't see or steal your personal information, such as Social Security number, account information and other data that could lead to identity theft. Software that can encrypt files on a computer's hard drive includes PGP Corp.’s PGP series or PKWare’s SecureZip. Newer PCs and laptops that come loaded with certain versions of Microsoft’s Windows Vista operating system have software pre-installed for encrypting system and user files.

• Scramble information sent in an email or document. Do you email tax returns to your accountant? Do you sometimes work from home and transfer files to and from the office? In either case, you should encrypt email or files you’re sending over the Internet, security experts say. If you use email software such as Microsoft Outlook, the same encryption program you use to protect files on your hard drive can cover email and instant messages too. If you prefer to use Web-based email, you can use a service such as Hushmail, which has a free bare-bones encrypted email service, or a premium service that includes encrypted file storage for an annual fee of $35 or more.

• Shop safely online. Banks, stores and other businesses that sell things or handle financial transactions online use a stronger form of encryption called Secure Sockets Layer, SSL for short. This type of encryption protects the electronic pipelines connecting your Web browser with the computers hosting e-commerce Web sites. If you visit a Web site that uses SSL, the address window at the top of your Internet browser will display “https:” at the beginning of the URL instead of the usual “http.” Other signs a Web site is protected by SSL: a small padlock will appear in the address window or an unbroken key will show up at the bottom of the screen. All are signals it’s safe to type in your credit card number or enter your bank password or PIN number, says Allison Rodway, program director at the Internet Education Foundation, a Washington D.C., non-profit that advises Congress on electronic privacy and other Internet issues.

• Protect your home’s wireless Internet network. Newer models of wireless home networks that connect computers to the Internet come with encryption software, so your neighbors can’t tap into your network or online sessions and steal your personal information. But remember: you have to set the passwords on the network’s base station for encryption to work, says Rodway, with the Internet Education Foundation.

As with other security measures, encryption is only as good as the people using it, says Hushmail’s Smith. “You could have the strongest encryption in the world, but if you don’t use it in a sensible way, it’s useless,” he says.