Communication over a network, unless strongly encrypted, is never just between two parties

Someone Could Listen

Unencrypted communication over the Internet works a lot like sending a postcard: it can be read by anybody along the delivery route. Communication is routed through intermediary computers and systems, which are connected to many more computers and systems. Encryption, or encoding information so it appears scrambled to anyone who doesn’t know the key, is a way to wrap a postcard in an envelope. While it can never be 100% secure, stronger encryption makes it harder for people to get to the contents.

Our Advice

Use strong passwords and don’t communicate sensitive information unless you know you have a secure channel.

How It Works:

Privacy and security are two different things, but you can’t have privacy without security. With the exception of a single dedicated line between two endpoints, information sent over a network goes through a whole series of hubs and routers and tiers of Internet service providers (ISPs). The default structure for a local wired network is a bus, which is where multiple devices share a single communication line, and the default structure for a wireless network is for multiple devices to share a single central access point. These configurations allow any device in the network to observe all of the information transferred through that network.

Encryption is a way of scrambling communications into a code so they can’t be read by other parties unless they have the decryption (decoding) key. Some common encryption protocols include WEP, WPA, and WPA2 (for wifi), https (for web browsers), PGP (for email), ssh (for terminal connections), and sftp (for transferring files). However, note that all participants in a secure wireless network have the decryption key for that network, so additional encryption may be needed to hide communications from those within your local network. The encryption “strength” is determined by which algorithm is used and the length of the decryption key; the stronger the encryption, the more computing resources someone needs to break it. Using multiple layers of encryption can also make communications safer.

All of these techniques can help, but the security bottleneck is always human behavior! Security can be broken from the human side because of weak passwords, because passwords are stored in insecure places (physical or virtual), or through social engineering like fake “phishing” emails.

What Could Happen? Real-World Stories:

The General, the Biographer, and Unencrypted Email

What You Can Do About It:

Choose What You Use:

  • Learn to recognize encryption technologies and use them whenever you can. For example, if a website offers an option where the URL (web address) begins with “https” rather than “http”, use https.
    • In particular, make sure you are using a secure method to communicate any directly sensitive information, or information like a password that could be used to get to sensitive information.
    • Check to see that that whatever method you use to send email and private messages is using encryption. (Current methods: for web-based email/messaging, check to see if the URL begins with “https”; for a local email-client program on your computer, check your security settings to make sure it’s using TLS/SSL or PGP).

Get the Facts:

  • Make sure your knowledge of current encryption technologies is up-to-date, as encryption is regularly breached, and then new encryption protocols are developed. (For example, the more recently developed WPA2 wifi protocol is more secure than WPA, which is more secure than WEP.)

Keep Account Information Secure:

  • Keep passwords, PINs, and private keys secret; tell them to no one! Only you should ever need this information. If you use a private key, always keep it local to your computer or device; you should never need to transfer it to another user or another device.

How to Better Control Your Privacy — Guides:

10 Easy Ways to Protect Yourself on the Web

Wireless and Mobile Device Safety

Where to Learn More — Related Resources and Educational Tools:

HTTPS Everywhere

A plugin to make sure you use encrypted browsing wherever you can

Public Wi-Fi Networks

An introductory video about using wi-fi safely

ExtremeTech’s Guide

Ratings of some encrypted email services

Cómo usar las redes wifi públicas

An introductory video about using wi-fi safely (Spanish)

What Do You Think? Discussion Questions:

  1. It’s very common for people to send a message or image over the network without intending to; has that ever happened to you?
  2. When you send a message over a network, how does it get from your device to the recipient’s device?
  3. What’s the difference between private communication and secure communication?
  4. What is encryption, and how is it used?
  5. When is the information you send over a network encrypted? How can you tell?
  6. Who can read your email, other than you and the recipient? Can employees at Google/Yahoo/Hotmail/etc. read your email?
  7. If you use a company or school email account, who can read your email?
  8. Can the government read your email?
  9. Are messages sent in Facebook or LinkedIn secure? Who can see them?
  10. Are files you store in the “cloud” — Google Drive/Dropbox/etc. — encrypted? Can employees of those companies read them?
  11. Can other people using the same wireless network see what you’re doing?
  12. Are text messages and phone calls more private than email?

What People Are Saying — News, Commentary, and Research:

Open Letter to Skype

Google: Don’t Expect Privacy When Sending to Gmail

Here’s Why Your Email Is Insecure and Likely to Stay That Way

Trying to Keep Your E-mails Secret When the C.I.A. Chief Couldn’t

Supreme Court Denies Appeal in Google Street View Case

Read My E-mail? Get a Warrant

Our New Resources for Teachers: "Someone Could Listen"