Today I watched Eric Snowden’s address at SXSW, transcript. It was a very interesting discussion. One of the more interesting and recurring themes mentioned as a way to protect personal data is called Encryption. It dawned on me that some people may not know what this is, so I’m here to explain!
There’s a whole lot of information that we don’t want other people to see, such as:
Social Security numbers
Sensitive company information
Encryption is the process of encoding (or making secret) information so that only the person (or computer) with the keycan decode it (HowStuffWorks). While there are many ways to encrypt information what I want to focus on the easiest way to tell if a website you frequent is encrypting the information you provide. The way to tell is with HTTPS (Hypertext Transfer Protocol Secure ). It describes HOW websites should transmit data.
Let me give you an example – You open your browser and head over to your bank’s website, say Chase. When you get to the site, you enter your username, password and click on the button that says Log In.
What happens to the information (username, password) that you entered? How do we make sure that no one can easily intercept (or hack) the data and log in to your account later?? As mentioned earlier, the HTTPS protocol mandates that this information be transmitted in a secure way… For the sake of this post, you don’t have to understand any more details than that!
What I want to focus on is how you can tell if a website you frequent is following the HTTPS protocol. That’s important because if you log into a site that does not use HTTPS, it’s like the equivalent of writing your username and password on a postcard and mailing it for the entire world to see (Slashdot). The simplest way is to look at the browser bar – you know, where you typed “chase.com”. If the site is using one of many encryption methods, you will see https://www.chase.com/ instead of http://www.chase.com/. Go ahead and try it out on your favorite sites…
So, you may be asking to yourself… “If HTTPS is more secure, why doesn’t every website use it?” Well, that’s because it’s expensive and requires more processing power (computer hardware). Or you be thinking, “Why doesn’t someone mandate that personal data always be transmitted in this way?” Queue Congress and the NSA! …
I just want you to be AWARE of the situation. If you are asked to make a payment on a website and you don’t see HTTPS in the browser, politely decline! If there’s a new, hot social media site that you want to join that utilizes your personal information and you don’t see HTTPS, think again!
Now, I hate to burst any bubbles, but encryption algorithms CAN BE HACKED. In the case of Targetand the recent credit card debacle, they actually were encrypting credit card data and pin numbers. The problem is with the method of encryption they used. And yes, you can combine more than one encryption method to make information transmission more secure. It would be sort of like using a key to lock your doors + having a dog + setting your house alarm before you leave for work each day (yes, someone can still break into your house, but AT LEAST you’ve taken measures to protect your assets.) Just keep in mind that the method and approach is currently left up to the individual business or entity.