Our lack of cryptography is a national security issue. Let's fix it
In the days before modern encryption, businesses would establish codebooks for internal and external communications, to prevent eavesdroppers from understanding the particulars of dealings between businesses. As telegraphs were frequently written down and transmitted multiple times, both brevity and cryptography were desirable; many codebooks acted almost like a second language, shortening entire clauses down to single words.
As teleprinters evolved, stronger ciphers were conceived to encrypt their messages. The Lorenz cipher, used by Hitler for his high command communications during World War II, necessitated the first cryptanalysis of a modern primitive, nowadays referred to as a stream cipher. Ultimately, all it took was a simple mistake (a reused nonce, also called a "depth") to give British cryptanalysts just enough of the keystream to break the cipher and begin reading Hitler's private memos.
Since the World Wars, cryptography has become far more prevalent, and the security requirements of modern cryptosystems have been raised significantly higher as a result. These days, most of our communication is encrypted with ciphers that would take years, if not decades, to break. However, it's still not enough: we lazily leave wide gaps in the mathematical fences that protect our digital lives. Instead of locking our doors and windows, we've left them open, trusting that our neighbors won't intrude into our lives.
The innocent simplicity of building insecure systems led to booms in online businesses and created many of the big names we know and love today. However, we leave too much trust in these young businesses to secure our livelihoods, and we get burned when data breaches occur as a result. When we only trust that our data can never ever be maliciously accessed, we leave ourselves totally unprepared for reality: the reality that our data is maliciously accessed all the time, and the reality that we need to do more than trust. It's time for us to start knowing that digital lives are secure.
The Snowden files revealed a massive global spying operation run by the National Security Agency (unsurprisingly, under the guise of national security). This data collection regime was not only immoral, illegal, and unconstitutional, but also surprisingly easy. Microsoft, Google, and Yahoo didn't even encrypt traffic within their own datacenters until they discovered that the National Security Agency was collecting petabytes of sensitive user data! It isn't the NSA's fault that major internet providers were extraordinarily negligent in the ways that they handle and transmit their customer's sensitive data.
While I'm sure they didn't mean well, the NSA did end up doing one good thing: They freaked everyone the fuck out. Suddenly, the attack that cryptographers had been warning about had finally happened, and the consequences weren't really that dire. Sure, a bomb had gone off, but the bomb went off in the middle of a remote desert rather than near a crowded population center. Really, everyone had dodged a bullet by letting the NSA get to it first.
The NSA's shenanigans booted us into a world where people needed to actually think about who might be eavesdropping, and it is indeed a matter of national security. If North Korean fuckwits can hack power plants and knock factories off the grid, then the resulting impact harms American competition and hurts our interests on a global scale. In fact, it's quite possible that while the NSA had access to foreign government's nuclear networks, other governments could have had access to ours as well.
Sure, pedantically speaking, it's the NSA's job to prevent incidents like these. Unfortunately, since they decided that strengthening national security by promoting cryptography would hamper their ability to spy on sovereign nations, they have made international cryptography standards into their enemy, severely weakening them in the process. These efforts have ensured that the National Security Agency could gain unlimited access to hundreds of foreign institutions but also meant that other states could gain unlimited access to American institutions as well.
End-to-end encryption has a simple premise: Only the people specifically intended to receive a message should have the mathematical ability to read it. End-to-end goes beyond permissions and access control and boils down to a simple principle: if you want to send mail, you should seal the envelope.
The case for end-to-end encryption isn't really about what governments could be snooping around your sensitive stuff: it's about the criminals who could be selling your sensitive stuff. Criminals would love to profit from the unencrypted social security numbers that businesses never actually use, or the unencrypted credit card numbers that they really don't need. It's like furniture on the side of the road, anyone can take it and sell it to whoever. Maybe that leather couch you just saw off Main Street is being sex trafficked to J.D. Vance, in the same sense that maybe your social security number is being sold to some shady folks an ocean or two away.
From a user standpoint, encrypting everything doesn't really even need to be visible. In services like Proton Mail, Signal, or Facebook Messenger, you wouldn't even tell that your data is encrypted end-to-end unless it was in the brochures. If anything, that's a testament to why end-to-end encryption should be everywhere: it doesn't get in the way!
When data breaches happen (and they do happen, a LOT) it's often us, the end users, who get the shit end of the stick. Our identities keep getting leaked, and it's always Americans who need to pay the annual $23 billion-and-counting bill to clean up from identity fraud, while the companies that leaked the data end up paying pitiful fractions of fractions from their bottom line to get the legal headache to go away.
Case in point: when T-Mobile leaked 9.7 million (!!!) identities, they ended up settling for $350 million, three years later, evening out to a grand reward of about $36 per identity. These pathetic miscarriages of justice happen over and over again, and a key reason is that we still aren't putting mathematical padlocks on critical information. End-to-end encryption is about locking your doors at night, rather than just leaving them closed and hoping no bandits check the handle.
Contrary to what politicians would like you to think, privacy is not the ability to hide from the law, nor is it the ability to commit crimes without consequences; it's the ability to communicate with your bank without eavesdroppers, the ability to do business without spilling your trade secrets to competitors, and the ability to sleep with the peace of mind that your identity is safe. Without privacy, cybercriminals would run Wall Street, gangsters could manipulate the federal government, and corporations around the world would be unable to do honest dealings.
End-to-end encryption is the lock we should be putting on our digital lives, and it's no longer just a fad for the paranoid. For the sake of our families, jobs, companies, and countries, we need to start putting it on everything we can. Because end-to-end encryption is mandatory.
I believe Americans deserve legislature that protects their identities and livelihoods from the threats of tomorrow. If you feel similarly, please consider sending this article to your representative, and ask them how they can protect our increasingly digital lives.