Helping Johnny To Be Free
In The Digital Age
We all know that Johnny can't encrypt. And we know that since the end of the last century, since 1999 precisely.
Why is it that Johnny still can't encrypt in the year 2013?
Is it, because Johnny doesn't have enough money to buy good encryption software? Is it, because nobody did explain how email encryption works in terms Johnny can comprehend? Does Johnny lack the ability to use a computer or is it his ignorance? When using the internet, does he not wish to protect his privacy?
Well, there must be some very different reason that keeps Johnny from not using encryption, because open source, high quality encryption software is available for free for decades. Numerous experts have scrutinized this software extensively by now. The fear to use the wrong software, something with a nasty backdoor in it, is (provably) unfounded.
For decades people have explained the basics of encryption. Numerous times users like Johnny have been told that encrypting an email is not like locking your door. Surely, the matter is complex, but Johnny does not lack the ability to make informed decisions in other areas like his financial and tax affairs, his health and lifestyle, the education of his kids and similar complex parts of life.
And if Johnny happens to run a business he is taking responsibility for a huge pile of complex matters. Why is privacy so different for him?
Why is it that the moment he uses his computer, he turns into a helpless, uniformed and disorientated digital user, that is so utterly dependent on what other people do for him? Of course, Google, Apple, Microsoft, they all tell him that he is an unimportant digital native that has to dance to the tune they decide to choose.
But why does Johnny follow suit?
I can only speculate, why. And I think that Johnny does not realize that he himself has an important part to play when it comes to protecting his privacy. Maybe Johnny waits for the time when encryption "just happens" and others take care of the nasty details he does not wish to hear one single word about.
But others, especially the global digital players, our internet lords, have no intention to make encryption "just happen", because they benefit from Johnny's position as a dependent user that gives away his secret and not so secret personal information in his humble attempt to participate in the global digital environment that we call the internet.
There is an intention to keep Johnny canned, and the internet lords are happy with the position Johnny finds himself in, a position of powerlessness, that Johnny has learned to like.
Escaping The Trap: A Course In Digital Self-Defense
So what can Johnny do?The most important thing he could do - and this would demand a lot of effort and a mind change - is taking as much control over his digital life as possible into his own hand, again. It's deliberately managing his own affairs instead of using the convenient mainstream solutions and handing over control to those who don't act in his interest.
Hard to do, yes. Time-consuming, of course. Impossible? No. A foundation for a better life? Certainly!
Today, Johnny uploads almost anything into the cloud, unencrypted. But he should make a difference between information that is meant to be shared with the public and everything else, which of course must be encrypted. Cloud services are fantastic to help you survive a data loss, but that does not mean you have to throw all your stuff at the cloud in clear text.
And guess who is responsible for making this encryption happen? Johnny of course, because he himself has to make sure that he can recover his valuables after disaster struck him. Guarding the encryption key is poor Johnny's job, nobody else's.
Nevertheless there is no reason why the IT industry should be allowed to make Johnny's job more complex, more confusing, more cumbersome than necessary, and much of the software we see being used does not really help Johnny. But as Einstein once said, we have to make things as simple as possible, but no simpler. And the threshold here is where Johnny's responsibility starts.
Much of what we do on the internet goes beyond securing our own stuff. We communicate, give specific information (sensitive data) to someone else, and we rightly expect this information being handled confidentially, even if the internet is involved. We don't give up privacy just because we use modern technology. It's entirely not unreasonable to demand proper security in the digital age.
By now we - and Johnny - have learned to keep an eye on the browser's address bar looking for HTTPS when we are going to provide sensitive information. That's fine, as long as we do not think that by using HTTPS we have the guarantee that our information remains secure after it has arrived at the server. Today, we take this for granted, but our IT service providers don't tell us anything substantial about the way they proceed with our information. And we have learned to accept this situation, where we don't know much about how our data is being protected online.
So we need to demand proper protection of our data on the server, we simply cannot accept large-scale data collection of clear text.
"Are the experts not supposed to protect my data?", I hear Johnny saying.
Maybe yes, but only if you have made sure that they have to, and if they have been given the resources to do so, and if you paid for it. Don't expect online security to evaporate out of thin air.
How can Johnny be sure that his data is protected? Fortunately, there is a clear sign that cannot be missed. If Johnny has no part in the process, he cannot be sure of anything. But if his data is unusable without his co-operation, if using his private key is a requirement, if the key is not stored on the server, then Johnny has some reason to believe his sensitive data is actually safe on the server, because he himself is part of the picture.
Unfortunately, this creates even more responsibility for Johnny, as losing his secret key puts his data at risk of being unusable at all. At this point Johnny has to decide if he asks the security guy for help to provide a fall-back solution if his key is gone for good. His answer may be no, but it depends on the circumstances, and on what Johnny wants.
It all depends on how much Johnny is willing to take responsibility for his own privacy.
But is there a realistic chance that Johnny begins to grasp the fact that he has to take control over his digital life? Will he (ever) see, that he needs to do something himself and be responsible for the consequences?
I don't know. And unfortunately, that's all I have to say in respect to Johnny for now. For me, Johnny remains a miracle.