Encryption is more important today than ever before. We spoke to Klaus Schmeh – cryptography expert, author, and consultant at cryptovision – to find out why it is not being used more widely. Klaus Schmeh deals with the topic encryption almost daily in his German-language blog, the Klausis Krypto Kolumne.
Mr Schmeh, the revelations by Edward Snowden made a lot of users sit up and take notice. Why do you think encryption – for example for email – is still used so rarely?
For one thing, there are often no immediately apparent consequences if you do without encryption. The secret services don’t inform us about whose communications they’re tapping, or what they do with the data. And another reason is that the encryption of emails is often complicated and unwieldy. Who likes messing around with digital certificates, especially when you maybe don’t even understand their purpose? The user-friendliness of the email encryption product s/mail from cryptovision – where I work – has been playing an important role in this for the last ten years. Our success proves the point.
In your opinion, what are the biggest advantages of encryption?
The advantage is that no-one can eavesdrop. Today’s encryption processes are so secure that even the NSA has to lay down their arms. The disadvantage is – as I mentioned – that encryption is sometimes seen as cumbersome. But security is not to a free lunch, and in the end – once you’ve taken care of a bit of once-off preparation – encryption can be almost completely automated.
Our subjective impression is that there are an increasing number of encrypted websites. Do you see that as the right step to take – or even an essential one?
When I input my credit card number, for example, then encryption in the web is not only right, it’s vital. On the other hand, the fact that I’m buying a pair of shoes online, is in itself less critical information. But I need to ask myself whether governmental eavesdroppers really need to know where and when I buy hiking boots, beach sandals or climbing shoes, and whether I want that data to be matched with the holiday I booked online.
What, in your experience, are the most common mistakes in the implementation of encryption?
The biggest mistake is that many make is simply – for the sake of convenience – not to use encryption. I admit that I’m often enough no exception. But when I want to encrypt an email, then the recipient needs to play along and make use of the appropriate software. This is often not the case. But once you’ve set it up, then it’s really simple. I think it’s worth the effort.
Cryptography is one of the focuses of this year’s Internet Security Days (ISD), where Klaus Schmeh and other security experts will be speaking.
Foto © Klaus Schmeh
