The best way to ensure that your messages won’t be read by unwanted persons is to use encryption.

There may be many reasons why you are not using encryption. These three springs to mind:

  1. I have no information worth encrypting
  2. Only criminals hide information, and I am no criminal
  3. I lack the knowledge to use encryption
  4. I lack the tools to use encryption

The number one on this list is the most difficult to crack. If you don’t have an incentive to care for your messages, there is no need to go further down the list.

As governments increasingly focus on fighting organized crime, transparency is what they want from you. The law-abiding citizen. We are all law-abiding citizens.

Until we are not

Let that sink in for a while. Who’s to say you are law-abiding? Who’s to say you are not? If you steal from the supermarket it’s obviously against the law no matter where you live and under what governmental laws you are ruled.

Consider the following.

You send a cookie recipe to your grandma. You sign off by stating that everything is fine and dandy and wish everyone is well. And some off-comment regarding the state of the nation. In the spur of the moment this is nothing to get upset about.

Fast forward a couple of years. There has been some civil unrest with devastating consequences. By some sheer coincidence, people that match your age, gender and occupation has been identified as the culprits. All available data is indexed and searched in massive data centers. With the increased benefits of automating this using AI a huge amount of data can be processed in a short amount of time. Companies that hold communication, including your emails, contribute with their files.

You are a law-abiding citizen. With a passport issued by the government. Your work contract is centrally stored. All your emails are stored in the clear at the mail-provider. Naturally all this is made available for the crisis team that conduct the searches. Your message to grandma implicates you because of your hateful comment about the government.

Naturally, it will be revealed that you are a law-abiding citizen when you are summoned for the interview at the police station. The comment was just an expression of your mood that day you wrote it five years earlier. You may even have forgotten you wrote it. And most crucially, you had nothing to do with the civil unrest.

In the best of worlds, you would be right. But if not?

The off-handed comment could be the missing piece of the puzzle that is used to build a case against you. This could mean you are arrested with the consequence of loosing your job, even if it turns out you are innocent. By creating as small a puzzle as possible and hide the pieces, the case against you is harder to create. Using encryption enables you to hide the pieces. Sending messages in the clear leaks pieces all over the place. With enough pieces the puzzle can be huge, and framed in a way that suits in whatever way some culprit wishes.

This is why it’s important to understand that everything you say and do online will be stored forever. Well, forever is an exaggeration. But probably longer than you live. And for you that is the same as forever.

I must at this stage be very clear, that I don’t condone any kind of criminal activity. I only bring it up since it’s the number one complaint against encryption, and it’s a topic that is hard to avoid.

Over time civilizations and nations change. The political climate can be to your benefit, or it will not. At best of times it will be as it’s always been.

I urge you starting right now to take ownership of your information. All information that can be related to your person must at all costs be protected. Naturally, to control all your information is impossible, but it’s better to hide a small amount than none at all.

This is where encryption is ONE possible solution. It’s not THE solution. In your toolkit for online privacy it’s sufficient enough to get you started.

Number two on this list is in some sense true. A criminal is encouraged to hide information if he/she doesn’t want to get caught. Even worse than being caught is being a snitch. Being a snitch is the worst kind of situation you can find yourself in. Organized crime is all about trust and loyalty. Loose either and you are in serious trouble.

By bundling you with criminals is power language by those that oppose you trying to protect your privacy. This is something you will encounter from time to time. Which is why this is not something you are open about and discuss with non-intended recipients. You have to structure your life into two parts. The open and the private. It’s not obvious what to put where, but this is something you have to work out for yourself.

If you don’t mind your information it can be weaponized and used against you.

If a criminal uses a road to get to the location where the crime is committed, should roads then be banned?

By banning roads, it will be harder to commit crimes but crimes will not disappear. By banning encryption, it will be harder for law-abiding citizens to hide their information. And by using encryption they will now commit a crime. The question is, will organized crime stop using encryption?

Number three on the list is the lack of knowledge. Probably you have found information, but it can be hard to boil down the essentials.

To help you on the way is a short - simplified - summary of the secure communication process:

  1. You want to send a message to someone
  2. The message is written
  3. The message is encrypted
  4. The encrypted message is sent to the receiver
  5. The receiver gets the encrypted message
  6. The encrypted message is decrypted
  7. The message is read

How do we perform the necessary steps?

I recommend using Kleopatra for encryption and decryption. This is used at the points 2, 3, 6 and 7.

In essence you create your message in the notepad section of Kleopatra and selects encrypt. You select a receiver which makes it possible for only that person to read the message. When they have received the message they copy the encrypted text and decrypts it in the notepad part of Kleopatra.

How you send the message is up to you. You may send the text as a printout in an ordinary snail-mail. Send it as a SMS/MMS. Or even using a fax. Since using e-mail is most convenient this is what we use most of the times.

To encrypt a message you must have the recipients public key. This key is something that you must have. Many sites has their public key published on their homepage. For instance, my public key is published on my homepage on the page security. Organizations that honor your privacy will have a similar setup in place. Let them know you wish for them to honor your privacy if they don’t.

In the “Encryption” part the full name of my public key is available. You download this to your computer by copying the url into the browser window and import it to Kleopatra. This key is associated with public@grymkoll.se, which is the mailbox you send your encrypted message to. All my emails also have an attachment with my public key.

The full public key is:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEZ/jmCRYJKwYBBAHaRw8BAQdAB3ptqUc+tATWmjgrj2RmZvFj3gATip4dTYC0
SSvY0Vu0HUdyeW1rb2xsIDxwdWJsaWNAZ3J5bWtvbGwuc2U+iJMEExYKADsWIQT0
mFcs0EmADMJUPcxvMP7dzcXi6QUCZ/jmCQIbAwULCQgHAgIiAgYVCgkICwIEFgID
AQIeBwIXgAAKCRBvMP7dzcXi6S88AQCleyvLZasZtlgx2o0dQKmHrc+rnrm66le/
lSebBnsYQQEAnJkHqYknaKPAZMRfMy/hLbJQwsK3WfGG9dqp4eOyRgC4OARn+OYJ
EgorBgEEAZdVAQUBAQdAvf9x0WX9H4ClPa1I7ARX/zM5q1BAC+7g4apuV/FWkDID
AQgHiHgEGBYKACAWIQT0mFcs0EmADMJUPcxvMP7dzcXi6QUCZ/jmCQIbDAAKCRBv
MP7dzcXi6Wq5APsF1XYJXZlk8jyEFekp6bxOlX5mCncvElGigrn+waPlFQEAncHV
eCerj8jDIlJtRVN/l2+8sNWVwd8Z/m3G7pqe1A0=
=i7xs
-----END PGP PUBLIC KEY BLOCK-----

How do the receiver decrypt the message? When talking about encryption there is much mentioning of “key-pairs”. The public key is the first of this pair. It is publicly available for anyone to use when encrypting messages. The receiver needs the other key in the pair in order to unscramble the message. Anyone in possession of the private key can unlock all messages that has been encrypted with the associated public key.

These key-pairs are created using Kleopatra.

The private key must be protected. This is why using a tool like Kleopatra simplifies the key-handling. Once you lost access to a private key, messages encrypted with the public key cannot be decrypted and read. They are lost. And this is something we want to achieve. We want all messages related to our private life to disappear.

In the example above, grandma most likely writes the cookie recipe down on a piece of paper. This is something worth saving. The parts regarding your views on particular topics are safely locked up in the encrypted message. And vanishes when the key expires or is lost.

Alternative, you send only the cookie recipe in the clear and avoid writing sensitive information. But this require you to self-censor your information. It also requires you to be consistent. By using encryption you can relax.

Now we can mind our privacy.