Cell phones, laptops, and the internet are part of everyday life for many people around the world. But what can you do to make sure that no one can snoop through your communications or steal your data? This is a question for anyone who manages their finances online or sends intimate photos to their partner. Human Rights Watch’s 2017-2018 Ford-Mozilla Open Web Fellow, Rebecca Ricks, talks to Amy Braunschweiger about why she decided that a choose-your-own-adventure style game was the best way to teach people about how encryption protects us.
Why did you decide to create a game?
We really wanted to build something that felt accessible, interesting, and reached out to new audiences who might not have realized how encryption was built into the gadgets, apps and websites they use.
We asked ourselves how we could build a tool that’s educational and interactive and geared toward a broad audience. And how do we move the conversation away from just government surveillance and national security? How do we get people to think about how encryption helps them, along with vulnerable groups like domestic abuse survivors? A game seemed like a good start.
Why focus on everyday technology users?
Anyone who uses messaging apps or the internet most likely uses encryption on a daily basis, and the game shows why strengthening these tools is important and why weakening them is a bad idea.
What should people be aware of when it comes to encryption?
Public access to strong encryption is basic to protecting the rights of privacy and free expression. It means people might feel more comfortable speaking out if they live in a country with an authoritarian government that monitors its citizens. It’s also important for every other citizen who wants to do online dating, banking, or emailing and stay safe from cybercriminals while using the internet at public space such as a library or coffee shop. You should also be able to discard old devices without worrying that someone will extract your personal information to sell to credit card fraudsters or steal your identity.
What countries are trying to roll-back encryption?
Many governments blame encryption for enabling criminal activity. The United States, United Kingdom, and Australia have all advocated weakening encryption because they say it prevents them from investigating crime or monitoring potential threats. Over the past couple of years, these governments have issued statements or proposed laws asking companies to build a backdoor – an intentional vulnerability – into apps or phones so that governments can have access to information that would be otherwise encrypted.
Why shouldn’t they ask for it?
Encryption is the foundation for cybersecurity in every online interaction in the modern world.
Information security experts seem to universally agree that when you weaken technological tools to appease governments, you weaken them for everyone. For example, Australia’s government recently proposed a law that would require tech companies including Apple, Facebook, and Google to assist security agencies by giving them a way to access secure data. Apple’s iMessage is encrypted so Apple can’t see what you’re messaging your friends, for instance. But if companies agree to build backdoors, anyone with an incentive to access this information – say, someone looking to steal people’s financial information – could exploit that weakness.
Could you give me examples of messaging platforms that are safe and what to look for in internet connections?
Digital security is not just a matter of using the right tools. It’s tied up in social norms and practices. In developing the game, we were careful not to recommend specific apps up front, because it’s difficult to know how these tools will change in the future. That said, Signal is end-to-end encrypted. Right now, iMessage and WhatsApp are, but it’s hard to know if that could change. Even if you use the most secure messaging platform, if someone in your life has access to your phone then your information isn’t secure.
Tell me about the game.
We focused on the three major types of encryption. One is encrypted messaging. We also talk about “encryption in transit,” which is what happens when you visit a website, sending information back and forth across the Internet. You can tell if a website is encrypted if there’s a little lock icon beside the URL, or if the URL starts with https://. If it starts with http://, that means someone who may be snooping on your network—easy to do with the right tools—can see the information you’re sending back and forth. Right now, around 60 percent of websites use HTTPS encryption, as there’s been a huge movement to encrypt the web.
We also talk about “device encryption.” In this case, is your phone or laptop encrypted? If someone stole it and tried to load information off it, would they see your information? Or would they just see scrambled text? That’s what encryption does, it scrambles your information, and only people with the right “key” can unscramble it. For most phone and laptop manufacturers, encrypting information is the default.
Understanding these issues is important because some governments are aiming to roll back encryption built into our apps and devices.
More governments than the English-speaking ones you mentioned earlier?
Some just ban the encrypted messaging apps. In Russia and Iran, where there have been huge government crackdowns on protesters and activists, the governments have tried to block access to the messaging app Telegram. Russia did so because the company refused to help the government break their encryption. China has also passed a law that might require backdoors. In some countries, if you’re using an encrypted messaging app, the government might assume you’re doing something nefarious. But everyone has a right to security and privacy.
What do you hope people take away from this game?
Most of us use these tools every day without realizing how we’re securing our information. We wanted to create an interactive experience to enable people to think about how digital security affects their own lives as well as the lives of especially vulnerable people, like activists or domestic abuse survivors.
Anything else you’d like to add?
In the game, we really wanted to emphasize that security is always about trade-offs and no choice is straightforward. We were careful not to say, “You made the right choice,” or, “You made the wrong choice.” We say, “That’s probably a safer choice,” given the information you have. When it comes to digital security, it’s all about using the information you have to make an informed decision. At the end of the day, we want people to be able to make safe decisions about their security.