Why use PGP encryption?
For the majority of people, the first question they ask with regards
to file or email encryption is "What's the point? If I'm not doing
anything wrong, then what do I have to hide?"
But a counter question is "Do you have to be doing something wrong
in order to suffer from someone else's attention towards you?"
There are any number of various situations in which real harm could
potentially come to you if the opinion or information you gave to one
person were to be read by another. Some examples:
- Credit card information. (e.g.) sale orders by email. Do you
really want the owners of any computer between you and your
recipient to know what your credit card number is?
- Business plans. The European aerospace company "Airbus" has
alledgedly lost major contracts due to the interception of electronic
communications by the U.S. government's Echelon information gathering
network, when Airbus' bids for contracts were forwarded to their
- Political dissent. Do you agree with every decision your
government makes? What if you were forbidden to ever express your
opinion openly? Were you aware that the Russian and Chinese
governments place great restrictions over the open use of encryption?
What does that say about the usefulness and importance of encryption
in protecting the expression of dissent?
- Workplace dissent. Many workplaces currently monitor their
employees' email, and some employees have been fired because of
personal opinions about a manager or the workplace in general, which
was expressed in email to a coworker and later intercepted and read by
management. Similarly mailing list participants have been known to
become banned from mailing lists because a personal email was sent
accidentally to a mailing list, and made available for all to read.
- Distribution of open-source software. With open-source software
freely available, and often mirrored at different sites, you want to
be sure the program you are downloading is the one you think it is.
Using digital signatures provides this kind of confidence. Debian,
requires all its package maintainers to use PGP to sign packages when
uploading them to the main Debian pool.
Most likely you can think of other situations where you would not appreciate
what you are saying to become common knowledge to anyone other than
the intended recipient. Part of the problem lies in the nature of
internet and email communication. The internet route a message
takes towards its destination can cross a dozen or more machines, any
of which can copy and read that message. Likewise the message is
stored and handled by a number of different mail handling machines
before finally arriving at the destination.
A common analogy is the difference between sending a letter and
sending a postcard. The postcard is open for any postman, mail
handler, neighbour, to read. A letter, on the other hand, is safely
enclosed inside it's envelope, and you will know if it has been opened
and read (unless particular great expense has been applied to read it
without your knowledge). When you send mail, do you always write
everything on a postcard, or do you securely enclose your letter
inside an envelope?
PGP encryption may be likened to placing your letter inside an
envelope, safe from prying eyes, albeit an envelope with the strength
of a safe.
But for me personally, I just like the idea of encryption because
it's cool ;)
Next: Origins and Ideas of PGP
Back to index