Is the data on your phone or laptop encrypted? Should it be? And what does encrypting your data do to it anyway? Here we’ll explain the ins and outs of encryption, and how you can make sure that everything in your digital life is safe from prying eyes.
Image: Markus Spiske/Unsplash/Gizmodo
Despite some of the complicated maths involved, encryption isn’t difficult to understand — simply put, it locks your files and data away using a secret code, just like a pair of spies might talk in code to hide what they’re really saying. If anyone else overhears that conversation, it sounds like gibberish, and it’s the same with encrypted files.
What is encrypted data?
To make sense of encrypted data, you need the key to the code, which on your phone is often your PIN number — get past the lock screen, and your files and apps are no longer gibberish. That’s why being able to unlock an encrypted phone is so important to making sense of the data on it.
Signal is one of the apps leading the encryption charge. (Image: Signal)
It applies to data we have stored on our devices and data we send through the air, to and from the internet. Apps with end-to-end encryption can’t be spied on, much to the chagrin of law enforcement agencies and governments worldwide, and only the sender and intended recipient gets to see the real message.
You can go a long way down into the technical details of encryption, but it essentially just scrambles the data. The number of “bits” is often listed next to the type of encryption being used tell you how many possible combinations there are for the unlock code — something locked with 256-bit encryption would take a bank of supercomputers billions of years to decode using brute force alone.
“If the disk is not encrypted your device can easily be booted off a USB drive and the unencrypted data extracted,” explains cybersecurity expert Professor Alan Woodward from the University of Surrey. “You can even just take out the hard drive and mount it on another machine to examine data unless the disc is encrypted.”
An encrypted hard drive can’t be accessed when removed from your PC. Image: Patrick Lindenburg/Unsplash
Different types of encryption algorithms have been developed for different purposes, with varying compromises between complexity and speed, though most of the time you won’t have to worry about which flavour of encryption you’re using (most of the time you just won’t get a choice).
For example, the encryption on the iPhone is the 256-bit AES standard also used by the US military, which has the benefit of being both very speedy to apply and impossible to crack by running through the various unlock code combinations, as we’ve already pointed out.
If you do get a choice, Professor Woodward recommends looking for packages and encryption methods that have gone through some kind of public audit or independent testing to verify the methods used.
“In some cases, such as the encryption supplied by Apple and Microsoft, you have little choice but to accept their assurances, but if using a third-party package look for audits,” he told Gizmodo. “It’s the same as with secure messaging apps, it’s a sign of how robust the developers believe their system to be if they put it up for scrutiny.”
If your data isn’t encrypted, anyone who happens across your phone or laptop can get at the files within pretty easily; with encryption added, accessing the same data becomes very, very difficult (though not impossible, if other security loopholes can be found on the device). But do you need it in place if you’re not carrying government secrets or company financials with you?
As security expert and Chief Technology Officer at IBM Resilient Bruce Schneier puts it in his blog: “Encryption should be enabled for everything by default, not a feature you turn on only if you’re doing something you consider worth protecting.”
“This is important. If we only use encryption when we’re working with important data, then encryption signals that data’s importance. If only dissidents use encryption in a country, that country’s authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal.”
Android has also added encryption in later versions. (Image: Gizmodo)
Even if you don’t mind the thought of other people rifling through your folders of GIFs and angry letters to your Internet Service Provider, any device you own contains a wealth of information about you that’s best kept private, from contacts to browsing histories.
“Whether you think it worth doing is really whether you think your device has valuable data,” says Professor Woodward. “You’d be surprised what you do have: Contacts, emails, passwords. People underestimate the value of these to criminals. So, on the whole I think it is worth doing.”
You’re building a wall between everything on your phone or computer, and anyone else who might want to look at it who isn’t you. The good news is, encryption has become so important that a lot of devices now include it by default, so you don’t necessarily need to do anything to stay protected.
Encrypting your data
On a lot of your devices, you won’t have to do anything extra. (Image: Screenshot)
iOS has been encrypting data for years, and encryption is now switched on by default in macOS as well: To check, open System Preferences, click Security & Privacy, then open the FileVault tab. If encryption isn’t enabled, you can start the process here, and Apple has more information on its official support page.
After lagging behind iPhones for several years, just about all new Android devices are also now encrypted by default, as long as they’re running Android 6.0 Marshmallow or later. If your Android device isn’t encrypted, and can be encrypted with its current OS version, then you’ll find the option by tapping the Security link in Settings.
That just leaves Windows — some PCs that ship with Windows 10 come with something called Device Encryption enabled, as long as you set it up and sign in with a Microsoft account. To check if this applies to you, from Settings click System then About and see if there’s a Device Encryption section at the bottom.
VeraCrypt comes highly recommended and works on any desktop OS. (Image: Screenshot)
If you don’t have Device Encryption on your machine then the next option is BitLocker — but that requires upgrading to Windows 10 Pro. You may think the $US100 ($126) is worth it, but free options, like the open source VeraCrypt, are available as well.
We’re not going to go into too much detail about the data travelling to and from your devices, but encryption applies here too — with encryption in place, if someone should intercept the data going to or leaving from your computer, they won’t be able to make sense of it.
A lot of apps apply encryption by default, and it’s also added when you connect to HTTPS sites such as Facebook, Gmail, Amazon and many others. Adding a password to your Wi-Fi network at home encrypts the data moving across it, and if you’re using a public Wi-Fi network that anyone can access you should consider installing a VPN to encrypt your data and keep it scrambled.
Finally, it’s important to remember that nothing keeps your devices 100 per cent protected, not even encryption (though it of course goes a long way towards doing that) — don’t think because your phone or laptop is encrypted you can become complacent about all the other precautions you need to put in place to stay safe.