Click to read the article in Turkish
There is a slight translation error in Turkish when it comes to digital security. In English, there are two different terms: "Digital security" and "digital privacy". But unfortunately, both "security" and "privacy" are squeezed into one word in Turkish: "Güvenlik".
Oh boy, what a huge mistake that was...
"Security" (which translates as "güvenlik" in itself) means how vulnerable you are against outside attacks. That means how thick your walls are, or how tight your grip is. When we say "security", this should come to mind.
On the other hand "privacy" refers to how open and accessible things are that are private and that belong to you. There is a perfect translation for it outside of the IT world: Mahremiyet.
But unfortunately "dijital mahremiyet" never gained enough support from the masses. It is being used within the academia and by the people who are interested in the subject of course.
But for daily conversation, "dijital güvenlik" allegedly covers both terms. But in order for me to make more sense in this article, I will use "security" to refer to defense against outside attacks and "privacy" to refer to the control of your own data.
Question #1: What is Encryption?
And now a new term, encryption, comes into our digital lives. In Turkish, we have a pretty good translation for it: şifreleme. And the thing it does is fairly simple:
Encrypt data.
But what do we mean by "data"? I prefer to split the term "data" into two parts when I describe encryption.
First is the data that is stored in our computers or smart devices.
The second is the data we transmit outside, whether to surf the web or communicate with other people.
Both should be handled separately, since the act of encryption seems similar for both occasions, but they have fundamental differences in reasoning.
Question #2: How and Why do We Encrypt Our Data on Devices?
The "how" part of this question is not that important. Encrypting the data on your phone is fairly simple, and even though computer encryption is a couple of steps harder, I wouldn't define it "hard".
But first, we need to understand the "why". Because right now encryption is considered the same as "hiding something" and this assumption creates misinformed masses.
Encrypting the data on your phone or on your computer is related to privacy. That's it. Think of it like your mind. Would you be okay with other people hearing your every thought? Of course not. But that doesn't mean you will not answer when someone asks a question. You only share your filtered thoughts with other people, not everything that is on your mind.
The main reason for encrypting our stored data on our devices is obviously theft. When your phone or your computer gets stolen, you wouldn't want other people to see your personal conversations or photos.
That is basically it, the secret sauce of encryption lies on the premise of keeping your personal stored data safe unless you give somebody access.
At this point theft and losing privacy start to differ a little, because privacy doesn't end just at your physical phone.
Most people store their phone's backup wirelessly or by connecting it to a computer. Those backups also needed to be encrypted, because if someone gets a hold of them they won't be able to use your data to threaten you or to hurt your loved ones.
Even using a copy of your ID to get a loan or create a business in your name and get you in trouble are possible outcomes. That is why encryption of stored data is important.
On your phone, encryption is almost done by itself. If you are using an Apple iPhone, as of iOS8 encryption is done automatically when you assign a passcode. Apple does that without asking you.
If you are using an Android-powered phone (Sony, Samsung, HTC, LG, Meizu, Xiaomi, Motorola, Huawei, Alcatel, Asus, OnePlus and many more) you have to initiate this feature. When you assign a passcode or pattern, you can either lock the screen or encrypt the whole device.
There is no need to find any additional software, applications or methods that may be illegal to encrypt your phone. Because as a customer, this is one of your rights. If the act of encryption was "illegal", all iPhones should have been banned in Turkey. As I've said before, there is no way not to use encryption on iPhones with a passcode.
On the other hand, computers are a little more tricky. If you are using computers that have been sold by Apple (desktop or laptop), you can encrypt your files through "FileVault" option on your Settings menu. Your password decrypts your files and you can access everything.
Unfortunately Windows is lagging a little behind. Before Windows 10, encryption was never a widespread solution. Yes, since Windows XP there has been in-system encryption and as of Windows 8.1 the system has been standardized. But it is not available to everyone.
Right now in Windows 10 only some versions (Pro and greater) offer in-system encryption. But you can use other solutions like VeraCrypt, which I suppose we will probably be hearing about in the upcoming months in Turkey as a new "threat".
In the end, if you are a Windows user (which most Turkish people are) you may not have in-system solutions but you are still covered by third parties.
For notebook users, computer encryption is much more important. Especially for people who store their business-based conversations, files, tables, presentation, and other such things on the device.
If the computer falls into the wrong hands, it may damage your company, as well as shatter your position in it. There is huge difference between losing a 2000 Turkish Lira computer and leaking the blueprints of a project that was supposed to be released in the upcoming months to the rival company (meet corporate espionage, people).
This isn't just about business data. Your personal data is as important in your computer as it is in your phone. Again, securing your personal data is crucial.
Question #3: How and Why Do We Encrypt Our Conversations?
There is a matter of encrypting your communications as well. Recently communication encryption is the reason why the subject is in the headlines and some argue that it is a bad thing, and alienate the people using it.
You can encrypt basic phone calls, although it is cumbersome and relatively expensive. There's this term "Satellite Encryption", which sounds like it comes from a 1990's science-fiction movie, but we "ordinary" people are not that interested in this technology because it is relatively difficult to use. Usually governmental officials or high-ranking employees of the multi-billionaire companies use this technology. The funny thing is, when you hear how "bad" encryption is, most of the time the source is either an intelligence agency officer, or a CEO of a company who makes lots of money by filtering personal conversations. People who rely on encryption for state or company secrets are the ones who think encryption for us "ordinary" people is bad. Irony at its best.
But even if it seems recent, communication encryption has an almost 20 year history. In 1990's, there was a "Cipher Chip" planned for every computer that in theory would allow intelligence agencies like the CIA to monitor them at all times, even if the traffic between the computer and the net was encrypted.
But the chip was hacked, and then experts put pressure on government officials which resulted in the project being shelved. But this incident took on the name "Cipher Wars" and became the first scandal in encrypted communication.
But today, there are plenty of applications on our phones that use "end-to-end encryption", a form of encryption that only the recipients can decrypt, and this makes our conversations fairly secure.
The most notable one is WhatsApp, and another one that well-known but not very good is Telegram. If you enable it in settings, Facebook Messenger and Google Allo offer end-to-end encryption as well.
The Signal app, which is developed by an independent source is a another good example, and as a corporate example, Apple's iMessage is end-to-end encrypted by default.
But why do we have these encrypted messaging apps? Let's start with a daily example. When you surf the web for a new coffee machine, after 5 minutes you start to see coffee adverts on every other site you visit. This becomes frustrating.
The same goes for talking with a friend about getting new sneakers and after writing one or two brand names, wherever you go on the web you see sneaker adverts with those brands. This is not fiction by the way. This is a hard, cold truth about how our communications are dissected and turned into advert data. That is the reason why we have encrypted communication, not to "commit crimes".
Another example: Digital conversation is, in theory, no different than a conversation in real life. When you sit and talk with your friend, is someone listening to your every word? Are they interrupting your conversation with advert boards with hand-painted drawings? Of course not. So why should you accept the situation on the digital world?
In the end encrypted communication has no valid connections to "toppling the government", "organization" or "terrorism". Just as the language terrorists use, or the cotton clothes and sunglasses they wear, or the public transport they use, or the electricity they consume at home has nothing to with "terrorism" either.
Question #4: How and Why Do We Encrypt All Internet Traffic?
Let us come to the last step. I know, I didn't mention this one when describing encryption because we do not use this as a main method mainly for the encryption. A VPN, or "virtual private network" is actually much more than a censor-breaking tool.
VPN systems, when they are configured properly, can encrypt the data between your network and the network you are connecting to. Unfortunately this encryption system is being marginalized in some countries for political reasons (VPNs are illegal in both China and Russia) but in the end it is not that different from the use of encrypted communication.
The user is still the product itself and personality traits or preferences are being sold as commodities. And this is frightening stuff.
Question #5: Is Encryption a Bad Thing?
There are other ways to use encryption in the digital world. For example, there are encrypted mail services. Popular webmail services like Gmail, Hotmail or Yahoo store your e-mails in plain text form and analyze them, and then use this for adverts.
Once again you are a product. Your personal preferences about soft drinks are being sold to a company without you noticing. Or the contents of your e-mail are shared with interested parties. There are also encrypted communication tools for computers. You can communicate privately on your computer, just as you do with your phone.
But let's get to the main debate: Are encryption solutions bad things?
Short answer is: no. This could very well be the end of this article.
But long answer is a bit complicated. There are a lot of things on earth that were founded with good intentions but are being used as tools of destruction. Encryption itself is not a tool aimed for wrongdoing, but like many other complicated systems it is prone to it. Encryption is not an obstacle but a supportive means to protect the privacy of users.
Another perspective is: whenever someone is a threat and there is enough evidence for this, that person can be included in the legal system easily with all of his/her electronic devices. Encryption itself inherently prevents people from accessing your data without your consent. That also means a disc drive without encryption can be connected to another computer and can be searched, even if you don't have the password of the first computer.
But all it takes to decrypt these devices is usually a fingerprint, or a passcode. All the conversations and personal data on that device are ready to be seen when needed. Also, if you are obliged to cooperate by a legal warrant, refusing to give access to the devices makes you a criminal all by itself. If the data is to be investigated, this can easily be done with your cooperation.
Let's get back to the mind example. If someone probes your mind and scrambles your thoughts without your consent, we consider this to be a crime against humanity. The same goes for searching for a house, for a diary, for a computer or for a phone without a warrant or consent.
We shouldn't let the fear of terrorism, which has been amplified since 9/11, crumble our digital privacy like a nightmare. "We are watching you for your own good" has never worked. The priority of using encryption both on stored data and communication is still for keeping them private and secure from unintended parties.
But in a democratic society every type of pressure is poisonous. You may prefer a hypothetical safety net over your own digital privacy and neither I nor any other person should forbid you to think like that. And you would not be the only one on earth; you will be a part of a community which includes UK Home Secretary Amber Rudd and US PresidentDonald Trump. But the most notable problem with this community is that they tend to speak their mind before researching the subject. You can click on their names and see how severe the situation is, although the articles are only the tip of the iceberg.
Digital privacy and real world threats are a thing to discuss, but one thing to remember is to be more capable than these two examples. At least if one wants to be taken seriously. Until that time, my humble opinion is that you should not let people listen to your conversations online, just as you probably do not in your daily conversations.
Encryption is as simple as that last sentence and just as easy to understand, in the end.
Translated by Sarp Kürkçü
(SK/EKN/LN/DG)
