Matthew Linkous

Is it worth encrypting?

The unfortunate tradeoff

Today, nearly all of our data is backed up to the cloud. Often times our only copy of our important information will live on some far away server outside of our control. This comes with clear privacy risks. If our data is on someone else’s machine, in their hands, they are free to peek into that data without us consenting or even knowing. It’s even the business model of many of the biggest companies in the world to read private data to better target advertisements. This is a problem that is often met with a simple solution: encrypt your data.

Encryption is often touted as the panacea of data security and privacy. Modern cryptography has given us this powerful ability to take any data and transform it with a secret key in a way that it can never be unscrambled even with the most powerful computer unless you have the correct decryption key. This ability comes with a much less often mentioned drawback: if you lose that key, you lose that data. The decision to encrypt can be generally distilled down into a simple statement: “I’d rather lose this information forever than have it read by unwanted parties”. Despite this fairly extreme tradeoff, there are still plenty of cases where it’s well worth it, but I want to draw some attention to the cases where it might not be the best idea.

Choosing to encrypt is making the choice that you’d rather lose the data than an have unwanted party read it

To contextualize a little bit, it’s worth noting a few things. There are some subtle differences if we want to distinguish between encrypting data “in transit” (sent between two or more parties) and data encrypted “at rest” (stored on some device). There are also some advanced techniques that allow for reconstructing decryption keys from a combination of other keys much like a Horcrux from Harry Potter. And when it comes to private keys, biometrics like FaceID have also removed some of the need for passwords and passcodes in favor of a signature generated from a scan of your face, eye, or finger. But for now, let’s just treat each piece of data as having a single copy that’s encrypted with a single text key.

Examples

Let’s look at a few different examples and note the comparative pain of losing that data versus the pain of having that data leaked.

Data typePain if lostPain if leaked
Passwords😐😱
Photo Memories😱😐*
SSN😐😱
Source Code😱*😱
Texts??
Recipes😱😐*
Music Library😱😐*
Personal Art😱😐*
* There are sensitive cases that would make a leak or loss worse

Upon looking at these cases, there are some clear categories where encryption is really, really useful. Any piece of data that is easily replaced or regenerated but serves as a proxy for our identity should always be encrypted. Passwords, SSNs, typically fall into this category. They’re often already committed to memory (but you should really be generating your passwords, it’s 2023) and typically easily reset—the obvious exception is if that password is itself a decryption key! There’s also a category that’s a little bit of a gray area: anything related to communication. This is because it really depends what’s in each message and a message could itself be any type of data. And finally, anything that is unique or highly personal nearly always is much worse to lose than leak. This category of things—Grandma’s secret cookie recipe, a photo of your kid’s first birthday party, a cringe-worthy essay from highschool—is what I would call “Priceless” data. These items tend to have way more value to the holder than anyone else. The potential of losing our priceless pieces of information makes it not worth the risk, when it comes to encryption.

A necessary reframing

I think encryption has become a center piece of the conversation because of how easy it is to apply to any situation. It’s easy for us developers to take a tool that works on raw binary data and want to try it on every file we have. But encryption may not be silver bullet we often treat it as. An encryption algorithm like AES doesn’t know if the file it’s concealing holds a wedding photo, a recipe, or a list of all your passwords. It will just scramble your data and hand you back a key that you better not lose. While, we can now hopefully agree that cryptographic encryption is not universally applicable to all of our data needs, let’s not throw the baby out with the bath water. We still want robust security and basic access control even for our priceless data.

The bigger question

The main point here is that there is a lot of information that we just never want to lose even if it it means it doesn’t have the same privacy guarantees that comes with running a quick AES256 on your data. But just not encrypting your data doesn’t protect you from data loss. We still need to frequently backup our cherished information. And that’s where the larger issue arises: the easiest and most popular way to backup our data is to just embrace the Cloud. What we really need is something with the convenience of having all our information on the internet while still remaining entirely under our control. Maybe we should all own our servers…