Session #i2, “Preserving Spaces of Wonder in an Age of Surveillance: Getting Started with Digital Cryptography,” was a mini-workshop held on Sunday morning. Virginia Tech PhD Candidate Andrew Kulak led the workshop, explaining about the necessity of security and privacy in the digital age, and led participants through the process of encrypting and decrypting documents. Citing the rise in recent hacking events, Kulak mentioned several tips for keeping one’s digital information safe. Student grades, banking information, and academic research are all legitimate information that is usually stored digitally, and may come under threat from hacking. Cybersecurity, Kulak argues, is a techne that can help to preserve spaces of wonder in a world that seems to have a growing disregard for privacy.
Certainly, concerns about digital surveillance are much more than just tinfoil hat theories. Hacking events are reported regularly, and we’ve all known someone–or have been ourselves–affected by a data breach of some sort. According to the Pew Research Center (2017), 64% of Americans have been personally impacted by a data breach. Furthermore, public trust in the safety of their online information is at an all-time low: 49% of Americans surveyed are distrustful of the government’s and social media sites’ capability of keeping their data safe. Digital cryptography, therefore, can be a tool for one to take control of their own security.
The majority of the workshop led participants through downloading software and using it to encrypt a document. Kulak showed participants how to use GPG (Gnu Privacy Guard), an open-source PGP encryption software. PGP, a public key cryptography standard, is considered to be a safe form of encryption at this point, as it has not been (publicly) cracked. Public key cryptography is a process of encoding and decoding messages with a series of keys (passwords). Public key cryptography was explained by Kulak using a metaphor of a locked mailbox, in which a sender can deposit a message into the mailbox (through use of a publicly available key), and that message can only be accessed/unlocked by the recipient, who not only has the public key but also a private key. This type of standard helps to maintain the integrity of the message, as any attempt to change the message in transit would corrupt the file.
Workshop participants (using Macs or Linux) used command-line methods to download and run the GPG software. First, Homebrew was downloaded, a package manager that is used to download and install GnuPG from the command line. Then, GnuPG was installed. Kulak led participants through creating a public and a private key, and generating a revocation certificate (for deactivation of a compromised key pair). Then, participants encrypted a text file and emailed it to Kulak, who then demonstrated on his computer how to decrypt it.
Other recommendations made by Kulak beyond message encryption included:
- Updating home router’s credentials: changing router’s IP and default DNS
- Using WPA2 Personal + AES for your home WiFi network security
- Change your WiFi password to a strong 16+ character password
- Enable the guest WiFi account for visitor access
- Encrypt work files when using cloud storage
- Use two-factor authentication with a physical token for email
- Leave WiFi and Bluetooth off when traveling with devices when not in use
- Consider using a travel laptop with only the files you need if possible
- Activate strongest firewall settings when on public WiFi
[Computer with lock graphic]. Retrieved from http://www.doncio.navy.mil/uploads/1002ZUL23524.jpg
Kulak, A. (2017). Cybersecurity 101 [PowerPoint slides].
Pew Research Center. (2017, January 26). Americans and cybersecurity. Retrieved from http://www.pewinternet.org/2017/01/26/americans-and-cybersecurity/
[Tinfoil hat cat photo]. Retrieved from https://c1.staticflickr.com/3/2363/1505091017_e3fc22ffb8.jpg