How can I explain to non-techie friends that "cryptography is good"?

Question

After that case in which Brazilian government arrested a Facebook VP due to end-to-end encryption and no server storage of messages on WhatsApp to prove connection with a drug case, it's become pretty common for friends of mine to start conversations about what cryptography is and why we should use it on a daily basis. The same applies with the iPhone terrorist encryption case in which the FBI broke in.

For non-techie friends, it's easy to understand the basics of cryptography. I have managed to explain them the basics, public key x private key, what is end-to-end encryption during communication(your data is not stored encrypted, but it is "scrambled" during data exchange), all the core concepts without enter on more technical words like AES, MD5, SSL, PGP, hardware encryption acceleration, TPMs, etc. They like to have encryption on their phones, but they always come up with the following concept:

If terrorists/criminals could be caught by not having cryptography in our world, I would not blame data surveillance by governments and companies, nor the lack of cryptography in our communications/data storage.

I explained that this point of view is somehow twisted (as a knife can be used to do crimes, but its primary use is as a tool), but I didn't keep their attention.

Is there a best way to explain the value of cryptography for end-users in our modern world? (Snowden and Assange stories seems like fairy tales to them too).

Compendium: Some of the explanations/concepts that didn't work so far:

• Would you let the government have a copy of your house key?

  People tend to isolate data from house access, and they clearly would say "no, i do not want the government to have a copy of my house key and watch me doing private stuff. But if they are looking for a terrorist/criminal, it's fine to break the door". For them, it's okay since they don't break in your house while you are pooping. The existence of a "master key" on encryption world is fine to them. "My information is encrypted, but it could be turned into plain again in case of terrorism/crime".

• Would you let others trace your life based on what you do online?

  "But Google already does that based on emails and searches...". This mostly shocks me, because they are "with the flow" and they aren't bothered with data mining. Worse, people tend to trust way too much on Google.

• What about the privacy of your communications? What if you are talking dirty things with your boy(girl)friend?.

  "I don't talk about things that would harm others(criminally speaking) so, i don't mind on being MITM'ded.". Again, it's fine to them if a conversation about their sexual routine is recorded, if the intent is to investigate criminal activity on their city.

• The Knife paradox.

  You can see on their faces that this is a good one, but instead, they say that "knifes aren't as dangerous as secret information being traded between criminals so, it's okay that Knifes are misused by criminals sometimes".

Answer 1

"If lack of encryption allows FBI to catch terrorists, then lack of encryption allows criminals to loot your emails and plunder your bank account."

The rational point here is that technology is morally neutral. Encryption does not work differently depending on whether the attacker is morally right and the defender morally wrong, or vice versa.

It is all fear-driven rhetoric anyway, so don't use logic; talk about what most frightens people, personally. And people fear most for their money.

Answer 2

I would take their argument and replace "cryptography" with "locks and keys on our houses" and see if they still agree:

If more terrorists and criminals would be caught by not having locks and keys on our houses, I would not blame warrantless searches by government and companies in our homes.

Answer 3

Explain it with questions: Do you close the door when you poop? Why? Everybody poops, you aren't doing anything special in there, so what do you have to hide?

If someone leaves a pile of poop downtown in the middle of the road does that mean we must all poop with door open? Simply because the pile of poop was gathered in a bathroom?

Answer 4

The thing I haven't yet seen anyone mention is:

Ordinary criminals are far more common than terrorists.

While crypto might help a terrorist evade the FBI (for a while, anyway) it also helps protect you from ordinary criminals who want to steal your money and hijack your computer for their own ends.

The question is, will you concretely give up your safety from ordinary criminals, so that the government can theoretically gain some information on a terrorist, that they can most likely get some other way anyway?

Another thing to remember is:

The more rare an event, the more newsworthy it is.

If terrorist attacks are so common that they only get mentioned in single paragraphs in the back pages of the newspaper, then maybe it's time to reconsider. But that's not the case. An attack anywhere in the western world is front page news for days or even weeks, precisely because of its rarity.

---

Cryptography secures many things in everyday life, some of which people will refuse to live without, if you put the question to them. It goes far beyond terrorists chatting with each other.

Will your friend give up online shopping? ATMs? Credit and debit cards? Downloading software updates - and not just for your computer, but for the avionics of an airliner? These things rely on cryptography and would be unsafe or impossible without it.

It is sometimes argued that the government could simply be given a master key or backdoor to crypto. But this won't work. If such a backdoor is created for the government, it is a security vulnerability that also becomes accessible to criminals. Ironically, someone used a backdoor in a mobile phone system, created for law enforcement, to listen to high level Greek government officials' phone calls. You can be sure that other criminals out there are exploiting backdoors that already exist, and are not getting caught.

Answer 5

Imagine if, during the civil rights era, people had access to things like email and smartphones. People like the organizers of the Montgomery bus boycotts would have a little pocket computer that could tell the authorities where they’d been, who they talked to, and what they were talking about.

The authorities, at the time, considered these people terrorists. They were willing to turn firehoses and attack dogs on them, and they were doing their damnedest to keep at least the leaders under surveillance. Do you think they’d hesitate, if the option had existed, to court-order their phone companies to hand over personal data?

You can imagine a similar scenario in the early days of the gay rights movement. Things like sodomy and cross-dressing were illegal. If the option had existed, the authorities would have happily raided the personal data of any sodomite they could catch. You find one, you find others, and pretty quickly the beginnings of a movement get snuffed out.

The powers that be usually don’t like change, and if they have the power to squash it, they will. But they can’t squash what they can’t catch. In order for a society to grow and change in an organic way, it needs space for new and dangerous ideas to hide. In the computer age, without strong encryption, this space disappears.

Yes, that means actual bad actors have more room to maneuver as well. But I would argue the trade-off is worth it.

Answer 6

My response here is likely many in a sea of answers, but here's the breakdown of why encryption is good, why it's vital, and why breaking it is pointless.

-

Congress investigation found not a single terrorist plot was stopped by the NSA. So it's all taxpayer's cost for no profit

See here.

FBI Coleen Rowley at the London's whistleblowers conference remarked that the people who truly stop terrorist attacks are most often civilians, citing how two men on a hotdog stand apprehended terrorist suspects.

-

No encryption means items cannot be identified as authentic, allowing criminals to commit financial fraud - in their name

The recent losses of information from places such as Target, TalkTalk and others was due to a lack of security. Encrypted personal data means fraudsters can't use it.

-

No encryption on emails allows criminals and fraudsters to snoop on your personal details

Most people handwave and say 'terrorists' to make it acceptable, but the majority of scams come from social engineering attacks where the person pretends to be an authorised individual. They just cited your recent visit to the hospital and your personal social number, they must be the real deal! What, you need 500 smackaroonies paid up front now for my new surgery? Right away stranger caller.

They also prey on the vulnerable (elderly) and the ignorant.

-

No encryption means no security on security systems, for example... access passes at a nuclear plant

Your friends would have to be morons to advocate the weakening of security to err... protect security (?!) in this context. Biometric systems, card readers etc all rely on encryption to ensure outsiders don't simply hack in. Or they should do.

-

Your money and identity stolen means more crime

Some might be super naive, 'so what if they break in, my bank account only has X amount of cash!'. Whatever cash they steal becomes black money used in other criminal operations. Your stolen 50 becomes another pack of bullets for a crazed executor. Your 100 becomes the bribe to a guard in a human trafficking ring allowing women and children to be smuggled.

Your stolen identities becomes forged documents legitimising illegal immigrants, whether they be prostitutes or men seeking to commit further crimes.

-

Weakening encryption strengthens authoritarians

China have seen the UK and US's plans, and are following suit. It allows dictatorships like those seen in Saudi Arabia (where whipping is the punishment for criticising the government), Turkey (where prison is the punishment for criticising the government) and China (where jail and hard labour is punishment for criticising the government) to follow suit.

By seeing backdoors are possible, they too will request such features. By advocating the removal of encryption, you are advocating the punishment of people speaking out for human rights abuses.

-

Encryption is all or nothing

You can't have half measures. Any installed weaknesses hackers will find. So encryption either has to be completely secure, or not at all.

On the balance of probabilities, given no single encryption breakthrough has ever been proven to prevent or catch a terrorist, and there are so many crimes facilitated by poor, subpar security (identify thefts, bank fraud, etc), it weighs in favour of encryption, given the more encryption security, the fewer crimes.

-

What about XYZ using encryption?

ISIS have been declared technologically incompetent, and not surprising, you'd have to be pretty stupid to move to a county in a worse condition than your own in order to murder people for 'freedom'. And there are much bigger technological exploits in the wild that make car bombs look petty and trite - information security is far more important.

In terms of pedophiles, it is possible to setup sting operations (IE where they physically meet and get arrested). Encryption only hides online activities, but most laws are only broken when a physical action takes place. Deep cover agents and long-term infiltration operations can be done here.

-

So shortstop: ask them to name a SINGLE EXAMPLE of when breaking encryption STOPPED A TERRORIST ATTACK (note: the San Bernardio shootings weren't stopped by breaking encryption). If they can't name one, ask them to name how many cases of LOST or STOLEN INFORMATION there have been (make sure you have a long list to cite).

The contrast will be stark, and no-one with an ounce of common sense would suggest the removal of encryption ever again.

Answer 7

To explain "cryptography" in your scenario requires an understanding of the value of "private communications". It's not about the technology, but about the benefit to society of being able to communicate privately, even from the eyes of your neighbours (i.e. those charged with governing the society).

This is more of a philosophical debate than a technical one.

Answer 8

This is kind of a twisted point to make to anyone who's not familiar with the most trivial details of encryption and security, but I think it stands.

Zach still said it best. Encryption is the equivalent of keeping your pants on when you visit the Internet. It should be basic, and it's not our fault that banks and stores are willing to forgo a "no shirt, no shoes, no pants, no service" policy online, where they wouldn't in real life.

Although many of us may not know the details of how encryption works, the general thrust is easy enough for anyone to understand: we don't shout our credit card number or bank details at a waiter, or the clerk at the checkout counter in the grocery, for the same reasons we use encryption when we check out at Amazon.com. Even if we don't care whether someone knows those details about our life, it's 8561b0da13f41d736812e2f12b078a40 rude to be that noisy.

What most people miss is just how noisy the Internet actually is. If tcpdump existed for phones, I'd show the, that, but in the meantime just try your best to educate people as to what sending any information across the Internet is really like. My personal favorite metaphor? Sending a data packet into the wild is like making your toddler wear a sandwich board with a destination address and a message, putting him on the bus, and expecting the regular commuters and the bus driver help him get off at the right stop.

Even if all that happens, everyone on the bus route gets to read your angry drunken letter to the school board as your mindless infant blissfully follows strangers to the right house.

What does encryption give you? Easy. All it means is that no one knows what you actually wrote: all they know is where it's going. That's encryption, a nutshell. What the government wants to do, is allow a select group of auditors to read, laugh at, and ultimately reject or redirect your child — or decide to prosecute you based on what you wrote while you were in your boozy stupor.

Answer 9

I agree with the "It protects your bank transactions" answer, but I'd like to add a few thoughts:

Even if the government banned encryption or forced a backdoor, it wouldn't stop terrorists. Encryption isn't a physical good- it's a mathematical process. Banning encryption would be like banning adding or multiplying (or large semiprime numbers)- criminals would still do it anyways, and the rest of us would be worse off. They don't care if it's banned, and encryption algorithms are simple enough to implement, even without commercial products.

This argument has been made before, but if the US forced a backdoor in encryption, we wouldn't be able to sell too many services to other countries. Other countries might also follow the lead and ban encryption or force their products to have a backdoor. The software market just got a lot smaller. You might be fine with a doorknob where the US owns a master key, but how about if France owns one? Russia? China?

Continuing the theme of fear-based strategies, you can explain how without encryption, a MITM attacker can pass off their data as legitimate. They can download malware or trick you into entering a CC# or password. While phishing attacks and drive-by downloads still exist with encryption, it's much easier for MITM attacks to appear legitimate without encryption.

Answer 10

Use the same terrible logical argument that the RIAA used in their anti-piracy propaganda pieces from the early/mid 2000s.

You use an armored car to securely move money, encryption is that armored car for transactions on the internet.

--or--

You keep your valuables in a safe, so you want to keep your data encrypted.

--or--

You keep your front door locked, encryption is that front door into your data. If you login to your bank unencrypted, then you left your front door unlocked and are allowing anyone else to come by and walk into your den.

Answer 11

The way I like to explain things to people is through movies.

Last night I watched the movie Sneakers. The entire plot of the film is about a "little black box" that can break any encryption anywhere.

SPOILER

After stealing the box from the University Professor who invented it, it gets into the hands of the bad guys- the head honcho himself explaining his plan to use it to destroy the world, specifically money and ownership. The main characters spend the rest of the movie trying to steal the box again so they can give it to the NSA (for techies, this part is probably a lot scarier now than it was in 1992).
At the end of the film, the protagonists trick the NSA and keep the chip for themselves, using it to steal money from causes they don't like and give to causes they do.

What is being proposed by people who want no cryptography to exist is basically for every person that has a computer to have access to such a "little black box" - anyone could log in anywhere, look at any data they wish, and change whatever they want.

A (slightly) more reasonable proposition currently being desired by many politicians and laymen is a "backdoor" or "master key" in encryption algorithms, so that the villains do not have access to the data, but the "good guys" do. This is basically the equivalent of handing one of Sneakers' "little black boxes" to the NSA/FBI/law enforcement/whatever. Why is this so bad? Well, if one exists, two can also exist. Even assuming that the "good guys" only use it for "good purposes" and their security systems are such that no leaks are possible for the bad guys to get at their black box, the bad guys can design their own "master key". For a bad guy to break the encryption in this case, he would only have to crack open the back door. Which would be comparatively easy. And in all proposed systems I've heard about, once they crack one back door, the bad guy would have access to all back doors.

Tom Leek is right, people fear for their money. And having backdoors to encryption would make that money vulnerable.

The discussion of why it is bad for the government to have unfettered access to one's data is for a different time, but the simple answer to that is because you cannot trust any government that much. I like to refer to Captain America: The Winter Soldier for that one.

Answer 12

I am going to take a bit of a different turn to answer the question.

It is impossible to prevent the use of encryption, so everyone should use it. If for some reason encryption were to be banned, what would prevent people from using the current algorithms and transmit data? All data is is bytes so you could not even prove that it was encrypted in the first place.

Because criminals will use this method to communicate if it is legal or not, why shouldn't the general public? It would make everything more secure and prevent data hacks (like the other answers elaborate on).

Answer 13

Try thinking just as much of how you present as much as what you present

I'm going to present my argument with a few attention grabbing words here... but in truth what you need to do is start a discussion much life we do here. A good way is to grab their attention.

If a knife is used to kill a man, is that knife evil?

Obviously the answer to that is no. However what is a knife more than a tool? What is to kill more than a harmful action? What is evil more than a moral view? If we rewrite this question very generically it becomes

If a tool is used to do harm to people, is that tool bad?

The answer to this question is obviously No. A tool is nothing more than a medium to perform an action. Much like paint can be used for art, it can also be used for protest, defacing, or even destruction. What matters here is not the use of the tool itself but of the desire of the operator. If an operator intends to do harm, there will always be tools to do harm. If an operator intends to do good, there will be the same tools to do goo.

The duality of it all is that a tool is a tool. It is in the hands of the person that determines whether the action performed is for good or for evil. Those actions can only be judged by others and thus it is only through our eyes that we can pass judgement. Because we are the ones to judge your friends statements aren't wrong, but they show ignorance of what cryptography really is, and how they should not be the ones to judge it. If they can not explain it without mentioning the word itself, then they do not understand it enough to speak on it.

A good basis for discussion and not argument/bandwagon

"If you are to judge cryptography you must know what it is and what it does. If you can answer that to me I will listen to your stance, so please explain to me what cryptography is so we are on the same page." The statement not only shows you have an understanding yourself, but it asks if they have an understanding in you asking for them to clarify it to you. If they are wrong, they have already opened themselves to a debate about if they really know what it is.

At this point if you can prove them wrong, or raise sufficient doubt in their argument, the group mentality is shifted onto you as the default authority. Remember you don't have to disprove their arguments, you must just prove them wrong. A good example of this comes from the movie "Thank You for Smoking"(Rated R) in the following scene:

Joey Naylor: ...so what happens when you're wrong?
Nick Naylor: Whoa, Joey I'm never wrong.
Joey Naylor: But you can't always be right...
Nick Naylor: Well, if it's your job to be right, then you're never wrong.
Joey Naylor: But what if you are wrong?
Nick Naylor: OK, let's say that you're defending chocolate, and I'm defending vanilla. Now if I were to say to you: 'Vanilla is the best flavour ice-cream', you'd say...
Joey Naylor: No, chocolate is.
Nick Naylor: Exactly, but you can't win that argument... so, I'll ask you: so you think chocolate is the end all and the all of ice-cream, do you?
Joey Naylor: It's the best ice-cream, I wouldn't order any other.
Nick Naylor: Oh! So it's all chocolate for you is it?
Joey Naylor: Yes, chocolate is all I need.
Nick Naylor: Well, I need more than chocolate, and for that matter I need more than vanilla. I believe that we need freedom. And choice when it comes to our ice-cream, and that Joey Naylor, that is the defintion of liberty.
Joey Naylor: But that's not what we're talking about
Nick Naylor: Ah! But that's what I'm talking about.
Joey Naylor: ...but you didn't prove that vanilla was the best...
Nick Naylor: I didn't have to. I proved that you're wrong, and if you're wrong I'm right.
Joey Naylor: But you still didn't convince me
Nick Naylor: It's that I'm not after you. I'm after them.

Here you can see he is clearly explaining to his son that to win the majority you must not target the argument, but the audience. Once the audience knows that someone here is that authority then they are much more likely to listen.

Think about what you say just as much as what you say. ~Anonymous

Answer 14

Cryptography provides not just security, but also privacy. So the same arguments that apply to debates about privacy vs. safety also apply here.

With privacy vs. government surveillance, many may argue, "if you don't have anything to hide, you have nothing to worry about!"

ACLU and other organizations have made excellent articles to respond to that argument. For example, ACLU's Plenty to Hide which points out:

• Some people do have things in their private life, that should stay private if they want it to, but isn't necessarily illegal. Things like being gay; having an affair; being pregnant; having certain diseases; etc. The classic Bob and Alice would be in big trouble with Eve without strong encryption; more to the point, medical records are actually legally required to be stored safely as far as I know.
• Governments make mistakes sometimes. You could get on a watchlist/no-fly list/etc. by accident; the more people are being watched, the more mistakes will be made, just by virtue of percentages in what must be an inexact science. Remember Operation Troll the NSA?
• Maybe you do have something to hide, but you don't know it. Or it's long ago in your past. Laws are complicated and it's pretty much impossible for one person to know all of them by heart. All it would take is one organization or powerful person with a vendetta against you, and you could find out pretty quickly!
• Some things just aren't meant to be public. Someone already brought up closing the door to poop. Other things are like singing in the shower. Or, more appropriately for cryptography, videos of embarrassing moments, intimate photos, etc. aren't really wrong but nobody wants them distributed all over the Internet.
• Even if you don't care about hiding something, someone else might, and it could impact you negatively. Visits to Internet gambling sites or specific stores could impact job prospects or credit offers if someone has gotten access to your web traffic. Also think about social media posts, and how employers may view them. Although this is more a tracking/privacy settings thing than an encryption thing, there are places where it applies.
• People just need a space away from prying eyes to feel secure and...human.

Anyway the ACLU and other organizations like the EFF probably have a wealth of privacy-related materials that could help you get your point across. Even if they can brush off 5 of the 6 points above, one might get through. And there's more out there.

Edit: I just realized the following portion is pretty much Cedrus's answer

Other sources of inspiration could include interviews with well-known cryptography experts, who often are asked why they do what they do. As an example, Moxy Marlinspike talks about how for society to progress, sometimes people need the ability to break the law. The American Civil Rights Movement, the fight for Gay Rights, various Independence movements, the Underground Railroad and abolition, and more depended to some extent on having "safe" spaces away from surveillance; he points out that we may not even know that we want the laws to change without the ability to see, experience, and discuss those things that are illegal. Even if it wasn't around at the time of those movements, a lack of encryption would take away some of the most powerful of those safe spaces in the modern world.

Answer 15

The primary reason why encryption exists, particularly public encryption, is that many clients must be 'publicly' able to send secret messages or communication,which is not only used by facebook and google, but pretty much the whole internet. Today, we are moving to a world, where everything can be done online,from transferring money overseas(online banking) to using Banking and what not. What is extremely relevant to the way the world functions is what we do online:-

1.Shop:- If by any chance, even one of the modern encryption standards is broken, then we wouldn't be able to securely pay online, not even a penny, as it would be intercepted by someone else. No more online payments.

2.The overall ECONOMY:- Stock markets mostly function online these days, pretty much the whole economy of all big companies across the world depends on it, and it further depends on secure-non interceptable communication, about buying and selling of stocks. If these communications are intercepted, trillions of dollars worth of stocks would be untraceable which is extremely scary. No more ATMs or any other banking services. All the banks these days function online, no more. And we know that the world depends on THEM.

3.Communication:- This is the most obvious consequence, no more safe and secure communication. No more private chats, neither business or technology secrets. So, we go back to the 18th century mode of business, where every single business decision must be privately communicated.

4.Piracy:- Already, we face a lot of trouble due to privacy, it would be escalated further due to such a situation.

5.Security:- So, talk about security.... Recently some terrorists were caught in Delhi,India who claimed to have learnt ways to make bombs online... In this world, almost all the data is stored online(or in servers, leave that, computers) ENCRYPTED, be it secure government data or intelligence.. EVERYTHING in this world would be spilled over. No trust between countries and endless wars. No more national secrets. Just think about the chaos. Terrorists would have info about EVERYTHING, where the president is moving, which way is the army going, which room of your house are you in.... EVERYTHING, and talk about security now....

6.Fundamental human rights:- Another obvious disaster.

7.Intellectual property:- More and more nations are recognising intellectual property these days, most of which is stored ENCRYPTED, which again is an asset worth billions, would be spilled over in a minute...

Considering these points, and many more not considered here(Transport, IT, Space, THE ECONOMY) , we can safely assume that ENCRYPTION is the very basis of an internet oriented world or the information age. Without it, the whole present day economy will be ruined, and we will be running back to the 18th century, LITERALLY. Because, if encryption was gone, not a single computer oriented software company would exist(there revenues zeroed out)(if you know the working methods of software companies, centralised cloud based), and you can imagine not having internet at ALL... These are just extreme circumstances where I am assuming that all encryption schemes are gone, which is very unlikely to happen.

So please make them understand that breaking encryption isn't just taking away there individual rights, but also pushing the whole human civilization back by centuries.

If a backdoor can be made by the gov. the same can be done by any of the hacker groups(maybe they have done it, but pretty unlikely as it requires a LOT of computing power) and so, again the situation becomes SCARY....

Answer 16

Ask them if they would be okay with the bank storing their PIN and account number on pieces paper on a billboard in front of the bank. Or their porn viewing habits on front of their house.

Cryptography is literally everywhere. Discussing what-ifs doesn't change the fact that cryptography will never go away, it's like trying to have a discussion about the merits of square wheels. It is (in many forms) essential to day to day computing.

I assume the point of view of your friends comes from the recent incredibly embarrassing speech from David Cameron. There is no way to ban encryption, unless you can physically control the entire internet and every machine connected to it. Besides, banning encryption has a single target, and it's not the terrorists. Banning encryption locally only opens up your lawful population's data to the government. Criminals and terrorists don't give a dime about laws.

Answer 17

There's plenty of good answers here, but I'd like to point out one non-security answer: your friends always say that it's fine to break encryption for "bad guys/criminals/terrorists". But that's not how this is going to be used, even in theory (and law).

Whatever the approach, this will apply to anyone suspect of being a "bad guy/criminal/terrorist". And that's a much bigger group of people than actual BGCTs. In fact, it can very well cover every single person on Earth, and the truth is, it's very much possible that you are a criminal as well, without knowing it - I assume you don't know every single sentence of whatever laws apply to you, even when you only consider your local authorities.

Most suspects did nothing wrong whatsoever - for most crimes that happen, there's usually multiple suspects, and it's very rare that all of those participated in the crime (or anything they considered criminal at all); yet every one of those people would be open to decrypting every single bit of their data and having it scrutinized. And all this massive break of privacy for what? Criminals break the law - that's kind of the definition of what "criminal" means. If you ban or restrict encryption, or you add backdoors and prohibit using encryption that doesn't have backdoors, do you think the criminals are going to honor those laws? It's not like you can tell if a piece data is encrypted or not - and even if you could, there's plenty of steganographic approaches that allow you to hide secrets (in this case, encrypted messages) in harmless looking data. And then one day, someone finds out that your nude pictures were used to send messages between terrorists :P

Answer 18

I'm not going to go into the technical aspects - others have already answered that, and it's not really what the question is about.

Rather, you can say a couple of things. My answer will be somewhat US centric because that's what I'm familiar with, but similar examples will exist elsewhere. It is also somewhat broader - rather than specifically focusing on cryptography, my answer relates to privacy in general.

• Tailor your answer to the person. Find something they care about. For example, if your friends are strong believers in the Second Amendment, remind them that no cryptography will also mean that the government has access to all their firearms records. Also remind them that the police in Hialea, Florida, was caught installing cameras with license plate readers pointing into the parking lot of a gun dealer. Similarly, if your friends are passionate about abortion, remind them that abortion records would also be accessible. Everybody has "something to hide", most people just don't realize it.

• If you think that you aren't interesting to the government, please explain why the Soviet Union, East Germany and North Korea spent an untold amount of effort on spying on everybody, including ordinary citizens?

• Ask your friends to think about exactly how the USA is different from the Soviet Union. Hint: the main difference is that the Soviet Union spied on their people, while the USA didn't - or so we thought.

• Would your friends be OK with a law that outlaws envelopes and that your pay stubs are mailed on postcards? Explain that cryptography is simply an electronic version of a sealed envelope.

• Accept that this person trusts the government. That's a personal value decision anyway, not subject to fact-based arguments.

• Ask if he would still be OK with it if the government changed? Would you trust Donald Trump (who is known to be very underhanded and vindictive) with access to your private data? Or conversely, would you trust Hillary with access to that data?

• Would you trust Joe McCarthy or J.Edgar Hoover with access to such data?

• What if Weimar Republic had had this capability - and it had then fallen into the hands of Hitler, and subsequently of East Germany?

• You can also point to William Binney. He was an NSA whistleblower before Edward Snowden, and he revealed that the NSA not just hypothetically, but actually specifically targeted Supreme Court Justices, high-ranking military officers, and even then-Presidential candidate Senator Obama. It is of course speculation, but entirely possible that General Paetraeus was the victim of a targeted release of spying data, and that the "jilted-lover" story is just a cover story.

• Even if you trust the current and all future governments, or you think the government wouldn't be interested in you, how about "bad apples" in the system, such as the police officers who used surveillance data to hunt down and blackmail gay men (happened in 1997, I believe)?

• How about cryptography used by the military? When your friends reply that this cryptography is acceptable, then point out that the FBI has recently been trying to pressure a developer of a Navy-funded encryption network into building a back door. The developer's name is Isis Adora Lovecruft, and she ended up fleeing to Germany. She is working for The Tor Project, Inc., which receives major funding from the Navy.

In the end, though, don't try too hard to convince your friends. It's far more important to work within the technology community, and most of those people are already aware of the importance of cryptography.

Answer 19

I would try to use an analogy that doesn't employ logical fallacy. This is difficult, but perhaps explain how cryptography is used in banking, healthcare, etc. to ensure privacy, security, and the integrity of services.

Ultimately it is our responsibility to make sure they understand it, everyone needs to understand it now that it has become a controversial issue.

Answer 20

Cryptography is the technological equivalent to the Bill of Rights. Just like, say, the right to a fair trial sometimes seems silly when the case is crystal clear, we anyway would not want to do away with it just for the convenience of an exception.

Answer 21

You should explain using a demonstration by hacking them. Get them connected to your network and then perform an ARP spoofing for a man-in-the-middle attack. The works almost every time for fully patched Windows computers. Alternatively, since it's your network, you can just use the router for MiTM, but that wouldn't be as cool. Then, show how the lack of encryption can allow you to steal cleartext credentials, and inject malicious content into the webpage, like downloading of malware or redirection to phishing websites. This demonstrates the practical usefulness of encryption in a network.

Even more critical is in an enterprise environment, where this can be used to gain domain admin access. Many internal portals contain self-signed certificates or no encryption. You can use this on a domain admin to steal the keys to the kingdom.

Interceptor-NG is a good tool for this.

Answer 22

[Non-techie friends] clearly would say "no, i do not want the government to have a copy of my house key and watch me doing private stuff. But if they are looking for a terrorist/criminal, it's fine to break the door".

It sounds like your non-techie friends are onto something. As most answers have said, this isn't a technical question, it's an issue of public policy. We have organized ourselves into a society with a government because we prefer the protection of a constitution, a legal system, and a criminal justice system over anarchy, extortion, and mob justice. So you need to answer the question "is society better off when the FBI can investigate crime than when it can't, and what limits should be placed on its investigation?" When ATMs first came out 4 decades ago there was concern about the Big Brother police state that would result from having ATMs with cameras everywhere. Yet now the only time cameras are in the news are when an ATM photo helps catch a carjacker, surveillance cameras spot Boston Marathon bombers, or cellphone videos catch a fight between police and suspects. Seriously, does anyone EVER say that cameras catching Ray Rice knocking out his girlfriend in an elevator are an invasion of privacy nowadays? That concern is so 1970's.

Obtaining lawful access to encrypted communication is the same issue as obtaining lawful access to photo/video surveillance. It should require authorities to justify why they need it, but after providing that justification, it should be made available. If the police ask for a warrant to break into your house so they can watch you poop, it won't be granted. If they ask to listen in on phone sex with your girlfriend, it won't be granted. But if you are using your phone to buy a 13 year old from a child trafficker, they probably should be given the cryptographic keys that would let them listen in. Do you value absolute privacy over the safety of your 13 year old daughter? The answer to that has nothing to do with cryptography.