The Washington PostDemocracy Dies in Darkness

Is using encryption suspicious? Half of Americans say yes, according to Pew.

Sorry, this is not what encryption looks like in real life. (Kacper Pempel/Reuters)

Nearly two years after former government contractor Edward Snowden revealed details of extensive government surveillance programs, a Pew Research report suggests that the news has prompted some Americans to change their approach to online privacy.

The group surveyed about 500 adult Americans, finding that nearly 90 percent of them had heard about government surveillance programs and more than a third of those aware of the programs "have taken at least one step to hide or shield their information from the government," the report said.

Though the report found that a majority of Americans are skeptical of government surveillance programs, it also found very few are taking the extra step of encrypting the content of their e-mails. In fact, half of those surveyed said using encryption software gives the government enough suspicion to monitor a U.S. citizen's communications.

Most free e-mail providers automatically use a security feature known as SSL encryption that obscures the content of messages from third parties but leaves service providers such as Gmail or Yahoo able to access the message themselves. To guarantee that only the sender and receiver can access the contents of messages, you have to use end-to-end encryption — a process that typically involves specialized software and several additional steps.

Using end-to-end can be overwhelming, especially for less technically adept users, because some of the tools are difficult to use, said independent security researcher Runa Sandvik.

So it's not a huge surprise that Pew found e-mail encryption adoption rates are pretty abysmal. Only 2 percent of Americans who had heard about government surveillance programs had since started using e-mail encryption tools, and only 10 percent more had even considered adopting it. Nearly half of the respondents said they hadn't adopted or considered such tools — while another third didn't even know what e-mail encryption is.

In the wake of the revelations about NSA snooping, big tech companies have made privacy and security bigger parts of their public strategy — sometimes garnering the ire of law enforcement officials who warn such efforts could limit the government's ability to track terror and crime online. And both Google and Yahoo are working on plug-ins aimed at making it easier for users of their e-mail services to use end-to-end encryption.

[Yahoo’s plan to get Mail users to encrypt their e-mail: Make it simple]

But there's evidence that efforts to expand encryption may actually result in the U.S. government holding on to some Americans' communications longer because it views the use of encryption as generally suspicious. An intelligence funding bill passed last December said that Americans' communications incidentally collected under a controversial executive order could be retained longer than five years if "enciphered or reasonably believed to have a secret meaning." 

According to Pew, Americans are pretty evenly split on on whether using encryption is enough to let the government monitor the communications of U.S. citizens. Nearly half, 49 percent, said it was acceptable for the government to monitor Americans if they "used encryption software to hide files."

To some experts, this suggests that Americans are unaware of how much encryption is used in digital lives already. "I suspect that most of the people are using encryption themselves and don't know it," said Julian Sanchez, a senior fellow at the Cato Institute. "Any of those people that own an iPhone are using encryption to protect their files — probably a lot of them have laptops that are using encryption, even if they don't think about it."

The phrasing of the question may have also put off or confused respondents, Sandvik said. "It didn't say use encryption to protect things," she explained. "The phrasing itself makes it sound like you've done something bad, instead of trying to protect data."

Lee Rainie, one of the authors of the report, said it wasn't Pew's intention to frame encryption negatively, but to get a feel for the public perception of encryption use. He also said that in focus groups by the organization, some respondents said they were reluctant to do things like encrypt their files because they thought it would be perceived as suspicious.

That perception has some advocates worried. "It's a dangerous attitude because as all of these high-profile recent hacks have prompted so much concern about the state of American security, it's actually important that we use much more encryption," Sanchez said. "The idea that there's something suspicious in protecting your stored files is a little like suggesting you must be up to something if you locked your front door."

There has been an ongoing debate between the government and tech companies about how much access law enforcement should have to encrypted content. Some experts have accused President Obama and other government officials of misunderstanding or misrepresenting how encryption works.

Pew's latest report suggests that while the public generally cares about privacy, it doesn't necessarily understand how tools that could help them guard their data work or how to use they're used. "Large numbers of Americans say they are anxious about their privacy, and yet, there's this fairly significant gap in knowledge," Rainie said.

But advocates think encryption campaigns by big tech companies might change public attitudes about the feature by turning active encryption use from a niche activity into a regular part of people's daily routines. "As soon as it becomes something your uncle can turn on with a click in his Yahoo Mail, it stops being something sinister — it becomes something obviously part of what normal people do to protect themselves," Sanchez said.