Skip Navigation

Encryption

In November 2024, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) jointly announced that the People’s Republic of China (PRC) had compromised the infrastructure of multiple telecommunications companies.1 Both Microsoft Corporation and the United States Government use names ending in Typhoon to refer to attacks carried out with PRC state sponsorship. The particular group of hackers in this case, whose exact identities are not necessarily known to the intelligence community, has been labeled Salt Typhoon using this nomenclature.2 Unfortunately, both the breadth and depth of these attacks might not be known for some time, since Donald Trump fired the expert review board that was investigating the attack shortly after he took office.3

CISA recommended that “highly targeted individuals” encrypt their communications and improve their overall security in December 2024.4 Although CISA is trying to walk a fine line by focusing on “highly targeted individuals,” using encryption is a best practice for both security and privacy. Many of the vulnerabilities that enabled the Salt Typhoon hack were a direct result of the federal government discouraging proper end-to-end encryption by average Americans. Law enforcement agencies, including the FBI, have historically campaigned for backdoor access into all encrypted communications systems used by regular people. The familiar two reasons – catching terrorists and detecting child exploitation – have been cited in the demand for “lawful access.” 5 However, at the mathematical level, data are either securely encrypted or they are not. There is no “middle ground” where only the “good guys” get access to the unencrypted data. Thanks directly to these law enforcement efforts to prevent or weaken proper end-to-end encryption, the Chinese Communist Party now has direct access to Americans’ personal communications.6

In this section, we’re going to learn what encryption is, why it is important, why we should all be using it (even if parts of our government don’t want us to do so), and how we can use encryption principles to safeguard our passwords.

Contents

Notes and References

  1. Cybersecurity and Infrastructure Security Agency. Joint Statement from FBI and CISA on the People’s Republic of China (PRC) Targeting of Commercial Telecommunications Infrastructure. November 13, 2024. 

  2. Chris Jaikaran. “Salt Typhoon Hacks of Telecommunications Companies and Federal Response Implications.” Congressional Research Service. In Focus 12798. November 15, 2024. 

  3. Lorenzo Franceschi-Bicchierai. “Trump administration fires members of cybersecurity review board in ‘horribly shortsighted’ decision.” TechCrunch. January 22, 2025. 

  4. Cybersecurity and Infrastructure Security Agency. Mobile Communications Best Practice Guidance. December 18, 2024. 

  5. Federal Bureau of Investigation. Lawful Access

  6. Richard Forno. “What is Salt Typhoon? A security expert explains the Chinese hackers and their attack on US telecommunications networks.” UMBC Magazine. December 6, 2024.