Encrypted email or truly private web browsing isn’t a matter of technology. The technology is here and it works fine. What’s missing is widespread user demand for privacy protection on the Internet. Anna Lysyanskaya’s essay first appeared in the <em>Providence Journal</em> on Friday, Feb. 13, 2015.

As a computer scientist and a cryptography researcher, I think a lot about the technological side of data security — algorithms that safeguard the privacy and integrity of data. But ultimately, it is the users of technology rather than the technology itself that hold the key to whether the Internet will stay forever broken or whether it will emerge better and stronger from its security woes.

For all the talk about the ease of hacking into virtually anything, most of us are rather blasé when it comes to the erosion of our personal privacy. We have beautiful algorithms that can protect us on email, in the cloud, and on the Web. But these technologies have not been widely implemented. Why not? Because we do not demand that our privacy be protected.

Partly, the problem is that we tend to treat privacy breaches as something that happens to other people, but not to ourselves. We don’t anticipate that our very private conversations would be leaked or that embarrassing photos of us would make the rounds. We just don’t think of ourselves as all that interesting to other people.

But that’s a fallacy.

The recent attack on Sony makes the point. The attack led to leaked emails of Sony executives. These emails, among other things, contained sensitive information on actors’ fees and revealed the executives’ racial biases. Publishing them proved very damaging to Sony. It wasn’t the glitzy celebrities who were the target — it was the executives working behind the scenes. The North Korean hackers probably were not even interested in the content of the emails themselves. They just dumped them on the Web to show the kind of damage they could do if Sony didn’t halt the release of a movie they didn’t like.

That should serve as a wake-up call. You don’t need to be famous to have your privacy breached. It could happen to anyone — and on a massive scale. For example, anti-American sentiments are at an all-time high in Russia. So tomorrow a patriotic Russian hacker might just start breaking into private email servers of American companies and releasing their contents, just to show who’s boss.

Speaking as a cryptography researcher, I can tell you that protecting your privacy is possible and does not require giving up even a little bit of the convenience we have learned to enjoy.

For example, encryption can protect the contents of email. Simple Gmail plugins like Virtru or Mailvelope can make it so that no one except the intended recipient of a message will be able to make any sense of it. Irrespective of which email service you use, the Gnu Privacy Guard (GPG) gives you the ability to do so securely. These technologies use time-tested cryptographic algorithms that cannot be broken even by very powerful eavesdroppers, such as the National Security Agency. If Sony’s email servers had stored the emails in encrypted form, rather than in the clear, the North Korean hackers would not have been able to leak their contents.

There’s also software that enables private web browsing. Currently, most Web browsers, at the request of various websites you visit, collect information about your online activities. They then send this information to whichever web site had requested that it be collected. This is how you get ads that are targeted to you, which is both convenient and somewhat creepy at the same time. Hackers can also use this mechanism to learn things about you that can make it easier for them to hack into your computer. Some browsers, most notably Mozilla’s Firefox, make it easy for you to turn this tracking off, to enable so-called “private browsing,” so that you can browse the Web without fear that you are being tracked. Websites will still be able to see your IP address, but private browsing does make it more difficult for websites to track your browsing habits.

Other privacy-preserving technologies abound. For example, I spent a great deal of my research career developing authorization systems that allow users to log into websites and make transactions without giving up their personal information.

But for these technologies to flourish, there must be a market for them. Creating that market is up to all of us, and the first step is to start using the tools that are already out there. We need to be more realistic about the dangers out there and demand better privacy protections.

Anna Lysyanskaya is a professor of computer science at Brown University. Her research emphasis is cryptography and anonymous credentials.