Spies Crack Web Encryption and Undermine User Privacy
What happened?
Information leaked by whistleblower Edward Snowden alleged that the US National Security Agency (NSA) has cracked portions of the encryption techniques that keep our online activities secure. According to reports, the NSA has spent billions of dollars over the past decade on trying to break encryption, and in 2010 it partly succeeded. The first technique to be cracked was HTTPS, the system that encrypts most webmail services and social-networking traffic. The second was Secure Sockets Layer (SSL), which protects transactions when you're shopping and banking online. However, that's not all: the NSA is also accused of deliberately weakening online encryption systems, in order to "undermine the major tools protecting the privacy of everyday communications" (http://nyti.ms/1bzp4Tu). For example, a flaw discovered by Microsoft in an international encryption standard is now believed to have been inserted by US government spies. A number of unnamed web and security companies were accused of collaborating with the NSA by putting 'backdoors' into their products to give spies access to encrypted data when they couldn't break in themselves. The reports didn't reveal just how far US spies have got in their attempts to crack encryption and suggested that other forms of "strong" encryption remain secure - but for how long remains to be seen. The leaked documents said the goal of the encryption-cracking operation, which is echoed by similar, though less extensive efforts from the UK's GCHQ (Government Communications Headquarters), is to ensure spies have the ability to comb through internet traffic and activity to prevent terrorism and crime. Security expert Bruce Schneier told The Guardian that "the NSA is undermining the very fabric of the Internet" (http://bit.ly/1f2kEbT), and called for web engineers to fight back and come up with new methods of protection. Reports also stated that the two spying agencies had cracked mobile phones, obtaining access to messages, contacts and other private data on Android, Apple and BlackBerry devices.
How will it affect you?
The exact effects of these revelations are impossible to tell, but it means that anyone - and it could only be a matter of time before criminals exploit the holes that spies have opened. On top of that, the existing protections we do have are now weaker than they should be, thanks to the NSA's interference. Any flaws or weaknesses the spies have snuck in are issues that affect all of us. The question is: what can you do about it? There are still strong encryption methods that can keep our online activities safe and secure, but they're not always easy enough for everyday use. Furthermore, at this point we should assume any encryption method has and will be targeted and penetrated by spy agencies such as the NSA and GCHQ. If you're angered at the prospect of the NSA reading your emails, or worried about the security implications of the backdoors apparently built into Google and Microsoft services (which the companies naturally deny) another alternative is to switch to a less well-known email provider.
What do we think?
We think this is surely the most explosive revelation to come via Edward Snowden, and it smacks of arrogance on the part of the NSA. The agency seems to think it's the only one with a right to privacy and security, and has effectively put billions of web users at risk to make its job easier. We also wonder about the exact nature of that job. Has access to all this private data led to any benefits? Have any terror attacks been thwarted? Frankly, we don't know. The NSA refuses to provide any details and the tech firms have all been gagged from disclosing further information. But at this point, we have to say, we don't really trust anyone with our data.
Information leaked by whistleblower Edward Snowden alleged that the US National Security Agency (NSA) has cracked portions of the encryption techniques that keep our online activities secure. According to reports, the NSA has spent billions of dollars over the past decade on trying to break encryption, and in 2010 it partly succeeded. The first technique to be cracked was HTTPS, the system that encrypts most webmail services and social-networking traffic. The second was Secure Sockets Layer (SSL), which protects transactions when you're shopping and banking online. However, that's not all: the NSA is also accused of deliberately weakening online encryption systems, in order to "undermine the major tools protecting the privacy of everyday communications" (http://nyti.ms/1bzp4Tu). For example, a flaw discovered by Microsoft in an international encryption standard is now believed to have been inserted by US government spies. A number of unnamed web and security companies were accused of collaborating with the NSA by putting 'backdoors' into their products to give spies access to encrypted data when they couldn't break in themselves. The reports didn't reveal just how far US spies have got in their attempts to crack encryption and suggested that other forms of "strong" encryption remain secure - but for how long remains to be seen. The leaked documents said the goal of the encryption-cracking operation, which is echoed by similar, though less extensive efforts from the UK's GCHQ (Government Communications Headquarters), is to ensure spies have the ability to comb through internet traffic and activity to prevent terrorism and crime. Security expert Bruce Schneier told The Guardian that "the NSA is undermining the very fabric of the Internet" (http://bit.ly/1f2kEbT), and called for web engineers to fight back and come up with new methods of protection. Reports also stated that the two spying agencies had cracked mobile phones, obtaining access to messages, contacts and other private data on Android, Apple and BlackBerry devices.
How will it affect you?
The exact effects of these revelations are impossible to tell, but it means that anyone - and it could only be a matter of time before criminals exploit the holes that spies have opened. On top of that, the existing protections we do have are now weaker than they should be, thanks to the NSA's interference. Any flaws or weaknesses the spies have snuck in are issues that affect all of us. The question is: what can you do about it? There are still strong encryption methods that can keep our online activities safe and secure, but they're not always easy enough for everyday use. Furthermore, at this point we should assume any encryption method has and will be targeted and penetrated by spy agencies such as the NSA and GCHQ. If you're angered at the prospect of the NSA reading your emails, or worried about the security implications of the backdoors apparently built into Google and Microsoft services (which the companies naturally deny) another alternative is to switch to a less well-known email provider.
What do we think?
We think this is surely the most explosive revelation to come via Edward Snowden, and it smacks of arrogance on the part of the NSA. The agency seems to think it's the only one with a right to privacy and security, and has effectively put billions of web users at risk to make its job easier. We also wonder about the exact nature of that job. Has access to all this private data led to any benefits? Have any terror attacks been thwarted? Frankly, we don't know. The NSA refuses to provide any details and the tech firms have all been gagged from disclosing further information. But at this point, we have to say, we don't really trust anyone with our data.
1 comments:
This comment has been removed by a blog administrator.
Post a Comment