Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Does encryption really shield you from government's prying eyes?

Zach Miners | June 17, 2013
Encrypting data may not guard against surveillance, some experts say, while others argue in favor of taking steps to protect privacy.

But the thinking goes that if you take the government at its word, then the NSA is not listening in on phone calls anyway, at least not in a blanketed way. Instead, it's more like the government is saying to telecommunications companies, "Hey, so-and-so sent out 100 billion text messages. Send those to me," Schneier said.

There are legal avenues to gain access to encrypted data and some of these would oblige companies to either provide the keys or provide the unencrypted data.

In its privacy statement, Silent Circle acknowledges that its servers "generate log files that contain IP addresses," and notes that every six months the company will post how many data requests from worldwide law enforcement agencies it has received, how many customers were involved and what agency or organization made the request.

But gag orders may not accomplish much if the data is truly encrypted end to end, which is what companies like Silent Circle try do. However, end-to-end encryption is hard to achieve and increases costs.

Government metadata analysis alone should raise concerns among U.S. residents, said EFF's Schoen. The practice of looking at who is contacting whom might sound boring to some, or prompt the question, "what's the privacy harm there?" said Schoen. But if the government can track a person's IP address, that information can be used to, say, reveal a love affair, if one person were to log on to his or her email account from a new IP address, he said.

"It can show where someone spent the night," EFF's Schoen said. "The privacy concerns here can be much graver than you would think."

For those reasons and others, some privacy groups, like the Electronic Privacy Information Center, have questioned the legality of the NSA's Verizon data-collection scheme.

Meanwhile, when it comes to encrypting actual content like email messages, chats, videos and photos, there are generally two ways to go: There are services for encrypting information sent between people, like Silent Circle and RedPhone, and there are applications for creating secure connections between people and across networks. For instance, there are open source services like OpenVPN, which is designed to establish an encrypted virtual private network (VPN) between computers.

There is HTTPS Everywhere, a plug-in extension for Firefox and Chrome browsers that is designed to automatically employ the Hypertext Transfer Protocol Secure (HTTPS) program for websites that offer it. HTTPS is designed to build on top of standard SSL/TLS cryptographic protocols to protect against eavesdropping of data by third parties, and to help ensure that the website being accessed is legitimate and not operated by a bogus group.

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.