Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Does encryption really shield you from government's prying eyes?

Zach Miners | June 17, 2013
Encrypting data may not guard against surveillance, some experts say, while others argue in favor of taking steps to protect privacy.

There are also cloud storage encryption services like Mega, or SpiderOak, which claims to have zero-knowledge of users' data.

But on a practical level, people need to consider that if the company cannot read their files, that can limit the features and convenience afforded by the service. It's a little hard to filter out spam, for instance, if the email client can't see your emails, said EFF's Schoen. Researchers at the Massachusetts Institute of Technology are trying to solve this problem with "homomorphic encryption," which would let Web servers process data without decrypting it.

This smorgasbord of encryption services is what makes things tricky. "There are very specific things we mean when we talk about privacy," said Eben Moglen, a professor of law at Columbia University and chairman of the Software Freedom Law Center. Surveillance of communication endpoints is the "anonymity" type of privacy, but when people start talking about the actual contents of messages or files, that falls under a different category called "secrecy."

"A message is secret if its contents are known only to the sender and the recipient," he said. But as far as whether the government is listening in on those messages — encrypted or not — and how much it is listening, and which governments are listening, the answer could be yes, no or maybe, Moglen said.

One of the biggest questions right now is how powerful the government's code-breaking tools are, and the extent to which they are capable of cracking the algorithms, and at what speed, that power modern encryption programs.

"The U.S. government doesn't tell us how many codes it can break," Moglen quipped.

"I can't tell you what encryption methods the government can defeat," he said. "I can tell you it's as good, if not better, than the best stuff in the world."

But even if the government can't crack the codes just yet, there is still the anonymity problem of the government seeing who sent what to whom.

And there's still a whole other layer of privacy concerns related to what Moglen calls "autonomy," which deals with how people change their behavior or self-censor what they say online because they're fearful of who is listening.

Experts agree that the aforementioned services and software generally work well as a guard against more incidental eavesdropping or keeping less tenacious hackers out of Internet communications in open Wi-Fi environments like coffee shops.

In the computer security world, "who exactly we are trying to protect ourselves against is one of the key questions," said EFF's Schoen. "Some are easier to protect against than others."

But are Internet users really fearful of snooping? Or have events like 9/11, and high-profile laws like the Patriot Act and the Foreign Intelligence Surveillance Act, which is at the heart of the alleged Prism program, made people too cynical to care?

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.