Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Foreign messaging services complicate government spying

Antone Gonsalves | July 12, 2013
Pirate Bay co-founder's new service, called Heml.is, hides the plaintext information from any entity collecting the data

Privacy concerns sparked by leaks about massive U.S. surveillance programs has spurred encrypted messaging services overseas that could complicate government spying efforts, experts say.

The latest effort to launch such a service was announced recently by Pirate Bay co-founder Peter Sunde and two other Swedish developers. Called Heml.is, the plan is to provide end-to-end encryption, which means messages will be encrypted on the end user devices, hiding the plaintext information from any entity collecting the data.

Whether Sunde and his partners will get Hel.is off the ground remains to be seen. The group is currently in the process of crowd-funding the project and as of Tuesday had raised roughly half of their $100,000 goal, according to its Twitter feed.

Heml.is, which means "secret" in Swedish, will not be the first encrypted messaging service that will have servers located outside the U.S. For example, the Seecrypt Group has its development and network operations based in Pretoria, South Africa.

The media attention given to Heml.is stems from Sunde's notoriety. In 2008, he and three other Pirate Bay operators were sentenced in Sweden to a year in prison for helping to make copyrighted content available through the file-sharing service.

Sunde's shift from defying copyright law to thwarting government spying raises the question of the effectiveness of such efforts, since there are times when communications should be disclosed. While people have a right to privacy, government and law enforcement should have access to email and text messaging in investigating possible terrorists and suspected criminals.

Encrypting messages is legal, but under the Communications Assistance for Law Enforcement Act (CALEA), telephone carriers and Internet service providers have to provide police with a backdoor to gather information during an investigation. The U.S. National Security Agency, which has raised a huge privacy debate in the U.S. with its PRISM surveillance program, gets more leeway in collecting data on the grounds of national security.

Encryption can be broken, so it is no guarantee of privacy. However, depending on the technology used, decrypting the data can be extremely difficult.

"We have encryption that's good enough that no coalition of private companies or individuals are going to break it," Matthew Green, research professor in cryptography at John Hopkins University, said. "We don't know whether the NSA has those capabilities, but since they're the NSA, we assume they can do lots of stuff."

However, rather than spend money and time decrypting information, the NSA would more likely have the Federal Bureau of Investigation bug the phones or houses of suspects or plant malware in their computers, Green said.

As important as the encryption in protecting privacy is the metadata attached to communications over messaging services. That data is what's used to identify the senders and recipients, as well as the time they communicated and their location.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.