Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Google plan to thwart government surveillance with encryption raises stakes

Antone Gonsalves | Sept. 11, 2013
Strategy would make probing data flow expensive and hard, likely forcing the NSA to obtain a court order for targeted data.

The NSA's capabilities for cracking encryption are not known outside the agency. However, the most secure part of an encryption system remains the "mathematics of cryptography," Schneier said. The greater weaknesses, and the ones mostly likely to be exploited by governments in general, are the systems at the start and end of the data flow.

"I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks," Schneier said in a blog post. "Those are where the real vulnerabilities are, and where the NSA spends the bulk of its efforts."

Bocek agreed, saying that the most serious vulnerabilities are often in the systems companies use to manage the keys and certificates for encrypting data.

"While encryption provides a significant barrier and certainly makes it economically expensive if I'm going to attack directly, it doesn't mean that I as the enterprise is invincible," he said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.