NSA revelations show need to encrypt data

Every revelation about the spying activities of the US National Security Agency (NSA) only makes it clearer that people need to encrypt their online data if they want to keep it away from prying eyes.

That point was only made clearer by a recent Washington Post report that alleged the spy agency was trawling for data from Google and Yahoo.

“If you make a point of encrypting emails, you make it significantly more difficult for the security agencies,” says Stefan Katzenbeisser of the Center for Advanced Security Research (CASED) at the Darmstadt Technical University in Germany.

But it’s easier said than done. Encryption only really works if both the writer and recipient use the same secrecy methods. Proper encryption also relies on something called a certificate, which can be hard for a normal person to access.

“The infrastructure is really lacking for the mass market,” complains Katzenbeisser. It doesn’t help that a lot of email programmes don’t offer an encryption option. Those who are really interested in security first have to get a plug-in.

Nor are emails the only kind of files affected by NSA attacks.

Cloud storage centres are another target. These can be encrypted with systems like Truecrypt, Cloudfogger or Boxcryptor, for example.

But doing so can make it more difficult to upload and download files.

Maintaining the programmes, however, is easy enough for most novices.

Aside from encryption, web users should always make sure that connections are secure. That means using things like SSL protocols, which provide added privacy on browsers and can be recognized by the letters “https” at the beginning of a web address and a padlock icon.

The real trick is to never let down one’s guard.

When using open wi-fi networks, be aware that anyone else can access your files, whether it be spies or regular criminals looking for banking information.

Another option is to switch to an internet provider with no US-based servers.

“It’s obviously easier for US agencies to access US services,” says Katzenbeisser. But information is not necessarily safe elsewhere. “I never know if maybe someone’s spying there, like, perhaps, the local security agency.” Nor are there guarantees that services in other countries don’t have their own security problems.

German magazine c’t ran a test of German email services and discovered that most had failed to engage a system that ensured that files encrypted in the past kept that protection in all circumstances ... like when seized by a government agency.

Our code of editorial values

This article is closed for comments.
Please Email the Editor

Printable version | Sep 27, 2022 6:01:50 pm |