NSA revelations show need to encrypt data

November 13, 2013 10:46 am | Updated November 16, 2021 07:38 pm IST - Frankfurt

Every revelation about the spying activities of the US National Security Agency (NSA) only makes it clearer that people need to encrypt their online data if they want to keep it away from prying eyes.

That point was only made clearer by a recent Washington Post report that alleged the spy agency was trawling for data from Google and Yahoo.

“If you make a point of encrypting emails, you make it significantly more difficult for the security agencies,” says Stefan Katzenbeisser of the Center for Advanced Security Research (CASED) at the Darmstadt Technical University in Germany.

But it’s easier said than done. Encryption only really works if both the writer and recipient use the same secrecy methods. Proper encryption also relies on something called a certificate, which can be hard for a normal person to access.

“The infrastructure is really lacking for the mass market,” complains Katzenbeisser. It doesn’t help that a lot of email programmes don’t offer an encryption option. Those who are really interested in security first have to get a plug-in.

Nor are emails the only kind of files affected by NSA attacks.

Cloud storage centres are another target. These can be encrypted with systems like Truecrypt, Cloudfogger or Boxcryptor, for example.

But doing so can make it more difficult to upload and download files.

Maintaining the programmes, however, is easy enough for most novices.

Aside from encryption, web users should always make sure that connections are secure. That means using things like SSL protocols, which provide added privacy on browsers and can be recognized by the letters “https” at the beginning of a web address and a padlock icon.

The real trick is to never let down one’s guard.

When using open wi-fi networks, be aware that anyone else can access your files, whether it be spies or regular criminals looking for banking information.

Another option is to switch to an internet provider with no US-based servers.

“It’s obviously easier for US agencies to access US services,” says Katzenbeisser. But information is not necessarily safe elsewhere. “I never know if maybe someone’s spying there, like, perhaps, the local security agency.” Nor are there guarantees that services in other countries don’t have their own security problems.

German magazine c’t ran a test of German email services and discovered that most had failed to engage a system that ensured that files encrypted in the past kept that protection in all circumstances ... like when seized by a government agency.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.