Encryption: Are there any secrets on the Web?
The NSA has cracked common forms of encryption used not just by terrorists, but also by regular consumers and businesses.
Is anything online safe? asked Larry -Seltzer in ZDNet.com. Last week, a joint report from The Guardian, The New York Times, and ProPublica.org revealed that the National Security Agency had managed to crack many common forms of encryption used on the Internet not just by terrorists, but also by regular consumers and businesses. The NSA’s efforts appear mostly geared “to get around the cryptography rather than to break it directly,” often using “black-hat methods.” The truly upsetting revelation is that the NSA is allegedly working hand in hand with tech companies to gain backdoor access, allowing analysts “to sniff traffic to these sites unimpeded by encryption.”
Let’s not freak out, said Sean Lawson in Forbes.com. “The fact is that the NSA is not likely to want into your, or my, computer.” The real problem is that other people might. It now appears that some common tools—like the encryption many companies use to protect their private networks and the 4G/LTE encryption used by wireless carriers—might be vulnerable to NSA intrusion. But such encryption can still “provide protection against the more likely threat, which is a malicious actor in the coffee shop sniffing traffic and stealing personal information from other users.” The key to personal Internet security is to stay vigilant. It makes no sense to abandon tools that enhance your privacy out of concern over “a ubiquitous adversary that is likely not targeting you, and that you likely could not stop anyway.”
And there are plenty of such tools at your disposal, said Bruce Schneier in The Guardian. As long as you’re using the latest software, the best encryption available, and a strong password, odds are your data will be safe, at least from the garden-variety hackers that do the most damage. But if you’re concerned, start using software like Tor, which anonymizes your network activity. Hackers and the NSA might target Tor users and others who encrypt their communications, “but it’s work for them.” And by taking those precautions, “you’re much better protected than if you communicate in the clear.” For the absolute highest security, break the chain of transmission with an “air gap.” That is, buy a new computer that has never been connected to the Internet and transfer files only on physical media, such as USB sticks. And don’t trust commercial or proprietary security software, especially from larger vendors. “My guess is that most encryption products from large U.S. companies have NSA-friendly back doors.” Open-source products are much more difficult for hackers to secretly infiltrate or modify.