NSA & The Rise of Cryptography

Posted by on Sep 16, 2013

You might think that the NSA would back off of their rampant citizen spying programs after the enormous international backlash against the PRISM program. Unfortunately, it doesn’t seem that assuaging public rage is on the NSA’s docket. Recent revelations published by the Guardian indicated that the NSA and UK’s GCHQ have continued to broaden digital espionage programs. Privacy advocates are fighting back through legislation, but the best way to protect your digital rights in the meantime is to exclusively upload to a secure cloud provider that offers both data privacy and user anonymity.

NSA & Cryptography Image from fcw.com

According to files published by the Guardian, the NSA spends over $200 million annually on a programs which seeks to “covertly influence” technology product designs. Additionally, the NSA has allegedly been involved in a decade-long program that enabled Internet cable taps. Over in the UK, a GCHQ team is developing a way to crack the encryption efforts of Facebook, Google, Yahoo, and Hotmail. In a leaked GCHQ document from 2010, the joint intent to crack encrypted data was made public. The document states, “For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used Internet encryption technologies. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.” This has troubled both privacy advocates and libertarians that feel their digital rights are being infringed. According to Bruce Schneier, Harvard fellow at the Berkman Center for Internet and Society, “Cryptography forms the basis for trust online. By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet.”

Bruce Schneier photo from Wired.com

Cryptography researcher Matthew D. Green of Johns Hopkins University agrees that attempting to build and implement such backdoor spying programs is dangerous. According to Green, “The risk is that when you build a back door into systems, you’re not the only one to exploit it. Those back doors could work against U.S. communications, too.” Other countries and spies could use these programs against our own national interest, especially given that the Snowden and Manning Leaks show that the government doesn’t quite have a good handle on its sensitive data. As law professor James Grimmelmann says, “Start from the point that if the NSA had competent security, Snowden wouldn’t have been able to do a tenth of what he did. You give sysadmins privileges on specific subsystems they administer. And you do not give them write access to the logs of their own activity. The NSA should be grateful that Snowden got there first, and not the Chinese.”

Other privacy advocates and cryptographers feel disheartened, as all of this just seems like a regurgitation of the same played out debates over the NSA Clipper Chip encryption back door program proposed in the 1990s. Cryptographer and SSL protocol designer, Paul Kocher, expressed his frustration with the current debacle. In regards to the NSA’s attempts at creating an encryption backdoor, he said, “And they went and did it anyway, without telling anyone. The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort. This is the golden age of spying.”

Snowden’s NSA Cryptology Leak from Wired.com

This should send anyone who is scared toward proper encryption and secure cloud services. For as Edward Snowden recently asserted, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.” Along with proper encryption and exclusive storage and syncing with a secure cloud service, Bruce Schneier offered the Guardian five simple steps to stay secure despite NSA surveillance programs:

1) Hide in the network.

2) Encrypt your communications.

3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn’t.

4) Be suspicious of commercial encryption software, especially from large vendors.

5) Try to use public-domain encryption that has to be compatible with other implementations.

Staying Safe With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

Leave a Reply