Civil Liberties

Expect NSA Snooping Revelations To Make Encryption a Lot More Popular



As noted at Reason 24/7, the international fuss over revelations of NSA spying on telephone communications and Internet traffic has raised the profile of encryption technology, which makes it more difficult to snoop on data and communications, if not necessarily impossible. Publications around the world are talking up the need for people to scramble their phone conversations and email to keep snoops in the U.S. (and elsewhere) from having quite so easy a job of playing world-wide peeping tom. Not surprisingly, companies and organizations that offer encryption products are seeing a bit of a boom.

From the Times of India:

NEW DELHI: Despite vast surveillance operations, governments will not be able to detect every suspicious interaction that takes place on phone and Internet networks, experts have said. By using encryption software that is readily available off the shelf, citizens can make it very difficult for government agencies to snoop in on their phone conversations or even messages exchanged over the Internet.

So, electronic surveillance programmes, such as the US government's PRISM—through which it clandestinely keeps a tab on people around the world by gathering data from several corporations—and India's Central Monitoring System, can do very little if users are determined to go off the radar.

"The point is not how easy the surveillance is to bypass; the point is how easy is it to evade notice even though everyone is being monitored all the time. And the answer is: very easy," said Bruce Schneier, a security technologist and author of Liars and Outliers, a book about security in the information society. Concerns about governments invading into the privacy of its citizens have come to the fore after classified documents about the PRISM programme were leaked to the media on June 6 by Edward Snowden, a former American intelligence officer and technical contractor.

Fox News, whicch has been having a barely concealed debate among its on-air talent over the freedom/security divide, seems to have come down on the quasi-libertarian side. Flipping through the news channels today, I've seen interviews on the station with representatives of both Silent Circle and Seecrypt. Silent Circle boasts that it can't comply with government requests for data because it designed its system so that it has no access to users' communications, and Seecrypt touts its base in South Africa as making it immune to U.S. laws and pressure. The two companies appear to be having a cheerful price war to attract customers at an especially opportune moment. Quite encouragingly, both companies have caused fits among the intelligence community, which is now pushing for mandated backdoors in phones to get around encryption software. But that "fix" poses certain risks, as you might guess. "Building holes and backdoors into widely-available software and services creates vulnerabilities that can be exploited by a range of bad actors, including hackers," warns Peter Swire, an Ohio State University law professor and senior fellow with the Future of Privacy Forum.

If you don't relish the thought of paying a monthly fee for secure communications, there are a range of free products, too. Open Whisper Systems offers the free apps RedPhone and TextSecure, which do much of what the commercial products do. The apps are open source, so they're available for scrutiny to check for glitches, weaknesses — and backdoors.

Don't forget your email. For email communications, it's hard to beat the various iterations of Pretty Good Privacy (PGP). PGP was originally designed by Phil Zimmerman, who now works with Silent Circle. If you use Thunderbird for email, it can be enhanced with a PGP add-on like Enigmail.

And for full-computer encryption that can even conceal the fact that you're hiding anything, give TrueCrypt a look. The nice thing about TrueCrypt is that, by concealing the existence of encrypted data, it makes it less likely that anybody will try to break through your protections. And, ultimately, no security is perfect.