Does encryption really shield you from government's prying eyes?
Encrypting data may not guard against surveillance, some experts say, while others argue in favor of taking steps to protect privacy
IDG News Service - If you're thinking about encrypting email in light of revelations about U.S. government spying, you may be wasting your time.
Recent leaks about surveillance efforts by the secretive National Security Agency have sparked a wide range of questions during the last week over online privacy, or lack thereof, as well as possible violations of the Constitution. But at this stage, the exact methods employed by the nation's top intelligence agencies to gather information in the interest of national security are still fuzzy.
At the very least, the NSA has confirmed that it is collecting Verizon phone records to examine their metadata and analyze call patterns between people. The NSA's Prism system apparently goes even further, reportedly accessing servers at Google, Apple, Microsoft, Facebook and other major companies, to collect data that the agency is storing for possible surveillance and investigations.
With such large amounts of personal data at stake, one question is the extent to which encryption -- a process for scrambling digital information so only certain groups of people can decipher it -- can succeed in shielding consumers from government surveillance.
The answer is complicated, and depends on the definition of "government surveillance," which is still not entirely clear. But for some security experts, encryption is a non-issue, period.
For instance, if the government is doing only what it claims to be doing with cellphone calls, which is performing traffic analysis to look at patterns and see where calls are coming from and going to, there are no good avenues for encrypting that, some say.
"The fact that I called you, or you called me, that has nothing to do with encryption," said security expert Bruce Schneier. "This is not communications eavesdropping. This is eavesdropping at the endpoints," he said.
Encrypting those endpoints is a lot harder than encrypting, say, emails or phone calls themselves, if not impossible outright, said Seth Schoen, senior staff technologist at the Electronic Frontier Foundation. "You still have to tell the ISP that we want to talk to each other," he said. "You can't really scramble a phone number, because the company needs to know how to complete the call," he said.
There are services for encrypting phone calls end to end, like Silent Circle, which announced discounts citing "overwhelming demand" for their services following the NSA spying reports. In addition to calls, the company also offers encrypted video, texting and email over its network. End-to-end encryption aims to encrypt information through all phases -- at rest, in transit and in use.
There is also RedPhone and TextSecure, two mobile apps made by open source developer WhisperSystems, for end-to-end encryption of phone calls and text messages, respectively. Cryptocat is another player.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Top tips for securing big data environments - Why big data doesn't have to mean big security challenges Organizations don't have to feel overwhelmed when it comes to securing big data environments. The same security fundamentals for securing databases, data warehouses...
- Top 3 Myths about Big Data Security : Debunking common misconceptions about big data security Big data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. But how are...
- Three guiding principles for data security and compliance Data security is a moving target-as data grows, more sophisticated threats emerge; the number of regulations increase; and changing economic times make it...
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva.
- How SIEM Addresses the Challenges of Big Security Data This webcast will help you understand today's big data security challenges and how intelligent and scalable SIEM solutions give IT the tools and... All Data Security White Papers | Webcasts