Skip the navigation

Does encryption really shield you from government's prying eyes?

Encrypting data may not guard against surveillance, some experts say, while others argue in favor of taking steps to protect privacy

By Zach Miners
June 14, 2013 01:19 PM ET

IDG News Service - If you're thinking about encrypting email in light of revelations about U.S. government spying, you may be wasting your time.

Recent leaks about surveillance efforts by the secretive National Security Agency have sparked a wide range of questions during the last week over online privacy, or lack thereof, as well as possible violations of the Constitution. But at this stage, the exact methods employed by the nation's top intelligence agencies to gather information in the interest of national security are still fuzzy.

Spying
The NSA has been watching.

At the very least, the NSA has confirmed that it is collecting Verizon phone records to examine their metadata and analyze call patterns between people. The NSA's Prism system apparently goes even further, reportedly accessing servers at Google, Apple, Microsoft, Facebook and other major companies, to collect data that the agency is storing for possible surveillance and investigations.

With such large amounts of personal data at stake, one question is the extent to which encryption -- a process for scrambling digital information so only certain groups of people can decipher it -- can succeed in shielding consumers from government surveillance.

The answer is complicated, and depends on the definition of "government surveillance," which is still not entirely clear. But for some security experts, encryption is a non-issue, period.

For instance, if the government is doing only what it claims to be doing with cellphone calls, which is performing traffic analysis to look at patterns and see where calls are coming from and going to, there are no good avenues for encrypting that, some say.

"The fact that I called you, or you called me, that has nothing to do with encryption," said security expert Bruce Schneier. "This is not communications eavesdropping. This is eavesdropping at the endpoints," he said.

Encrypting those endpoints is a lot harder than encrypting, say, emails or phone calls themselves, if not impossible outright, said Seth Schoen, senior staff technologist at the Electronic Frontier Foundation. "You still have to tell the ISP that we want to talk to each other," he said. "You can't really scramble a phone number, because the company needs to know how to complete the call," he said.

There are services for encrypting phone calls end to end, like Silent Circle, which announced discounts citing "overwhelming demand" for their services following the NSA spying reports. In addition to calls, the company also offers encrypted video, texting and email over its network. End-to-end encryption aims to encrypt information through all phases -- at rest, in transit and in use.

There is also RedPhone and TextSecure, two mobile apps made by open source developer WhisperSystems, for end-to-end encryption of phone calls and text messages, respectively. Cryptocat is another player.

Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!