Snowden advocates at SXSW for improved data security
The best encryption may conflict with the business model of Google and Facebook, speakers said at the show
IDG News Service - Encryption technologies can be a powerful tool against government surveillance, but the most effective techniques are still largely out of reach to the average Internet user, former NSA contractor Edward Snowden said Monday.
"Encryption does work," Snowden said, speaking via satellite video from Russia at the South by Southwest Interactive technology festival in Austin, Texas. "We need to think of encryption not as an arcane black art, but as a basic protection in the digital realm," the former U.S. National Security Agency contractor said.
Snowden chose to speak at SXSW rather than before a legislative or policy group because it's the technology community that can really fix security and digital rights, he said. "This is something we should not only implement, but actively research and improve on an academic level," he said.
But now, the best encryption, like end-to-end encryption, often does not find its way into mainstream product and is not always employed by major Internet companies that depend on advertising.
Ideally, more companies would make strong encryption a default part of their services, without requiring action from the consumer, or burying the option several menus deep. It may be difficult, however, for companies like Google and Facebook to adopt the strongest encryption protocols like end-to-end encryption, Snowden said during a discussion about security with two representatives from the American Civil Liberties Union. Those companies gather lots of data about their users and use it for advertising. It's harder to gather that data when the endpoints are encrypted, the speakers said.
Since the disclosures began last June from documents leaked to reporters by Snowden, "companies have improved their security," said Chris Soghoian, a senior policy analyst with the ACLU Speech, Privacy and Technology Project. There is security, for instance, between user's computers and Google's servers, he said.
But it's difficult for major Internet companies providing a free service to offer end-to-end encryption because it conflicts with their business model, he said. Unfortunately, the tools that offer secure, end-to-end online communications are not polished or easy to use, speakers said. "The tools designed with security as a first goal are often developed by independent developers, activists and hobbyists," he said.
After previously classified documents were leaked by Snowden, a number of large technology companies, including Google, Microsoft and Yahoo announced new protocols for encrypting users' data. Yhe problem is that one of the most commonly used encryption technologies, known as TLS (Transport Layer Security) is not that strong against the intelligence gathering community, Snowden said.
TSL encryption, which is used by services owned by Google and Skype, encrypts communications at the point of transport and then the companies de-crypt and re-encrypt it, Snowden said. End-to-end encryption, on the other hand, forces intelligence-gathering groups to target individual computers, which are much harder to crack.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center... All Cybercrime and Hacking White Papers | Webcasts