Techies vs. NSA: Encryption arms race escalates

Discussion in 'General Discussion' started by tulianr, Nov 29, 2013.

  1. tulianr

    tulianr Don Quixote de la Monkey

    SAN JOSE, Calif. (AP) — Encrypted email, secure instant messaging and other privacy services are booming in the wake of the National Security Agency's recently revealed surveillance programs. But the flood of new computer security services is of variable quality, and much of it, experts say, can bog down computers and isn't likely to keep out spies.

    In the end, the new geek wars —between tech industry programmers on the one side and government spooks, fraudsters and hacktivists on the other— may leave people's PCs and businesses' computer systems encrypted to the teeth but no better protected from hordes of savvy code crackers.

    For those who want to take matters into their own hands, encryption software has been proliferating across the Internet since the Snowden revelations broke. — Swedish for "secret" — is marketed as a secure messaging app for your phone. MailPile aims to combine a Gmail-like user friendly interface with a sometimes clunky technique known as public key encryption. Younited hopes to keep spies out of your cloud storage, and Pirate Browser aims to keep spies from seeing your search history. A host of other security-centered programs with names like Silent Circle, RedPhone, Threema, TextSecure, and Wickr all promise privacy.

    The quality of these new programs and services is uneven, and a few have run into trouble. Nadim Kobeissi, developed encrypted instant messaging service Cryptocat in 2011 as an alternative to services such as Facebook chat and Skype. The Montreal-based programmer received glowing press for Cryptocat's ease of use, but he suffered embarrassment earlier this year when researchers discovered an error in the program's code, which may have exposed users' communications.
    ….. also encountered difficulties and angered users when its creators said they wouldn't use open source — or publicly auditable — code. And Silent Circle abruptly dropped its encrypted email service in August, expressing concern that it could not keep the service safe from government intrusion.

    Even so, private services report thousands of new users, and nonprofit, free encryption services say they have also see sharp upticks in downloads.

    And for many users, encryption really isn't enough to avoid the U.S. government's prying eyes.

    Paris-based Bouygues Telecom told its data storage provider Pogoplug in San Francisco that it needs the data center moved out of the U.S. to get out from under the provisions of U.S. law. So this month, PogoPlug CEO Daniel Putterman is keeping Bouygues as a client by shipping a multi-million dollar data center, from cabinets to cables, from California to France.

    "They want French law to apply, not U.S. law," says Putterman, who is also arranging a similar move for an Israeli client.

    For Pogoplug, business is booming — it's garnered close to 1 million paid subscribers in its first year — and Putterman says the company is anxious to accommodate concerned clients. And this month, Pogoplug launched a $49 software package called Safeplug that prevents third parties, from the NSA to Google, from learning about a user's location or browsing habits.

    But many warn that encryption offers a false sense of security.

    "The fundamental designers of cryptography are in an arms race right now, but there are a series of weaknesses and missing oversights that have nothing to do with encryption that leave people vulnerable," says Patrick Peterson, CEO of Silicon Valley-based email security firm Agari. And many that do work, bog down or freeze computers, forcing "a trade-off between security and convenience," he says.

    In addition, experts agree that with enough time and money, any encryption can be broken. And already the NSA has bypassed —or altogether cracked— much of the digital encryption that businesses and everyday Web surfers use, according to reports based on Snowden's disclosures. The reports describe how the NSA invested billions of dollars, starting in 2000, to make nearly everyone's secrets available for government consumption.

    Meanwhile, the U.S. government's computing power continues to grow. This fall, the NSA plans to open a $1.7 billion cyber-arsenal — a Utah data center filled with super-powered computers designed to store massive amounts of classified information, including data that awaits decryption.

    Techies vs. NSA: Encryption arms race escalates - Yahoo News
    Yard Dart and BTPost like this.
  2. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Many of us have been using Encrypted eMail for decades.... This is nothing new to us.... Some even use Hidden Servers, with NO DNS Encumbrances, for our Encrypted Emails, and have for decades. If you can't look it up, it is as anonymous, as it can be. Just one fixed IP Address, among billions. Recently we have gone to using, Spread Spectrum, like IP Addressing, where the IP Address of the Server, moves between a series of IP addresses, and "Hops" once every Minute, or so... There are many ways to deal with SECURE Messaging via Encrypted eMail, and Encrypted Comms.... and it IS, a WAR, of nerds..... even if some of US, have long since dumped out Black Plastic Glasses Frames and Pocket Protectors.....
    tulianr likes this.
  3. ghrit

    ghrit Bad company Administrator Founding Member

    Thing is, if suddenly your messages appear to be encrypted, it'll attract attention.
  4. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Only if they are LOOKING, for that specific IP Address, in their Filter, OR if they LOOK at each individual Packet flowing thru their Tap, to see if it is actually, an Encrypted Packet, which you can't tell except by analyzing the Data Portion of EACH Packet.... That takes MASSIVE amounts of REAL TIME computing Power. Many of us do NOT use Standard IP eMail Protocols (SMTP, POP, IMAP) for sending Encrypted eMails to our Servers, and those Servers do NOT respond to those Protocols, and, or Standard Ports, but only our own Packets, using our own Protocols, on non-standard Ports. It is a "Catch US if you think you are smart enough"... Do you think they have penetrated the such Networks as "Anonymous" and If they had, they wouldn't have scooped up those Yahoos, in an instant? There are MANY such Networks, flowing around the Internet, so far below ANY NSA Radar, that they would need to dig to china just to get a whiff of them.... ....
survivalmonkey SSL seal warrant canary