It seems that the American government’s clandestine activities targeting its own citizens knows no bounds; moreover, it seems that the UK is following suit.
In the latest installment of Edward Snowden’s claims, he has released classified documents that indicate that the US and British governments were able to crack much of the online encryption employed by Internet users today.
This most recent accusation not only points the finger at the American NSA, but also accuses the British GCHQ of taking part in compromising the privacy of millions. With Snowden’s claim in mind, what can we do now that the NSA and the GCHQ have now exploited nearly all Internet encryption algorithms.
Arsenal of Encryption Cracking Weapons
According to the files that Snowden released and that were reported on by the Guardian and the New York Times, both of the intelligence agencies have an arsenal of encryption cracking weapons at their disposal. The Guardian wrote that these weapons consist of:
–> Covert measures to ensure NSA control over setting of international encryption standards
–> Use of supercomputers to break encryption with “brute force”
–> Collaboration with technology companies and Internet service providers themselves (1)
With such practices being deployed, it seems that these two government agencies have totally undermined security across the Internet; nevertheless, the U.S. National Institute of Standards and Technology (NIST) claims that encryption algorithms are as strong as ever. In a press release issued by NIST in response to the Snowden leak, the organization stated:
Recent news reports have questioned the cryptographic standards development process at NIST. We want to assure the IT cyber-security community that the transparent, public process used to rigorously vet our standards is still in place. (2)
However it is also important to note that in that same press release, NIST also states, “NIST is also required by statute to consult with the NSA.” (2)
What Does This Mean for You?
The big question is what does this all mean for the average Internet user. Should we abandon all encryption going forward? Or should we use the current encryption techniques knowing that the NSA can look in on us at any given time?
Can we only expect any sort of privacy only if we totally abandon the Internet altogether? According to Dan Auerbach, a staff technologist at the Electronic Frontier Foundation (EFF), you can still rely on some encryption but do not put all your eggs in one basket.
Auuerbach tells CBC, “The good news is that strong privacy tools exist. The bad news is that there’s no magic bullet.” Meaning that if we want to protect our private data, then we need an arsenal of our own.
PCWorld agrees with the approach of having a variety of privacy tools at your disposal. Yet, if many corporations have been infiltrated by the NSA, which tools should we use? PCWorld suggests embracing the Open Source movement. There are a variety Open Source tools that are produced independently of major corporations and do not have required partnerships with the NSA. Some of these tools are:
–> TrueCrypt for encrypting files folders and drives on your computer
–> GPG for encrypting e-mail
–> TAILS, an Open Source operating system designed with privacy and personal security in mind
–> TOR for web-browsing
–> OTR for instant messaging
The recent accusations made by Snowden against the NSA and the GCHQ is just one more in a series of files released by the former intelligence agent. If what the Snowden files state are true, then it is entirely plausible that the two intelligence agencies have undermined security throughout the World Wide Web.
In addition, if we, consumers of the Internet, are to believe the Snowden files, then the only way we can trust that our privacy is being protected is to take our privacy into our own hands. Even that is not foolproof.
Do we trust the government, the Internet corporations, or Snowden (an NSA leaker that is accused of spying himself)?