Snowden’s disclosures have already done much to unveil the alarming scale of U.S. government spying on its own citizens and on people around the world. U.S. citizens are supposedly protected by guarantees of the Constitution from this sort of spying, while the NSA has a free hand to supervise any other person on the planet. Much of the debate in the U.S. is therefore about how the NSA distinguishes between these two kinds of communication.
Recent reports and leaks has revealed severe overreach by the U.S.’ National Security Agency (NSA), which seeks to gather an overwhelming and invasive amount of information on people. Snowden has also revealed that the constant NSA surveillance also applies to millions of people outside the U.S., whose phone calls, e-mails and other communications are also indiscriminately targeted.
Yet rather than focus on the danger to citizens’ freedom and privacy exposed by these revelations, and what reforms are necessary to protect citizens’ rights, the Obama administration, the U.S. Congress and much of the media are again focusing their ire on the messenger.
The so-called super computers used to crack the codes of raw computing power, according to documents received by the newspapers The Guardian and the New York Times and ProPublica. It means that they have access to the encryption used to protect bank information, emails and sensitive health information. The US and British intelligence agencies have successfully cracked millions of people’s personal data, online transactions and emails.
Beginning in 2000, NSA and its UK counterpart Government Communications Headquarters (GCHQ) invested billions of dollars to stealth these information. The NSA spends $250m a year on a program to covertly influence technology companies’ product designs. The NSA describes strong decryption programs as the price of admission for the US to maintain unrestricted access to and use of cyberspace, while GCHQ has been working to develop ways into encrypted traffic on four major technology products used – Hotmail, Google, Yahoo and Facebook.
“For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies,” stated a 2010 GCHQ document. “Vast amounts of encrypted internet data which have up till now been discarded are now exploitable.”
Five recommendations to protect yourself
The NSA’s decryption program, Bullrun, deals with NSA’s abilities to defeat the encryption used in specific network communication technologies. Bullrun involves multiple sources, all of which are extremely sensitive. The program has the capabilities to crack widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.
Bruce Schneier, an encryption specialist and fellow at Harvard’s Berkman Center for Internet and Society, and other security experts accused NSA and other spying agencies of attacking the internet itself and the privacy of all users. Schneier said cryptography forms the basis for trust online. By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet. Classified briefings between the agencies celebrate their success at defeating network security and privacy.
In his latest article NSA surveillance: A guide to staying secure, apart from having all that NSA has violated, he gives us some tips to keep in mind to protect ourselves. The NSA works with security product vendors to ensure that commercial encryption products can break the secret ways that only NSA knows. Bruce’s recommendations are nothing new but what it to ensure that the encryption can operate unimpeded.
- Hide in the network: For example, use Tor. Although the NSA can also try to find you, it becomes more difficult for them.
- Use encryption: Use encrypts communications like TLS, IPsec etc. Although NSA should still have access to any of these protocols, you’ll be much better protected than if you communicate unencrypted.
- If you have something very sensitively on a computer – cannot connect to the Internet: If you want a sensitive file to be shared, encrypt the file on a computer not connected to Internet earlier, and then use external devices to share with others.
- Be wary of encryption software from major vendors: Now that it is revealed NSA is spying most of the networks of big technology companies, try to use as many open software available in the Internet. Closed-source software is easier for the NSA to crack, either through legal or illegal means.
- Try to use public-domain encryption that has to be compatible with other implementations: Schneier recommend using BitLocker rather than TLS. TLS from one vendor is likely to be compatible with other vendor’s TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. He prefers conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.
If you are on a website where it says https at the beginning of the URL, not http, and you will therefore be on a secure page, or safe side. Public key encryption should be secure provided you’re aware of the pitfalls.