The Solution to NSA Snooping?

Category: Privacy

Thanks a lot, you dirty traitor, Ed Snowden. Even though the clowns in Washington can't decide if, when, or how to protect American citizens from the prying eyes of the NSA, FBI and CIA, Snowden's revelations have prompted several Internet heavyweights into taking action on Internet privacy while they dither. Here's what's going on, and how you can benefit from it...

Is Privacy Possible on the Internet?

It’s been nearly a year since Edward Snowden blew the whistle on the NSA’s domestic spying activity. To my knowledge, no secret agents have had their covers blown; none has been captured, tortured, or executed. There have been no reports of years-long, billion-dollar intelligence operations ruined by the unpatriotic perfidy of Ed Snowden. Instead, quite a bit of good has come of his revelations.

First, We The People have had our rose-colored glasses shattered. We have seen irrefutable proof that our government has been monitoring, collecting, and sifting through data about our online activities on a scale far larger than we ever imagined authorizing. The sleeping citizenry has been rudely shaken awake, and many of us are getting cranky with our Congresscritters about privacy laws.

Stop NSA Spying

Our dully (sic) elected representatives may be taking their sweet time about reining in the NSA, but the private sector is already doing a lot. Google, Micosoft, Yahoo, and Facebook (seriously) have done more to beef up privacy protections than all the jawboning about it in Congress has.

And really, letting the private sector handle as much of the problem as possible, rather than waiting for the federal government to screw things up even further, is the best course of action.

Google was instrumental in making encrypted HTTPS connections standard between users and Webmail servers, a simple technique that protects your passwords and prevents eavesdropping on email while it’s in transit. That was in 2010; since then the words “secure connection” have become commonplace, signifying that the user and website are communicating over an encrypted Internet “channel.” Embarassingly, AOL, Yahoo, and Outlook.com (formerly Hotmail) dragged their feet for a few more years before following suit.

Snowden’s 2013 assertion that the NSA had actually hacked Google’s internal network to collect data on users’ search activity prompted Google to encrypt all of its internal search-related traffic. Now, everything is encrypted between user and Google; between Google’s search servers and storage servers; and on every storage device. (Try going to HTTP://www.google.com and you'll magically end up on HTTPS://www.google.com)

Encryption Everywhere?

Encryption adds quite a bit of overhead to any computing process. Some incomprehensible math has to be done to scramble your data in a way that keeps it secure and allows it to be reconstituted on demand. To keep searches, webmail and other online transactions speedy, Google must have invested a ton of money in additional infrastructure. But Google didn’t stop there.

All of the third-party ad networks that dish ads to Google users must now deliver ads via encrypted connections. Also, Google has tweaked its search algorithm to give higher result-rankings (greater visibility, more clicks) to sites that require HTTPS connections by default.

Google also has private, commercial customers to placate. Foreign companies, especially, have been shying away from Google Apps and Docs services for fear of having their confidential data raided by the U. S. government. That fear extends to doing any electronic business with other U. S. firms.

To alleviate these concerns – and sell more business services - Google is working on an improved version of Pretty Good Privacy (PGP), the open-source public key encryption scheme developed by Phil Zimmerman. When PGP is implemented, even Google won’t be able to read users’ email. You know Google is getting serious about privacy when it’s willing to sacrifice its ability to invade it (in order to serve you better, of course).

Yahoo has never been known as a bulwark against hackers. It wasn’t until Snowden singled out Yahoo as one of the easiest-to-hack major service providers that Marissa Mayer, CEO and ex-Google exec, hastily ordered HTTPS enabled by default on Yahoo email.

What is End-to-End Encryption?

Remember, HTTPS means the content is encrypted on the sending computer before hitting the Internet, transmitted via an encrypted connection, and then decrypted on the receiving end, where it's presumably safe. That's enough protection to keep snoops from seeing your data as it passes over the Internet. But it does nothing to protect your data once it's stored at the destination.

If you are concerned about your data once it reaches a server owned by Google, Yahoo, Microsoft, Dropbox, or any other cloud service, you need “end-to-end” encryption, which ensures that the data is readable only by the intended recipient. Put another way, it means that your data can't be viewed by people on the other end, be they employees, hackers, or the Feds -- because they lack the keys to unscramble the data.

Google made end-to-end encryption available as a Chrome browser extension in June, 2014. Yahoo won’t have it ready before 2015, according to the company.

Microsoft gave end-to-end encrypted email options to its Office 365 customers in November, 2013. But if you use the free Outlook.com (formerly Hotmail) Webmail service, Redmond has nothing for you.

Facebook enabled HTTPS connections by default back in 2011. Of course, Facebook can still rifle through everything you upload to it and do pretty much whatever it wants with what used to be yours, according to its TOS. That's because your data travels securely to Facebook's servers, but is decrypted once it arrvives. (No end-to-end encryption.)

Facebook is taking additional steps to ensure that only it can spy on its users, with the planned rollout of “Perfect Forward Secrecy” in its HTTPS encryption. PFS basically means the encryption key on the HTTPS server is changed much more frequently, so a hacker who obtains a key can pilfer less data. Facebook also acquired security firm PrivateCore recently; it remains to be seen what that company will do for Facebook users’ privacy.

Yes, we owe a big shout-out to that dirty, backstabbing Edward Snowden. Whatever his motives may have been, whether you believe he's a hero or a traitor, it turns out he stabbed just the right backs.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 25 Aug 2014


For Fun: Buy Bob a Snickers.

Prev Article:
Is Apple Spying on Your iPhone?

The Top Twenty
Next Article:
Where is the Internet Fastest?

Most recent comments on "The Solution to NSA Snooping?"

(See all 45 comments for this article.)

Posted by:

Don
25 Aug 2014

Unless I am mis-interpreting something that you say, at least part of it is not true. When I go to http://www.google.com/ on either IE or AOL this is what I end up with: http://www.google.com/webhp?nord=1. Https never shows up anywhere. However, when I go to Google on Chrome it does open as Https.


Posted by:

Greg C
25 Aug 2014

Another option for end-to-end encryption is the service from Virtru.com With it, you can send encrypted mail from web based e-mail to anyone, even if they don't have virtru installed on their system. Extremely easy to use. I would be interested in hearing from someone smarter than I (that doesn't take much!) about security on what they think of this service/extension.

Any yes, Edward Snowden is a hero - Keith Alexander and James Clapper are liars.


Posted by:

Unitary
25 Aug 2014

Bob,

You have to be a little bit more cautious when you praise the encryption used by Goggle and other corporations.

You took it for granted that “End-to-End Encryption” provides solid privacy. This assumption is not necessarily correct.

The “S” in HTTPS may mean that you and I cannot decrypt the allegedly “secure” data. How can you be sure that the NSA cannot decrypt it?

You wrote,

“Encryption adds quite a bit of overhead to any computing process.”

Your statement is correct and I suggest the following statement is almost certainly also correct,

“Decryption adds a little bit of overhead to the NSA’s snooping process.”


Posted by:

Elizabeth Landry
25 Aug 2014

Encryption is an illusion. E


Posted by:

milkman
25 Aug 2014

This is only temporary, after a time they will work around this encryption and start spying. There is nothing we can do about it, this will be only temporary fixes. After all they took (stole)your Social Security taxes so you would have it when you retire, and now they keep saying SS will be broke soon. If a bank did this there would be He... to pay, but if you'r the government it's OK. This will never change. It is the best around, but not error-less.


Posted by:

Doc
25 Aug 2014

It is VERY interesting to note that the data from the replies to this article, when you toss out the 'outliers' from misreading, forms a single-tailed Chi Square with a virtual horizontal line(no real slope). And with only a couple of questionable response along the lines of 'only history will tell' - p seems to = 1. Like I said VERY interesting. p=1 is VERY significant (ya think?). I think this tells you more about your readership than you ever thought it would. Or at least that only people who post are the pesky trouble makers. It's worth thinking about (really). Perhaps it simply shows that only people with "inquiring minds" "who want to know" read your newsletter. Either way, I sure won't skew the graph with my "well informed and considered thoughts" (the etymological definition of 'opinion'). Which leads to the sad but inevitable conclusion that NO!, many people are NOT entitled to voice their opinion, since they don't really have one. Congratulations on reaching p=1!!!! I an now officially impressed.


Posted by:

Phil
25 Aug 2014

I can't believe some of your readers did not catch the satirical tone of your opening comments, Bob. That is the danger of satire I guess.


Posted by:

Jon
25 Aug 2014

>>Do we want to give unelected people the power to decide who is electable? Has anybody led such a blameless life that they cannot be embarrassed by any revelation?

Last time I checked both the USA and the UK were democracies.

Neither the NSA or GCHQ are tools of unelected people. They are directly managed by our elected representatives. Just because we may not have voted for those in power (as I didn't) doesn't mean that they were not elected.

Perhaps it is our own prejudices we should look at rather than the 'missdeeds' of others. For example Clinton was pilloried BUT the recent squabble in France was because the politician in question was being impolite to his mistress by taking the person he was having an affair with to official functions - bad manners always unforgivable!

This is the business of government, it's a lot cheaper and safer than 'boots on the ground'.

Simple solution send letters and keep post people in jobs. If secrecy is so important can't it wait a few days?

Jon

P.S. Aren't all the bad boys and girls using the draft function of gmail as dead letter boxes these days anyway? Is the NSA as behind the times as MI6?


Posted by:

RandiO
25 Aug 2014

@dgm21
>> if you want to read about the latest NSA whistle-blower look up James Tye and EO12333
>> if you want to hear about one of the early whistle blowers: 1. WHAT HE DID: A fierce supporter of the airplane and a separate air force, Gen. BILLY MITCHELL (U.S Army, 1926) alienated his slow-to-adapt superiors, finally accusing them of “almost treasonable administration of the national defense.” THE PRICE HE PAID: Mitchell was court-martialed and found guilty of insubordination. He resigned his commission but didn’t live long enough to see Pearl Harbor prove him right.


Posted by:

InLionSk8r
26 Aug 2014

Just checked the Chrome browser extension link for end-to-end encryption, but it doesn't appear to be ready for prime time on the great, unwashed masses' devices yet.


Posted by:

John Silberman
26 Aug 2014

Yes, NSA is Snooping. But don't be fooled by those big named web mail providers. They are collecting as much information as possible. Even most smart phones are collecting for those big names that I will not mention as they may be a supporter of this blog.


Posted by:

Rochelle
26 Aug 2014

Has anyone forgotten that we still need privacy protection from Google, a major snooper before the NSA even existed. And the definition of irony is anyone who joins Facebook and then complains of privacy violations. But those are topics for other articles.


Posted by:

Elizabeth Landry
26 Aug 2014

Whenever the message is de-encrypted for you to read it is readable to everyone. E


Posted by:

rb
26 Aug 2014

What if I want to send a single encrypted email to multiple email addresses (distribution list).


Posted by:

Bruce
26 Aug 2014

"Before anyone thinks I am about to run off and start the British Tea Party, I'm a Socialist, member of the UK Labour Party.

Privacy and safety are not always compatible. I for one would favour safety every time."

I, too, am a U.K. citizen and have occasionally voted for the Labour party in the past. However, it's comments like this which ensure I will never do so in the future. When will these idiots ever understand that it's our own governments that present the greatest threat to, not only our liberty, but our safety too.


Posted by:

Stephe
26 Aug 2014

>>Last time I checked both the USA and the UK were democracies.

Keep checking, Jon.

If a politician were to stand for election looking as though they might actually do something effective to curb the intrusions of the "security industry", is it inconceivable that something embarassing about this candidate might just happen to leak just prior to the election?

I hope my scenario is unduly paranoid, but this fast-growing potential should, nevertheless, give us all pause for thought. Knowledge is power; secret knowledge is secret power; the rapid erosion of our privacy has far-reaching implications...


Posted by:

Digital Artist
26 Aug 2014

I was in the US Air Force through four years of the Cold War (thus I am held in contempt by vets who served in Korea before service and Viet Nam after my discharge.) I had a top secret clearance with a crypto endorsement and I worked at HQ SAC in a vault, two stories underground, directly above the three story underground "war room." I operated and repaired crypto machines which linked the Pentagon, The White House, and air force bases all over the world. Anybody who says encryption is a myth is ignorant of the facts. You can be sure that contemporary encryption is far superior to the vacuum tube based stuff I worked on, but our "key" in those days was a pseudorandom string that had an estimated repetition rate of tens of thousands of years, yet we changed it every eight hours, just to be sure.

In that duty I could read anything that our crypto center was encrypting, and being intelligent and curious, I did a lot of reading. Hey, I was locked in a vault with a six digit combination lock on the bomb proof door with two other guys, and the machines were automatic. What else was there to do? I used to read the President's daily intelligence report. Yeah. Every day. Six days out of nine (our weird work week.) I concluded that it was the spies on both sides of the iron curtain that kept our countries from blowing up the world. They (the commies) knew what we had, we knew what they had, and we both knew the consequences of using it. So, we held our breath and got a red telephone and a few other things. Snowden and Julian Assange both pushed the spy business to a new level. The old cold war spies worked for a government that kept the "intelligence" a secret. This generation publishes it worldwide. Freedom of the press. The Founding Fathers are dancing gleefully up there in the cloud(s)!


Posted by:

Stephe
27 Aug 2014

Incidentally, I would suggest that we should discriminate between the actions of Julian Assange whose motive seems to have been an indiscriminate dislike of secrets and a willingness to reveal them without real consideration of the consequences, and Edward Snowden whose intention seems to have been a desire to inform debate about the consequences of the unbridled and indiscriminate accumulation of power in our world. In this he seems to have succeeded without unnecessarily endangering individuals in the field. I would not deny the need for some secrecy, but we need to consider the implications for our society if we fail to define its limits.


Posted by:

Jay
27 Aug 2014

Too bad that Congress didn't get Snowden during the last Ice Age.


Posted by:

Andrew Hicks
30 Aug 2014

What is needed is a government-authorised, security cleared, independent organisation that whistleblowers can legally send top secret info. Said body could then evaluate the info on the basis of the public good and also communicate with the whistleblower to explain any decisions not to publish.

The communications would be confidential, and the whistleblower could remain anonymous, sending and receiving messages using asymmetric encryption on a website via onion router.

As the whistleblower retains the option of going public, it is in the government's interest to ensure that this organisation has a good reputation and communicates effectively with whistleblowers.

Such a system would improve transparency, whilst helping to protect information that is secret for a good reason.


There's more reader feedback... See all 45 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- The Solution to NSA Snooping? (Posted: 25 Aug 2014)
Source: http://askbobrankin.com/the_solution_to_nsa_snooping.html
Copyright © 2005 - Bob Rankin - All Rights Reserved