Does encryption really shield you from government's prying eyes?

Encrypting data may not guard against surveillance, some experts say, while others argue in favor of taking steps to protect privacy

By Zach Miners, IDG News Service |  Internet

If you're thinking about encrypting email in light of revelations about U.S. government spying, you may be wasting your time.

Recent leaks about surveillance efforts by the secretive National Security Agency have sparked a wide range of questions during the last week over online privacy, or lack thereof, as well as possible violations of the Constitution. But at this stage, the exact methods employed by the nation's top intelligence agencies to gather information in the interest of national security are still fuzzy.

At the very least, the NSA has confirmed that it is collecting Verizon phone records to examine their metadata and analyze call patterns between people. The NSA's Prism system apparently goes even further, reportedly accessing servers at Google, Apple, Microsoft, Facebook and other major companies, to collect data that the agency is storing for possible surveillance and investigations.

With such large amounts of personal data at stake, one question is the extent to which encryption -- a process for scrambling digital information so only certain groups of people can decipher it -- can succeed in shielding consumers from government surveillance.

The answer is complicated, and depends on the definition of "government surveillance," which is still not entirely clear. But for some security experts, encryption is a non-issue, period.

For instance, if the government is doing only what it claims to be doing with cellphone calls, which is performing traffic analysis to look at patterns and see where calls are coming from and going to, there are no good avenues for encrypting that, some say.

"The fact that I called you, or you called me, that has nothing to do with encryption," said security expert Bruce Schneier. "This is not communications eavesdropping. This is eavesdropping at the endpoints," he said.

Encrypting those endpoints is a lot harder than encrypting, say, emails or phone calls themselves, if not impossible outright, said Seth Schoen, senior staff technologist at the Electronic Frontier Foundation. "You still have to tell the ISP that we want to talk to each other," he said. "You can't really scramble a phone number, because the company needs to know how to complete the call," he said.

Join us:






Ask a Question