Does encryption really shield you from government's prying eyes?

Encrypting data may not guard against surveillance, some experts say, while others argue in favor of taking steps to protect privacy

By Zach Miners, IDG News Service |  Internet

Meanwhile, when it comes to encrypting actual content like email messages, chats, videos and photos, there are generally two ways to go: There are services for encrypting information sent between people, like Silent Circle and RedPhone, and there are applications for creating secure connections between people and across networks. For instance, there are open source services like OpenVPN, which is designed to establish an encrypted virtual private network (VPN) between computers.

There is HTTPS Everywhere, a plug-in extension for Firefox and Chrome browsers that is designed to automatically employ the Hypertext Transfer Protocol Secure (HTTPS) program for websites that offer it. HTTPS is designed to build on top of standard SSL/TLS cryptographic protocols to protect against eavesdropping of data by third parties, and to help ensure that the website being accessed is legitimate and not operated by a bogus group.

There are also cloud storage encryption services like Mega, or SpiderOak, which claims to have zero-knowledge of users' data.

But on a practical level, people need to consider that if the company cannot read their files, that can limit the features and convenience afforded by the service. It's a little hard to filter out spam, for instance, if the email client can't see your emails, said EFF's Schoen. Researchers at the Massachusetts Institute of Technology are trying to solve this problem with "homomorphic encryption," which would let Web servers process data without decrypting it.

This smorgasbord of encryption services is what makes things tricky. "There are very specific things we mean when we talk about privacy," said Eben Moglen, a professor of law at Columbia University and chairman of the Software Freedom Law Center. Surveillance of communication endpoints is the "anonymity" type of privacy, but when people start talking about the actual contents of messages or files, that falls under a different category called "secrecy."

"A message is secret if its contents are known only to the sender and the recipient," he said. But as far as whether the government is listening in on those messages -- encrypted or not -- and how much it is listening, and which governments are listening, the answer could be yes, no or maybe, Moglen said.

One of the biggest questions right now is how powerful the government's code-breaking tools are, and the extent to which they are capable of cracking the algorithms, and at what speed, that power modern encryption programs.

"The U.S. government doesn't tell us how many codes it can break," Moglen quipped.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question