Let the NSA keep spying. The tech industry, fed up with the world’s biggest spy agency’s secret intrusions into its servers and systems, clearly intends to lock the backdoors on its own – but will it work?
On Thursday, Yahoo’s freshly appointed Chief Information Security Officer – on the job for just four weeks now – explained how it was boosting security for its users, largely in response to the revelations of government snooping. Alex Stamos wrote that his team was in the middle of a “massive project” involving end-to-end encryption of traffic between Yahoo’s data severs, as well as encryption of Yahoo Messenger and even the search queries people type into the front page.
If you want to look for info on Justin Bieber, Yahoo believes the government doesn’t need to know about it. (But seriously, stop doing that.)
“Hundreds of Yahoos have been working around the clock over the last several months to provide a more secure experience for our users and we want to do even more moving forward. Our goal is to encrypt our entire platform for all users at all time, by default,” Stamos wrote in a blog post.
Given enough money and resources, which the NSA has in spades, it’s unclear whether any level of encryption is enough.
If Facebook, Microsoft, Yahoo, Google, and the others lock down enough of those back doors, will they be able to prevent the spying we’ve all become so fed up with? Security experts will tell you that Yahoo’s long-overdue move is a step in the right direction – end-to-end encryption, to prevent confidential data from being casually spied upon. Especially the “forward secrecy” Yahoo said it’s turning on, which should add an extra level of security.
The Electronic Freedom Foundation (EFF) applauded Yahoo’s effort in its “Encrypt the Web” call to action, and notes that many companies including Facebook, Dropbox, Twitter, and Microsoft have adopted the group’s best-practices policies.
“By enabling encryption across their networks, service providers can make backdoor surveillance more challenging, requiring the government to go to courts and use legal process,” the group wrote in a recent update.
But given enough money and resources, which agencies like the NSA have in spades, it’s unclear whether any level of encryption is enough. The NSA prides itself on being able to break through encryption, and when it can’t, it creates other ways around it – even going so far as to fake Facebook servers recently.
Google’s Larry Page, at a March appearance at the TED conference in Vancouver, said he thought this level of nefariousness was a threat to democracy.
“I don’t think we can have a democracy if we’re having to protect you and our users from the government for stuff that we never had a conversation about,” he told interviewer Charlie Rose.
While Google, Microsoft, Yahoo, Facebook, and the rest recently convinced the government to allow them to release some statistics on the NSA’s spying, it’s hardly the level of transparency that we need.
Encryption is a start. It’s an important step. But to really keep the snoops out of our data, we need to stop them from prying in the first place.