Now that we have enough details about how the NSA eavesdrops on the internet, including today’s disclosures of the NSA’s deliberate weakening of cryptographic systems, we can finally start to figure out how to protect ourselves.
For the past two weeks, I have been working with the Guardian on NSA stories, and have read hundreds of top-secret NSA documents provided by whistleblower Edward Snowden. I wasn’t part of today’s story – it was in process well before I showed up – but everything I read confirms what the Guardian is reporting
The NSA mostly grabs stuff while it is traveling the network. It is still too costly to implant hacks onto everyone’s computer. But that will probably come soon. As the author states:
Your anti-virus software won’t detect them, and you’d have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.
The biggest hackers around are from our own government, spending 100s of millions of dollars we could use elsewhere.
But the good news is this: – “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”
The problem arises from this – the endpoints:
Endpoint means the software you’re using, the computer you’re using it on, and the local network you’re using it in. If the NSA can modify the encryption algorithm or drop a Trojan on your computer, all the cryptography in the world doesn’t matter at all. If you want to remain secure against the NSA, you need to do your best to ensure that the encryption can operate unimpeded.
So, how do we do we remain secure? Most of these are not optimal. Turns out that many of the best ways to hide actually garner the NSA’s attention – security through obscurity. Using an anonymizing server for instance. But this becomes problematic if EVERYONE used one.
Number two is encrypt all communications. Of course, this gets the NSA’s attentions but again, if everyone encrypted their emails with strong approaches, it becomes more difficult. But it is much better than doing it in the clear with no encryption. So, for those on the Mac, it is reasonably straightforward to encrypt your emails. Windows has its on approach
Number three is to use an air gap. Use a computer that has never been connected to the internet to compose and encrypt the works.Save th file to a USB drive, carry it to a connected computer and then send it. There are ways around this but not likely to be used.
Number four is not to trust commercial security software. These have all been compromised by the NSA.
Number five is to use public-domain and open source encryption software. Everyone can see everything the software is doing so hard for the NSA to hide a backdoor, like it can in a corporate package.
Like protecting your car. You cannot prevent someone from breaking into your car if they want to. But you can make it a little harder to that a casual attempt will not be worth it.
Simply having large groups of people start doing these things will begin to make us all more secure.
The NSA has turned the fabric of the internet into a vast surveillance platform, but they are not magical. They’re limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.
Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.
Then maybe we can trust the internet again.