Should the latest disclosures of decrypting techniques used as part of the NSA's PRISM anti-terrorism surveillance program keep you awake tonight?
Only if you do not believe President Obama and NSA Director Army Gen. Keith Alexander that any and all spying techniques are used strictly in very narrow circumstances to target suspected foreign terrorists, under a federal court review process.
"The people who work on PRISM are working to protect us," says Tom Kellermann, Trend Micro's vice president of cybersecurity . "They don't care what movie you're going to or whether someone is cheating on his wife."
Among the disclosures made by The New York Times' review of 50,000 pages of documents, delivered by whistle-blower Edward Snowden, are references to the NSA using certain techniques to crack Virtual Private Networks and Secure Sockets Layer services. VPNs and SSL are two basic technologies for encrypting Internet traffic moving from your browser to a Web server operated by a company network , financial firm or shopping site.
The documents show government snoops have the ability to tap into any VPN or break any SSL service to view consumer traffic in clear text, says Chris Wysopal, chief technology officer at application security firm Veracode.
"The big revelation is that the NSA is actually able to view more encrypted data than anyone thought," says Chris Petersen, chief tech officer at security analytics company LogRhythm. "What this will really do is put our adversaries on notice that they need to invest in stronger encryption. This really has no bearing on the average citizen."
Last July, Alexander told an overflow audience of tech-savvy attendees of the Black Hat cybersecurity conference that the PRISM program has helped the FBI stop 54 terrorist attacks in the U.S. and other nations. And Alexander said Snowden's outing of documents showing techniques and strategies used by the NSA caused serious damage to the nation's anti-terrorism efforts. "Damage to our country is significant and irreversible," Alexander said.
In fact, all of the techniques disclosed by Snowden to date are widely known in the cybersecurity community and extensively used by data thieves, cyberspies and hacktivists.
Adds Kellermann, "Consumers should be more worried about the criminals of the world who have similar capabilities. The criminals are certainly not using these capabilities in a narrow way, and they're not going through any approval process."
© 2013 USA TODAY under contract with YellowBrix. All rights reserved.
Posted: 2013-09-13 @ 2:58am PT
People that make billion dollar decisions care if governments have inside access to their communications. The rest of us are just offended.
Posted: 2013-09-12 @ 2:45am PT
If the security 'experts' are so blase about my security then it is best not to buy their products. They should look at the companies being spied on, and who sells that business information - unless you think there are no black sheep in NSA. They should look at personal blackmail and state control of the individual - every authoritarian state uses personal information against individuals and it would be a fool who says states in the West are immune from that.
Posted: 2013-09-09 @ 12:01pm PT
The news out of NSA just keeps getting worse. This is "SPIES GONE WILD" the sequel. It's clear that that the NSA's philosophy is, "We're hunting terrorists. We don't need no stinking 4th Amendment."
In view of these depressing revelations, we can only do what we little we can do to protect what's left of our privacy. Encryption won't keep NSA out entirely, but it will make it harder for them to pick us out of the crowd. Decrypting still takes extra time & effort and that little bit of hassle may be enough to keep their noses out of your business.
The same goes for storing stuff on Dropbox, iCloud, etc. Take it down and stash everything in a CloudLocker (www.cloudlocker.it), which works just the same but it's private and stays in your home where they still need a warrant to see inside.