Photo (cc) by subcircle
Unless you’re willing to learn some new and sometimes complicated software, it’s probably time to just give up on the notion of privacy from the federal government. Where the National Security Agency is involved, privacy doesn’t exist — or at least won’t for long.
“The [NSA] has circumvented or cracked much of the encryption that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures basic Internet communications, including the emails, Web searches, Internet chats and phone calls of millions of Americans and others around the world,” The New York Times reports.
Documents leaked to the media leave it impossible to say with certainty which systems are compromised. But it’s now clear that not only does the NSA know how to get through many popular forms of encryption, but that it lobbies to keep those systems weak enough for it to hack into and discourages the use of more secure methods.
A proposed 2013 budget document leaked to the Times describes a program called the Sigint Enabling Project. Sigint is short for signals intelligence — spying on communications. Here’s the relevant excerpt:
The SIGINT Enabling Project actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs. These design changes make the systems in question exploitable through SIGINT collection (e.g., Endpoint, MidPoint, etc.) with foreknowledge of the modification. To the consumer and other adversaries, however, the systems’ security remains intact.
So, the NSA “engages” (I read it as “forces”) tech companies to silently leave in security flaws it can slip through, while leaving them mostly secure enough for consumer use. In short, our private information should be safe from each other, just not from the government. (But oh, the mother lode of data awaiting a hacker who cracks the NSA.)
If you’re ornery about keeping your privacy and technically inclined, definitely check out our story “How to Keep Your Info Private (Even From the NSA).” You also probably want to learn about PGP, short for Pretty Good Privacy. Phil Zimmerman, who developed the original encryption program, thinks it’s still safe from the NSA.
He told The Washington Post why: “The fact that they use PGP for government users indicates that they haven’t broken it.” PGP is now owned by Symantec and incorporated in many of its business encryption products.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, agrees. “There would likely be far less identity theft, economic espionage, and spying on U.S. interests if encryption [like PGP] was routinely deployed for digital communications and data storage,” he told the Post.