Éibhear/Gibiris

Edward Snowden said that "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on."1 The US government still can't break good encryption. Its efforts to corrupt encryption algorithms have recently been exposed, making it completely untrustworthy on that score also.

On the 12th August, 2012, the NSA collected 33,967 address books from GMail users, and 444,743 address books from Yahoo! Mail users. This difference is more than remarkable given that there were so many more users of GMail than of Yahoo! Mail. Google configured GMail to encrypt traffic by default in 2010. Yahoo! didn't do this until January of 2014. Since March of 2014, Google transmits GMail data only over encrypted connections, which will bring this snarfed-address-book figure down to 0.

It's costly to collect all these data. However, storage is getting cheaper all the time. If all these data are unencrypted, retrieval is also very cheap: once all of everyone's data has been collected, it's very inexpensive to spy on someone.

To get access to encrypted data is costly: as it can't decrypt the data, the NSA has to target one or another of the end-points of the communication. This is something that still can't be done indiscriminately and in bulk, like the data collection: it requires specific interference with an individual's internet activities.

If everyone used encryption all the time, then the likely cost of data retrieval (requiring decryption or targeted, warrant-supported, suspect surveillance) becomes much higher. This would reduce the already infinitesimal benefit the bulk collection might provide, thereby making it harder to justify the cost of bulk collection. This may result in these programmes being discontinued. If not, at least you're actively protecting your privacy all the same. Finally, if everyone encrypts, the assumption that using encryption implies doing bad things becomes harder to justify.

Footnotes:

1

He did, however, go on to make the point that "[u]nfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it."


You can't add any comments to this post. If there is something you would like to bring to my attention, please use the contact mechanisms below to get in touch.