We Know You're Watching: Companies Respond to NSA's MUSCULAR
In a previous post titled "Gaps In the Fourth Amendment -- Exploited?", I shared with you an assignment I did for my security class. The assignment briefly discusses electronic privacy and how the Federal Government takes advantage of loop holes within laws that are put in place to protect the privacy of American citizens.
NSA's MUSCULAR has been in the news for a while now, and I believe it is a prime example of government exploitation of flaws in privacy laws. In case you do not know what MUSCULAR is, as far as we know it is a project that enables NSA and Britain's Government Communications Headquarters (GCHQ) to copy "entire data flows across fiber-optic cables that carry information among the data centers of the Silicon Valley giants" (http://www.washingtonpost.com). This means that millions of records from internal networks belonging to large companies such as Google, Yahoo, and Microsoft are sent back to data warehouses at NSA HQ. At the time of the article (October 30 2013), 181,280,466 records had been processed, including the records' associated metadata: the who, what, where, when, and why of each record that was processed (http://www.washingtonpost.com).
Although this information, along with documentation about other NSA surveillance programs, was illegally released by former NSA contractor Edward Snowden, it has helped companies better understand the importance of risk and vulnerability analysis and deterrence.
Based on a recent report from the Electronic Frontier Foundation (EFF), there are a few common ways that companies encrypt data.
Google, who has already implemented all five measures listed, is also looking for better ways to protect it's data. Eric Schmidt, Executive Chairman of Google, believes that "the solution to government surveillance is to encrypt everything" (http://www.bloomberg.com). Despite the fact that the company received a perfect five out of five on the EFF's Encrypt the Web Report, Schmidt suggests that the company will continue to strengthen its systems in light of recent events. The internet company is currently "protecting user e-mail and social media posts with strengthened encryption that the U.S. government says won't be easily broken until 2030 (http://www.bloomberg.com).
Microsoft is pretty low on the totem pole with regards to security and encryption, but we did not need a report to tell us that. The revelations of NSA surveillance has made the company suspicious that they have been targeted, and they are now "moving to encrypt its Internet traffic" (http://rt.com). The company is currently pushing toward encryption efforts that would put them on the same level of security as companies such as Google, Yahoo that happen to have similar global infrastructures (http://rt.com).
Enhanced encryption efforts should likely deter unwanted surveillance. Although security can sometimes be a big engineering effort, it is worth protecting he privacy of both company and user data. Although government censorship is not something that will ever go away entirely, it is important to know if and how companies are protecting your data.
If you have not already, please take time to check out the infographic from the Encrypt the Web report. It provides encryption data about several companies including Facebook, Amazon, and Apple. See how you data is being protected.
I'll leave you with this. Happy Thanksgiving.
NSA's MUSCULAR has been in the news for a while now, and I believe it is a prime example of government exploitation of flaws in privacy laws. In case you do not know what MUSCULAR is, as far as we know it is a project that enables NSA and Britain's Government Communications Headquarters (GCHQ) to copy "entire data flows across fiber-optic cables that carry information among the data centers of the Silicon Valley giants" (http://www.washingtonpost.com). This means that millions of records from internal networks belonging to large companies such as Google, Yahoo, and Microsoft are sent back to data warehouses at NSA HQ. At the time of the article (October 30 2013), 181,280,466 records had been processed, including the records' associated metadata: the who, what, where, when, and why of each record that was processed (http://www.washingtonpost.com).
Although this information, along with documentation about other NSA surveillance programs, was illegally released by former NSA contractor Edward Snowden, it has helped companies better understand the importance of risk and vulnerability analysis and deterrence.
Based on a recent report from the Electronic Frontier Foundation (EFF), there are a few common ways that companies encrypt data.
- Encrypt data center links: encypts user data when it's sent between cloud servers and data centers.
- Support HTTPS: encrypts the communication between the user's computer and the website.
- HTTPS String (HSTS): insist on a persistent encryption
- Forward Secrecy: protects encryption keys.
- STARTTLS: encrypt communication between email servers.
Google, who has already implemented all five measures listed, is also looking for better ways to protect it's data. Eric Schmidt, Executive Chairman of Google, believes that "the solution to government surveillance is to encrypt everything" (http://www.bloomberg.com). Despite the fact that the company received a perfect five out of five on the EFF's Encrypt the Web Report, Schmidt suggests that the company will continue to strengthen its systems in light of recent events. The internet company is currently "protecting user e-mail and social media posts with strengthened encryption that the U.S. government says won't be easily broken until 2030 (http://www.bloomberg.com).
Microsoft is pretty low on the totem pole with regards to security and encryption, but we did not need a report to tell us that. The revelations of NSA surveillance has made the company suspicious that they have been targeted, and they are now "moving to encrypt its Internet traffic" (http://rt.com). The company is currently pushing toward encryption efforts that would put them on the same level of security as companies such as Google, Yahoo that happen to have similar global infrastructures (http://rt.com).
Enhanced encryption efforts should likely deter unwanted surveillance. Although security can sometimes be a big engineering effort, it is worth protecting he privacy of both company and user data. Although government censorship is not something that will ever go away entirely, it is important to know if and how companies are protecting your data.
If you have not already, please take time to check out the infographic from the Encrypt the Web report. It provides encryption data about several companies including Facebook, Amazon, and Apple. See how you data is being protected.
I'll leave you with this. Happy Thanksgiving.
Image Credit: ITworld/Phil Johnson
Comments
Post a Comment