Data still safer with encryption: Experts

American intelligence operatives may be colluding with technology companies and using backdoors and brute force attacks to crack encryption technologies, but encryption is still the best way to protect the privacy of online communications and data, according to security experts.

The mathematics of cryptography remains very hard to break despite the billions of dollars that the National Security Agency and its British counterpart, the Government Communications Headquarters (GCHQ) may pour into their snooping programs.

When properly implemented, encryption provides an essentially unbreakable security, according to Dave Anderson, senior director of Voltage Security, a provider of data-centric security software for cloud, mobile devices and big data environments.

It’s likely that the NSA managed to break through insecure and outdated implementations of some encryption technologies, according to Steve Weis, chief technology officer at PrivateCore, a develop of software for secure server data.

Last week, media outlets reported that that internal NSA documents leaked by former NSA security contractor Edward Snowden indicate that the NSA and GCHQ had cracked the encryption algorithms used for Internet communications, banking and medical records around the world.

The NSA used covert means to ensure it controlled the setting of international encryption standards, used supercomputers to break encryption and collaborated with technology companies and Internet service providers (ISPs), according to the reports. The document also said the NSA created a backdoor into a National Institute of Standards and Technology (NIST) approved encryption standard called Dual EC DRBG.

Weiss said the Dual EC DRBG standard has been available for six year and it has been rarely used since two Microsoft Corp. engineers discovered the NSA backdoor in 2011.

There is no evidence that a more current encryption algorithm such as the Advanced Encryption Standard (AES) has been compromised, Weis said.

Most email, Web searches, Internet chats and phone calls are not automatically encrypted so the NSA or anyone else can scan online traffic and listen in, said Dave Jevans, chief technology officer of Marble Security, developers of mobile security applications.

Worried business should consider using open source technologies such as Open SSL, according to Weis.

Open SSL code is always visible to developers so that people can audit any changes to it such as the NSA creating backdoors, he said.

Read the whole story here

Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web