21st Century Wire says…
To encrypt, or not to encrypt? There are two schools of thought when it comes to the encryption issue…
Firstly, do you really trust major service provides, like Yahoo and Google, to keep your emails and private information out the NSA’s “bulk data collection” (mass surveillance) program? In the past, they have all complied and done business with the federal government.
Previously, 21WIRE reported on how in the past, Microsoft had given “back door access” to the NSA via its _NSAKEY file – which allowed government snoops into just about any system they wanted. There is a ray of hope in the case of Yahoo though.
Recently the company’s new information security chief Alex Stamos went head-to-head with the director of the NSA in a heated exchange at a recent Washington DC cyber security event. Still, you can never be sure.
Secondly, is the fact that the NSA are now specifically targeting any encrypted services for their continual digital wire tapping/surveillance program. So will you be better off staying in the general public junk yard of mass communications, and therefore not attracting the evil gaze of the Eye of Mordor?
Ultimately, we will all have to demand that the NSA stay within the law, or at the very least – use methods like what whistleblower Thomas Drake had advocated with project ThinThread.
Until that time, this debate will just be going through the motions, and no real public trust can be achieved…
Keeping your e-mail messages super private can be a pain.
Most free e-mail providers automatically provide SSL encryption for Web mail users — meaning data can be seen by the service, as well as the senders and recipients of messages. But end-to-end encryption, a feature which locks up message contents so that only the sender and receiver can read them, can be a much more cumbersome process for e-mail, often involving specialized software and looking up encryption keys.
The whole thing can be so tricky that very few people actually use it — or if they do, it’s used only for the most sensitive of messages.
But in the wake of reports from Edward Snowden about the National Security Agency’s access to data held by tech giants, many of those companies have pursued technological solutions to shore up customers trust, including an expansion of end-to-end encryption. Google announced in June that it was working on a Chrome plug-in to provide end-to-end for Gmail users. Yahoo, too, is working on end-to-end.
In August, Yahoo information security chief Alex Stamos announced that the company would release its own version of the plug-in for all Yahoo Mail users in 2015 — and it will work with Google’s plug-in, which matters because both sides of an exchange need to be on board for end-to-end to work. Given the sizable user base of Gmail and the billion-plus Mail users Yahoo claims, that could mean a lot more people who will suddenly have an easier way to communicate more securely.
And now, Yahoo is ready to talk about its progress.
“What we’re trying to do at Yahoo is build our products so they’re safe and trustworthy, not just secure,” Stamos told The Washington Post in an interview. That means making tools that are both simple enough for everyday users and strong enough to protect those facing more advanced threats, such as journalists and activists working in areas where freedom of expression is restricted, he said.
This ease of use could be especially important for Yahoo, whose Web mail service is practically a generation older than some competitors. “Mail is one of the cornerstones of the Yahoo experience. It’s one of the ways we engage with some of the oldest and most dedicated Yahoo users,” Stamos said.
Getting users to take an extra step to secure their messages may be difficult if it takes more than a few clicks, which is one of the reasons Yahoo is working to make it that easy.
During a presentation at the South by Southwest conference Sunday, Stamos showed off a video that compared getting set up for end-to-end encryption using the Yahoo Mail plug-in versus a more traditional method. In the video, the Yahoo plugin user was sending the first encrypted message a minute in — and then spending the rest of the video looking up cat pictures. (Predictably, on Yahoo-owned Tumblr.)
But even if the process is nearly painless, Stamos doesn’t expect users to suddenly start using it for everything. Instead, he imagines end-to-end being used on messages containing sensitive information, like when sending tax documents to an accountant or having a private digital conversation with a spouse. The majority of messages a person receives would likely still be unencrypted — which is good for companies like Yahoo that scan the contents of users’ messages to serve them with targeted advertising, something that wouldn’t work in a world where all messages were encrypted end-to-end…
READ MORE SNOWDEN NEWS AT: 21st Century Wire Snowden Files