If you’ve been reading the news recently, you might think that corporate America is doing its best to thwart NSA surveillance. But….you have that nagging feeling in your stomach…or the hairs on your neck are standing up every day when you hear about the government’s ability to spy on you. You know by now that any e-mail or file that isn’t encrypted traverses the Internet in clear text that can easily be viewed with little skill and just some patience.
Luckily for you, Google just announced that it is encrypting Gmail when you access it from your computer or phone, and between data centers. Last week, Mark Zuckerberg personally called President Obama to complain about the NSA using Facebook as a means to hack computers, and Facebook’s Chief Security Officer explained to reporters that the attack technique has not worked since last summer. Yahoo, Google, Microsoft, and others are now regularly publishing “transparency reports,” listing approximately how many government data requests the companies have received and complied with.
But we don’t know what sort of pressure the U.S. government has put on Google and the others. We don’t know what secret agreements those companies have reached with the NSA. We do know the NSA’s BULLRUN program to subvert Internet cryptography was successful against many common protocols. Did the NSA demand Google’s keys, as it did with Lavabit? Did its Tailored Access Operations group break into to Google’s servers and steal the keys?
We just don’t know. So what are you doing to protect your company’s sensitive information?
People like us, who want to stay under the radar of having their information available for the government and others to see and understand, will need to educate ourselves on ways to prevent our information from being viewed and shared. Because privacy is a great factor in the using the Internet and communicating personal and company business information to friends, family and to professional staff members, it is essential for everyone who wants to avoid the exposure to understand how these background systems work.
Even though the Internet and security issues is something that people are becoming more aware of today, keeping secrets is also an issue that has had to be addressed in the past. From encrypting messages so that others cannot understand them to writing a message for others to decipher and unravel appropriately, these are some of the same concerns and issues that were dealt with in Roman times.
Let’s go back in time….How was secure communication done in Roman times?
When users on the Internet begin to understand how information is being transferred from one server to another, they are normally concerned about the actual privacy of it all. Even though most website owners may tell their target audiences that the data that they send back and forth is secure, this is not always the case. While people have a right to be concerned about the potential for governments’ intervention, this is not necessarily new because people will encrypt secret messages that they did not want others to know.
For instance, one of the most common known figures of yesterday is Julius Ceasar of the Roman Empire, who designed messages that he did not want other to read and understand. According to Suetonius, Caesar simply replaced each letter in a message with the letter that is three places further down the alphabet. For example, with a left shift of 3, E would be replaced by B, Z would become W, and so on.
How can people secure the information that they handle on the internet today?
Because we are concerned about being violated, we can look back to see how the past has set the standards for the future. As people are gearing up to make sure that they can protect their privacy, whether it is personal or business, they must have a system of encryption in place to prevent the information from being transferred accurately. However, as groups of concerned users move forward, there are some key things that you (we) can do.
Evaluate Secure Online Storage Options
Before a user transfers their personal or business information to an online storage provider, it is important to note that not all online storage providers are not equal. While some of these providers may use several levels of security and encryption to protect the users transfers, others may not use a complex security protocol at all. Instead, they may use the lowest level of security available but communicate it to the user as completely secure. In fact, as a general rule of thumb, the worst on the list is current google drive, dropbox and sky. As they are some of the greatest offenders, the brief description listed below explains why.
According to numerous technical resources, Google drive falls short in a wide variety of different areas. Which means, it cannot be considered with the competition that is being offered. From being wide open for anyone to view through basically any browser, the security level is simply not there. While Google is a giant in the online arena, this storage option should not be on the top of the list, as it has too many problems to ignore. From not being reliable to not providing enough free space, it is also not the best option for people who actually want real privacy and reliability. Google Drive is where my own personal prepper documents were first compromised.
Similar to flaws in Google Drive, dropbox and sky are also a disappointment for many. For instance, because dropbox has problems with staying connected to the Internet, it is not a reliable solution. Some businesses are still using it because it is simple to set up but it is not being used as a confidential resource.
Google, Microsoft and others recent actions, and similar actions of many other Internet companies, will definitely improve its users’ security against surreptitious government collection programs — both the NSA’s and other governments’ — but their assurances deliberately ignores the massive security vulnerability built into its services by design. Google, and by extension, the U.S. government, still has access to your communications on Google’s servers. This access is still there on others as well.
While google drive has been a great disappointment, Wuala (for my group documents) and Spideroak have filled my online storage gaps. In my opinion, they are both in their own class, as they offer both privacy as well as data security. Because the password of the person never leaves their own computer, no authorized person can log in. The encryption keys are yours. They are never passed!!! People can be assured of its privacy since it cannot be accessed by anyone who does not have the encrypted key. The encryption cannot even be accessed by SpiderOak or Wuala admins.
Over the next couple of weeks I will be sending in additional articles on email encryption and other non-technical means of secure communication (1 time pads, tor proxies, encrypted VPN services, PGP email, etc….)
Google and the others could change security. It could encrypt your e-mail so only you could decrypt and read it. It could provide for secure voice and video so no one outside the conversations could eavesdrop. But then, they couldn’t market ads to you as easily as having full access to your email.
Google doesn’t…. and neither does Microsoft, Facebook, Yahoo, Apple, or any of the others.
Author: Brad M
The above article was an entry into the ModernSurvivalOnline Survival & Preparedness Guest Post Contest.