If you’ve been reading the news recently, you might think that corporate America is doing its best to thwart NSA surveillance. But….you have that nagging feeling in your stomach…or the hairs on your neck are standing up every day when you hear about the government’s ability to spy on you. You know by now that any e-mail or file that isn’t encrypted traverses the Internet in clear text that can easily be viewed with little skill and just some patience.
Luckily for you, Google just announced that it is encrypting Gmail when you access it from your computer or phone, and between data centers. Last week, Mark Zuckerberg personally called President Obama to complain about the NSA using Facebook as a means to hack computers, and Facebook’s Chief Security Officer explained to reporters that the attack technique has not worked since last summer. Yahoo, Google, Microsoft, and others are now regularly publishing “transparency reports,” listing approximately how many government data requests the companies have received and complied with.
But we don’t know what sort of pressure the U.S. government has put on Google and the others. We don’t know what secret agreements those companies have reached with the NSA. We do know the NSA’s BULLRUN program to subvert Internet cryptography was successful against many common protocols. Did the NSA demand Google’s keys, as it did with Lavabit? Did its Tailored Access Operations group break into to Google’s servers and steal the keys?
We just don’t know. So what are you doing to protect your company’s sensitive information?
People like us, who want to stay under the radar of having their information available for the government and others to see and understand, will need to educate ourselves on ways to prevent our information from being viewed and shared. Because privacy is a great factor in the using the Internet and communicating personal and company business information to friends, family and to professional staff members, it is essential for everyone who wants to avoid the exposure to understand how these background systems work.
Even though the Internet and security issues is something that people are becoming more aware of today, keeping secrets is also an issue that has had to be addressed in the past. From encrypting messages so that others cannot understand them to writing a message for others to decipher and unravel appropriately, these are some of the same concerns and issues that were dealt with in Roman times.
Let’s go back in time….How was secure communication done in Roman times?
When users on the Internet begin to understand how information is being transferred from one server to another, they are normally concerned about the actual privacy of it all. Even though most website owners may tell their target audiences that the data that they send back and forth is secure, this is not always the case. While people have a right to be concerned about the potential for governments’ intervention, this is not necessarily new because people will encrypt secret messages that they did not want others to know.
For instance, one of the most common known figures of yesterday is Julius Ceasar of the Roman Empire, who designed messages that he did not want other to read and understand. According to Suetonius, Caesar simply replaced each letter in a message with the letter that is three places further down the alphabet. For example, with a left shift of 3, E would be replaced by B, Z would become W, and so on.
How can people secure the information that they handle on the internet today?
Because we are concerned about being violated, we can look back to see how the past has set the standards for the future. As people are gearing up to make sure that they can protect their privacy, whether it is personal or business, they must have a system of encryption in place to prevent the information from being transferred accurately. However, as groups of concerned users move forward, there are some key things that you (we) can do.
Evaluate Secure Online Storage Options
Before a user transfers their personal or business information to an online storage provider, it is important to note that not all online storage providers are not equal. While some of these providers may use several levels of security and encryption to protect the users transfers, others may not use a complex security protocol at all. Instead, they may use the lowest level of security available but communicate it to the user as completely secure. In fact, as a general rule of thumb, the worst on the list is current google drive, dropbox and sky. As they are some of the greatest offenders, the brief description listed below explains why.
Google Drive
According to numerous technical resources, Google drive falls short in a wide variety of different areas. Which means, it cannot be considered with the competition that is being offered. From being wide open for anyone to view through basically any browser, the security level is simply not there. While Google is a giant in the online arena, this storage option should not be on the top of the list, as it has too many problems to ignore. From not being reliable to not providing enough free space, it is also not the best option for people who actually want real privacy and reliability. Google Drive is where my own personal prepper documents were first compromised.
Similar to flaws in Google Drive, dropbox and sky are also a disappointment for many. For instance, because dropbox has problems with staying connected to the Internet, it is not a reliable solution. Some businesses are still using it because it is simple to set up but it is not being used as a confidential resource.
Google, Microsoft and others recent actions, and similar actions of many other Internet companies, will definitely improve its users’ security against surreptitious government collection programs — both the NSA’s and other governments’ — but their assurances deliberately ignores the massive security vulnerability built into its services by design. Google, and by extension, the U.S. government, still has access to your communications on Google’s servers. This access is still there on others as well.
While google drive has been a great disappointment, Wuala (for my group documents) and Spideroak have filled my online storage gaps. In my opinion, they are both in their own class, as they offer both privacy as well as data security. Because the password of the person never leaves their own computer, no authorized person can log in. The encryption keys are yours. They are never passed!!! People can be assured of its privacy since it cannot be accessed by anyone who does not have the encrypted key. The encryption cannot even be accessed by SpiderOak or Wuala admins.
Over the next couple of weeks I will be sending in additional articles on email encryption and other non-technical means of secure communication (1 time pads, tor proxies, encrypted VPN services, PGP email, etc….)
Google and the others could change security. It could encrypt your e-mail so only you could decrypt and read it. It could provide for secure voice and video so no one outside the conversations could eavesdrop. But then, they couldn’t market ads to you as easily as having full access to your email.
Google doesn’t…. and neither does Microsoft, Facebook, Yahoo, Apple, or any of the others.
Author: Brad M
The above article was an entry into the ModernSurvivalOnline Survival & Preparedness Guest Post Contest.
Like what you read?
Then you're gonna love my free PDF, 20 common survival items, 20 uncommon survival uses for each. That's 400 total uses for these dirt-cheap little items!
Just enter your primary e-mail below to get your link:
We will not spam you.
Brad M-thanks. Please write more as things develop. Now I know more to be concerned with- smile !!When the grid goes down this will all be passe.Meanwhile its a huge issue. Arlene
The main issue comes when you want to share information with others.
As long as what you are passing to someone else is in the public domain, I suggest only sending links and not worry about potential for being spied on. For other communications and encryption systems there are issues with possible “backdoor” keys embeded in the code that gives free access to those with the universal key. Some commercial code used algorithms that were compromised to allow access on demand.
Knowing this, I suggest using a method that avoids the net entirely. Buy cheap memory keys, use local to your machine software to encrypt what you want to send. And use a very long code phrase that you and your pen pal agree on between yourselves to encode and decode your communications. Then, also, never have a copy of your code phrase on your computer, should it ever be lost or stolen or taken by some authority. This also means you have to remember the passphrase in every detail.
Then send the memory device via express mail or FEDEX, whatever you decide. When you receive a message you will have to type in the passphrase to read it content.
As well, neither your computer or your partners computer that are to be used in creating or reading messages can EVER be connected to the internet, just in case, and to prevent possible remote compromise of secrecy.
Even better than using public systems like FEDEX would be to physically pass the memory devices. Who knows how far TPTB will go?
The real question is this: do you really have information that needs to go to someone, but also needs to be secured from prying eyes? If so, don’t pass it on the web or via any other electronic system, including phones.
I think most of us do not need to go to the extremes. Let’s hope it stays that way.
CM
You could always make your own encryption tables, that’s what I did. Working with crypto for 20 years on a daily basis, you can use the same techniques the military uses. It’s very time consuming to make them, depending if you want a rotating set of cypher/ decyhper tables for 30 days. It also takes more time to break a email down and respond. Just my two cents…