Is Encryption Effective Against Snooping? German Government Says No, Snowden Says Yes

from the maybe-not-the-real-problem dept

The revelations of Edward Snowden about the NSA's snooping of citizens both inside and outside the US are posing more questions than they answer at the moment. One key area is whether the use of encryption -- for example for email -- is effective against the techniques and raw power available to the NSA (and equivalents in other countries). That's something that has come up before in the context of the UK's Snooper's Charter. When a top official there was asked whether the proposed surveillance technology would be able to cope with encrypted streams, he replied: "it will." Snowden's claims about massive, global spying makes the issue even more pertinent.

Here's one view, from Germany. Politicians from the Die Linke party posed a number of questions to their government on the subject of the latter's use of surveillance techniques (original PDF in German). Most of the answers were the kind of thing you might expect -- "we can't possibly go into details" etc. etc. -- but one was surprising. To the question:

Is the technology used also capable of decrypting at least partially, or evaluating, encrypted communications (eg via SSH or PGP)?

Yes, the technology used is generally able to do that, depending on the type and quality of the encryption.

Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption?

Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

Back came the answer:But Edward Snowden doesn't agree . When he was asked in an online Q&A session on the Guardian Web site the following question:He replied:In discussions about the German government's claim that it can crack encryption in certain circumstances, some suggested that maybe it could -- not directly, but using the malware that Techdirt has written about before. So even if the question as to the efficacy of encryption itself is still rather up in the air, there seems to be a consensus that the real weakness lies in letting people gain access to your system.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cracking, ed snowden, encryption, germany, nsa surveillance, security, surveillance