Passwords. Encryption. Firewalls. Secure networks. None of these are out of the reach of the US National Security Agency (NSA), their British counterparts at the Government Communications Headquarters (GCHQ), and other government as well as private agencies around the world. Any sense of privacy and security should be dismissed completely in this world.
Assume that you’re data is open to prying eyes. Assume that your private information is an open book. If you put anything on a digital device that has access to the internet, it can no longer be considered private, secure, or safe. The whistleblowing efforts of Edward Snowden as well as investigations by journalists and watchdog groups are showing us every day just how insecure our data really is.
The latest log to throw on the fire comes from reports that the US and British security agencies (and probably other organizations) have “cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails.”
If you think your 23-character password with lower-case letters, capital letters, numbers, and special characters will protect you, you’re wrong. These agencies are working from within. They have established vulnerabilities within the coding of websites and services that give them backdoor access regardless of how long your password is. They don’t need to know your mother’s maiden name or the city in which you met your spouse to gain access to your accounts and data.
They probably already have it.
According to Maximum PC:
The most worrying bit, though, is that the agency owes a lot of its eavesdropping capabilities to its success in secretively influencing tech companies to alter their product designs, “insert vulnerabilities into commercial encryption systems” and weaken security standards. All these activities are part of the SIGINT (signals intelligence) Enabling Project, a program the NSA has spent around $800 million on since 2011.
The paranoid ramblings of people (myself included) over the past few years are proving to be barely showing the tip of the NSA security iceberg. Their greatest strength (besides undisclosed and untracked budgets) is time – they’ve been working on these projects for over a decade.
Today, they’ve mastered the science and art of getting into any file, any computer, and any database they want. They’ve also mastered the ability to catalog, sort, and retrieve the data as well.
To those who take the security of their data, their personal information, and their digital lives seriously, there really is only one thing that can be done. If unplugging is impossible, people have to take the necessary steps to keep anything important to them offline completely.
* * *
“Encryption” image courtesy of Shutterstock.
I’ve been using PasswordBox for iPhone and I’m really happy with the security features they offer – particularly that they can’t access or even see my master password, so they wouldn’t be able to ‘give’ my information to the government even if they wanted to. Save for going offline, it’s the best solution I’ve found.