NSA Online Spying? You Can Avoid It ... For Now: Page 2


"The safe might be rated 30 hours if you try to drill through the front door," Soltani explained. "But the NSA might know that there's a secret weakness in the side wall that only takes six hours to get through."

Even with that edge, experts say, the NSA still has to put enough effort into cracking a particular email or encrypted phone call that it probably remains impractical for the agency to spy on vast numbers of people at once.

"Encryption acts as a sort of friction," said Christopher Soghoian, a computer security expert at the American Civil Liberties Union. "It slows down the government. If it takes them a day to crack the encryption on an email, they won't be able to do it for the entire U.S. population."

10 New Gadgets Ready for Their Close-Up

Additionally, there are indications that the government still hasn't figured a way around every encryption program. In an online chat in June, Snowden himself advised Internet users that "properly implemented strong crypto systems are one of the few things you can rely on."

Phil Zimmermann, founder Pretty Good Privacy (PGP), a popular encryption system now owned by Symantec, told the Washington Post that he's confident that the NSA hasn't yet beaten the program.

"The fact that they use PGP for government users indicates that they haven't broken it," he said. "Otherwise they'd have stopped using it."

5 Ways to Catch the NSA's Attention

If there's a silver lining to the revelations about the NSA's anti-encryption efforts, it's that they may prod Internet companies -- from email services to websites -- to beef up their encryption technology to make the government's job more difficult.

"They've been embarrassed," said Evan Hendricks, publisher of the Washington, D.C. area-based newsletter Privacy Times. "They made these representations that your email is private, and now it turns out that it isn't. So their scrambling to cover up."

Soghoian says that too many Internet companies have been using older, obsolete encryption technology, because the patents covering those programs have expired, making them cheaper than more up-to-date programs.

"What many websites are using today is not as good as it should be," he said. "But as a consequence of these articles being published about the NSA, people in the security industry will be pushing for a more rapid upgrade of encryption algorithms."

One company that's already in the process of strengthening its privacy protections is search and email giant Google, which is encrypting the information that flows between its global data centers.

"The security of our users' data is a top priority,' a Google spokesman wrote in an email. "We do not provide any government, including the U.S. government, with access to our systems. As for recent reports that the U.S. government has found ways to circumvent our security systems, we have no evidence of any such thing ever occurring."

Recommended for you