Tuesday, October 8, 2013

Amazon, Home Banking Not Secure Anymore?

Great episode of Science Friday on Encryption last week (with Phil Zimmermann, creator of PGP).  Main takeaway: NSA is weakening security for everyone, making it riskier to do online banking and shop online, and even creating security and legal risks for American businesses. 

Many people don't realize that they use encryption every day. Those who think "I've got nothing to hide" actually do want to hide their bank account numbers, usernames, and passwords, and medical records. Encryption has become so easy to use that it's virtually transparent (just lock for the "lock" symbal, and make sure the web address says "https"). The very technology that makes online banking and shopping secure is the encryption that the NSA and other government agencies have been working to weaken or find ways to just bypass. 

We hear about private data being breached all the time. Last week it was Adobe, the maker of Photoshop, Acrobat, and Flash (still common on web pages, despite Apple's past claim that it was irrelevant). The passwords and credit card numbers that were stolen from Apple were encrypted, but when the NSA works to weaken encryption, they threaten US businesses. Federal Laws mandate that businesses protect information, like your credit card numbers, medical records, etc. Weakening that encryption exposes businesses to the risks of being compromised and possibly of being out of compliance.

This week, NPR is doing a series called Your Digital Trail. I'll be following this series closely and listening for mention of "Meshnet" or "Darknet". Both are alternatives to the Internet, that may still use the Internet, but might allow for better privacy. I recently heard someone on NPR mention "Meshnet" in response to the NSA compromising encryption certificates, but it was just mentioned fleetingly and not fully explained. I also cannot find any story on the NPR web site that mentions Meshnet or Darknet.

A darknet features prominently in Cory Doctorow's Homeland (the sequel to Little Brother, which also essentially has a darknet called "XNet"). A darknet also appears in Charles Stross's Rule 34, but it was used as a black market.

However, it remains to be seen that a meshnet/darknet solution can be made as easy for end users as the kind of encryption the average person uses today.

Update - Other stories in the Your Digital Trail Series:

No comments:

Post a Comment