Encrypted e-mail, secure instant messaging and other privacy services are booming in the wake of the US National Security Agency’s (NSA) recently revealed surveillance programs. However, the flood of new computer security services is of variable quality, and much of it, experts say, can bog down computers and is not likely to keep out spies.
In the end, the new geek wars, between tech industry programmers on the one side and government spooks, fraudsters and hacktivists on the other, may leave people’s PCs and businesses’ computer systems encrypted to the teeth, but no better protected from hordes of savvy code crackers.
“Every time a situation like this erupts you’re going to have a frenzy of snake oil sellers who are going to throw their products into the street,” says Carson Sweet, chief executive officer of San Francisco-based data storage security firm
Encryption is not meant to keep out hackers, but when it is designed and implemented correctly, it alters the way messages look. Intruders who do not have a decryption key see only gobbledygook.
A series of disclosures from former intelligence contractor Edward Snowden this year has exposed sweeping US government surveillance programs.
The revelations are sparking fury and calls for better encryption from citizens and leaders in France, Germany, Spain and Brazil who were reportedly among those tapped.
Both Google and Yahoo, whose data center communications lines were also reportedly tapped, have committed to boosting encryption and online security.
For those who want to take matters into their own hands, encryption software has been proliferating across the Internet since the Snowden revelations broke.
Many of the people behind these programs are well known for pushing the boundaries of privacy and security online.
The quality of these new programs and services is uneven, and a few have run into trouble.
“What we found is the encryption services range in quality,” says George Kurtz, chief executive of Irvine, California-based CrowdStrike, a big data, security technology company.
Even so, private services report thousands of new users, and nonprofit, free encryption services say they have also see sharp upticks in downloads.
And for many users, encryption really is not enough to avoid the US government’s prying eyes.
Paris-based Bouygues Telecom told its data storage provider Pogoplug in San Francisco that it needs the data center moved out of the US to get out from under the provisions of US law.
So this month, PogoPlug CEO Daniel Putterman is keeping Bouygues as a client by shipping a multi-million dollar data center, from cabinets to cables, from California to France.
Bouygues spokesman Alexandre Andre does not draw a direct connection with the US Patriot Act, and says Bouygues’ arrangement with Pogoplug is driven by concerns over performance and privacy.
Andre says Bouygues wants the data stored in France, but it was up to Pogoplug to decide whether this would be done on Bouygues’ own servers or Pogoplug’s.
Many warn that encryption offers a false sense of security.
“The fundamental designers of cryptography are in an arms race right now, but there are a series of weaknesses and missing oversights that have nothing to do with encryption that leave people vulnerable,” says Patrick Peterson, CEO of Silicon Valley-based e-mail security firm Agari.