Techies vs. NSA: Encryption arms race escalates
For Pogoplug, business is booming — it’s garnered close to 1 million paid subscribers in its first year — and Putterman says the company is anxious to accommodate concerned clients. And this month, Pogoplug launched a $49 software package called Safeplug that prevents third parties, from the NSA to Google, from learning about a user’s location or browsing habits.
But many warn that encryption offers a false sense of security.
"The fundamental designers of cryptography are in an arms race right now, but there are a series of weaknesses and missing oversights that have nothing to do with encryption that leave people vulnerable," says Patrick Peterson, CEO of Silicon Valley-based email security firm Agari. And many that do work, bog down or freeze computers, forcing "a trade-off between security and convenience," he says.
In any case, most attacks don’t happen because some cybercriminal used complicated methods to gain entry into a network, he adds.
"Most attacks occur because someone made a mistake. With phishing emails, it just takes one person to unwittingly open an attachment or click on a malicious link, and from there, cybercriminals are able to get a foothold," Peterson says.
In addition, experts agree that with enough time and money, any encryption can be broken. And already the NSA has bypassed —or altogether cracked— much of the digital encryption that businesses and everyday Web surfers use, according to reports based on Snowden’s disclosures. The reports describe how the NSA invested billions of dollars, starting in 2000, to make nearly everyone’s secrets available for government consumption.
Meanwhile, the U.S. government’s computing power continues to grow. This fall, the NSA plans to open a $1.7 billion cyber-arsenal — a Utah data center filled with super-powered computers designed to store massive amounts of classified information, including data that awaits decryption.
AP writers Raphael Satter in London and Greg Keller in Paris contributed to this story.
Follow Martha Mendoza at https://twitter.com/mendozamartha