To Foil NSA Spies, Encrypt Everything

In the world of cybersecurity, Bruce Schneier is an unusually accessible voice for those of us who feel we dont quite understand whats going on. The author of 12 books, and a prolific blogger and speaker, Schneier helped the Guardian go through the top-secret documents from the U.S. National Security Agency leaked by Edward Snowden last year.

So he knows what hes talking about when discussing the import of Snowdens revelations, which he did Wednesday at the Real World Cryptography Workshop, held in the gothic Great Hall at City University of New York in upper Manhattan.

Honestly, my favorite thing about these documents is the code names, he said, to laughter from the mostly male, relatively young crowd. He rattled them off: FoxAcid, Ferret Cannon, United Rake, Blackheart, Blarney, Quantum. His vote for the stupidest: EgotisticalGiraffe, an exploit aimed at the Firefox browser.

Schneier quickly turned serious. Were faced with a government agency on a quixotic mission to collect everything, from chats in online gaming worlds like Second Life, to data passed from air to ground when you use a laptop on a plane, he said. And while the NSA may have turned the Internet into a giant surveillance platform, this is just what every nation state is doing.

We actually dont know whats broken, he said. I get asked all the time, can I trust this, can I trust that? The truth is we dont know, and we have to move forward.

There is some good news in the Snowden documents, Schneier said, and thats that encryption still works. The NSA has often been able to get around it because other parts of the equation, like software or hardware, are insecure. Still, most current cryptography gives the NSA some trouble, and a lot of the data that the NSA snags isnt encrypted. That means were making it too easy for the NSA to pursue its collect everything mania. Schneiers solution: encrypt everything we can, from the cloud to cell phones.

Schneiers not advocating stopping the NSA from targeted spyingthered be no debate right now if Snowdens documents had shown the NSA spying on North Korea and the Taliban. He just wants to make it cheaper for the NSA to target the bad guys than for them to target everybody and get the bad guys incidentally.

Above all, we have to shift the terms of the debate, he said. Defenders of the NSA cast us in an arms raceif we dont do it, others will. Thats absolutely the wrong argument, he said. Its not us vs. them, its security vs. insecurity. Either we build an Internet that is secure for all users, or an Internet that is vulnerable to all attackers.

Link:

To Foil NSA Spies, Encrypt Everything