There are effective ways to encrypt data, whether it is in transit or in storage, but if that data is left in the clear at any point along its path, it is vulnerable to theft or tampering <\/p>\n
Courtesy of Travis Goodspeed, via Flickr <\/p>\n
Since the dawn of the Web and ubiquitous free e-mail services over the past two decades, the need to secure personal information online has been evident but often ignored. Last months exposure of the U.S. National Security Agencys PRISM program for collecting data on individuals suspected of plotting terrorist attacks, spying or other forms of malfeasance (pdf) has helped bring privacy issues back into the spotlight. In fact, the news about PRISM even encouraged some prominent Internet pioneers to condemn the practice and call for renewed efforts among Internet users and their service providers to encrypt more data, to protect it from prying eyes. <\/p>\n
Vint Cerf, Googles chief Internet evangelist and co-developer of the TCP\/IP communications protocol that makes the Internet tick, recently told The Times of London that computer scientists should devise an anti-snooping solution for the Web using encrypted communication. Cerf encouraged developers to reexamine how some of the Internets core security featuresin particular Internet Protocol Security (IPsec)were designed to enable end-to-end cryptography. <\/p>\n
Unfortunately, cryptographys ability to thwart online surveillance or theft comes with a number of caveats and qualifications. Cerfs comments highlight a key difficulty in using encryption to protect data as it traverses the Internet and comes to rest on a computer or storage drive. Given the diversity of the digital terrain, data is rarely encrypted from start to finish. Even when data is encrypted in transit from one computer to another in a network, it often must be decrypted at each point and reencrypted when handed off to the next computer. If any of these way stationswhether a PC, a Web server or a piece of networking equipmentis not well protected, unencrypted data is left vulnerable to prying eyes. <\/p>\n
Data at rest There are several programs available for encrypting data once it is stored on an end point like a PC or laptopincluding Microsoft BitLocker, Apple FileVault, PGPdisk and TrueCrypt. These programs typically create an encrypted volume on the hard drive or encrypt the entire hard drive using a key derived from a password that you type in as part of the start-up process. <\/p>\n
The catch is that users have to actively set up these programs. They dont run by default, and many people dont even know these programs exist. <\/p>\n
In motion Data in transit within the network can be encrypted using a number of different approaches, says cryptographer Paul Kocher, president and chief scientist of Cryptography Research, a designer of data, computer and network security systems. A widely used example is a password-protected wi-fi network, where the password is essentially used as an encryption key or to derive encryption keys so that data going from your machine back to the router is only accessible to people who know that password. Pretty Good Privacy (PGP) and Secure\/Multipurpose Internet Mail Extensions (S\/MIME) are a couple of other common encryption technologies but are limited primarily to e-mail transactions. <\/p>\n
Secure Sockets Layer (SSL) protocol offers a broader example of how data can be encrypted in transit. Kocher helped develop SSL, a cryptographic protocol used to encode communications over TCP\/IP networks, for Netscape as a means to transmit private documents via the Internet in the mid-1990s. SSL uses a cryptographic system with two keysa public key to encrypt the data and a private key, known only to a messages recipient, to decipher it. <\/p>\n
If used properly, SSL encrypts a users data from their Web browser to the Web server. The browser can use SSL, for example, to authenticate that your computer is communicating with an actual Web site as opposed to an imposter set up to steal data or spread malware. (Note that URLs requiring an SSL connection start with https instead of http.) <\/p>\n
<\/p>\n