In an encouraging sign of greater concern for privacy rights following the revelations by Edward Snowden, Yahoo announces that it is increasing its encryption measuresto protect users’ data.
The moves are being spearheaded by Alex Stamos, a well-known security researcher who has been an outspoken critic of the NSA’s mass surveillance programs and was just appointed as Yahoo’s chief information security officer.
“The goal is all traffic to and from Yahoo users is going to be encrypted all the time by default, and invisibly. This is not going to be something you have to think about all the time,” he said. “Preventing surveillance of millions of people at a time is totally within our abilities,” Stamos said.
Yahoo was working with thousands of partners to make sure encryption was as widespread as possible, and pushing media partners and advertisers to encrypt by default.
This is the way that the spying by the NSA and GCHQ can be at least partially thwarted, by the technical people at the big companies putting in place such measures because of pressure from their customers. Once the companies do this, mass surveillance will become too difficult and the NSA will be forced to use its resources so as to target only those people who they deem to be a serious risk and get warrants to do so.
Announcing something that will be totally invisible to users. Kind of like God. And even if they do begin to encrypt everything, they must still contend with federal law that REQUIRES that all decryption keys be provided to the government, no exceptions.
This is bread and circuses, a pointless exercise that will have zero net effect except trick people into giving up even more information about themselves.
Unless every provider signs on, this won’t help at all. They could still intercept it as it leaves Yahoo.
Even then, I’m not seeing how this will hold up against NSA requests. It would just be a few extra milliseconds as the relevant data is decrypted. Hardly enough to slow down the NSA noticeably. Encryption algorithms slow enough to actually make the NSAs job harder, much less hard enough that they are forced to be more targeted, would be enough to seriously impact user experience. No one wants to wait five minutes to have their email decrypted, especially if it’s anything time sensitive, or you waste that five minutes just to find out about a Nigerian prince who needs just a little help getting 50 million out of the country.
I briefly thought that PGP support might help, but simple enough to see wide use would probably require automatically grabbing public keys from a keystore somewhere, and the NSA could just go ahead and do that too. PGP might help, but not if a public keystore is involved, so it’s really mostly useless unless the end user is willing to put in some work on secure key exchange.
That being said, this scheme should be useful against unauthorized access, such as crackers, and if key management is good, against many cases of disgruntled employees(as long as it’s not the key holder that is disgruntled). It’s a good thing to do, just not all that helpful against the NSA. Bringing the NSA in is just marketing, possibly setting up for justifying downtime should something break while implementing this.
Sorry… I got public and private key roles mixed up with PGP.
Still, simple enough for wide use would probably require the persons private key to be on Yahoo’s server- at least for webmail access. I don’t see an easy way for Yahoo to shield it from the NSA.
Building a PGP key store into a web browser, that might be interesting. Maybe Yahoo can get some Chrome and Firefox devs to build some extensions?
Analogy: This is like detouring through a tunnel while traveling between two places so no one can track you while you drive. In theory yes, they can’t watch you in the tunnel. But in practice you’re coming out the other end, they know where the ends are, and they can just get you there. In this case what that would specifically do is cause them to get the data from Yahoo directly just like they’re already doing. As a side note, this is why the suggestion that having the companies store this data instead of the NSA is so incredibly stupid. It just makes companies pay for storage instead of the NSA.
It’s a good idea and needs to happen but until it’s more like Lavabit where you’re encrypting it while it’s on the server too, it’s just not going to affect the NSA much. But it’s a necessary first step because otherwise they’d just slurp your data off at any point in the network instead.
@lanir,
As I understand it, what you are describing is a man-in-the-middle attack, of someone intercepting communications in transit. What encryption does is make everything encrypted while in transit so that even if someone accesses it, they would still have to decrypt it and that is very difficult to do even on an individual basis and would be impossible on a mass scale.
However, I am not an expert so take my comments with a lot of salt.