fb-pixelTechies vs. NSA: Encryption arms race escalates - The Boston Globe Skip to main content

Techies vs. NSA: Encryption arms race escalates

SAN JOSE, Calif. — Encrypted e-mail, secure instant messaging, and other privacy services are booming following the National Security Agency’s recently revealed surveillance programs. But the flood of new services is of variable quality, and much of it, experts say, can bog down computers while not keeping out spies.

In the end, the new geek wars —between tech industry programmers on the one side and government spooks, fraudsters, and hacktivists on the other — may leave people’s PCs and businesses’ computer systems encrypted to the teeth but no better protected from hordes of savvy code crackers.

‘‘Every time a situation like this erupts you’re going to have a frenzy of snake oil sellers who are going to throw their products into the street,’’ says Carson Sweet, chief executive of data storage security firm CloudPassage. ‘‘It’s quite a quandary for the consumer.’’

Advertisement



Encryption isn’t meant to keep hackers out, but when it’s designed and implemented correctly, it alters the way messages look. Intruders who don’t have a decryption key see only garbled text.

A series of disclosures from former intelligence contractor Edward Snowden this year has exposed sweeping US government surveillance programs. The revelations are sparking fury and calls for better encryption from citizens and leaders in France, Germany, Spain, and Brazil who were reportedly among those tapped. Both Google and Yahoo, whose data center communications lines were also reportedly tapped, have committed to boosting encryption and online security.

For those who want to take matters into their own hands, encryption software has been proliferating across the Internet since the Snowden revelations broke. Heml.is — Swedish for ‘‘secret’’ — is marketed as a secure messaging app for your phone. MailPile aims to combine a Gmail-like user friendly interface with a sometimes clunky technique known as public key encryption. Younited hopes to keep spies out of your cloud storage, and Pirate Browser aims to keep spies from seeing your search history. A host of other programs with such names as Silent Circle, RedPhone, and Wickr all promise privacy.

Advertisement



The quality of these new programs and services is uneven, and a few have run into trouble. Nadim Kobeissi developed encrypted instant messaging service Cryptocat in 2011 as an alternative to services such as Facebook chat and Skype. The Montreal-based programmer received glowing press for Cryptocat’s ease of use, but he suffered embarrassment earlier this year when researchers discovered an error in the program’s code, which may have exposed users’ communications. Kobeissi used the experience to argue that new privacy apps need to be aggressively vetted.

‘‘You need to be vigilant,’’ he says. ‘‘We’re two years old and we’re just starting to reach the kind of maturity I would want.’’