Thursday, April 24, 2014
By Martha Mendoza
The Associated Press
(Continued from page 1)
Peter Sunde, right, who founded The Pirate Bay with Gottfrid Svartholm Warg, left, is developing Heml.is, Swedish for “secret,” which is marketed as a secure messaging app for your phone. The Pirate Bay is a notorious file-sharing website.
2009 Associated Press File Photo
“You need to be vigilant,” he says. “We’re two years old and we’re just starting to reach the kind of maturity I would want.”
Heml.is also encountered difficulties and angered users when its creators said they wouldn’t use open source – or publicly auditable – code. And Silent Circle abruptly dropped its encrypted email service in August, expressing concern that it could not keep the service safe from government intrusion.
“What we found is the encryption services range in quality,” says George Kurtz, CEO of Irvine, Calif.-based CrowdStrike, a big data, security technology company. “I feel safe using some built by people who know what they are doing , but others are Johnny-come-latelies who use a lot of buzzwords but may not be all that useful.”
Even so, private services report thousands of new users, and nonprofit, free encryption services say they have also see sharp upticks in downloads.
And for many users, encryption really isn’t enough to avoid the U.S. government’s prying eyes.
Paris-based Bouygues Telecom told its data storage provider Pogoplug in San Francisco that it needs the data center moved out of the U.S. to get out from under the provisions of U.S. law. So this month, PogoPlug CEO Daniel Putterman is keeping Bouygues as a client by shipping a multi-million dollar data center, from cabinets to cables, from California to France.
“They want French law to apply, not U.S. law,” says Putterman, who is also arranging a similar move for an Israeli client.
Bouygues spokesman Alexandre Andre doesn’t draw a direct connection with the Patriot Act, and says Bouygues’ arrangement with Pogoplug is driven by concerns over performance and privacy. Andre says Bouygues wants the data stored in France, but it was up to Pogoplug to decide whether this would be done on Bouygues’ own servers or Pogoplug’s.
“There is a general worry in France over data security, and storing data in France permits us to reassure our clients,” Andre says. The arrangement also helps improve the service’s performance, Andre says, another reason for the move.
For Pogoplug, business is booming – it’s garnered close to 1 million paid subscribers in its first year – and Putterman says the company is anxious to accommodate concerned clients. And this month, Pogoplug launched a $49 software package called Safeplug that prevents third parties, from the NSA to Google, from learning about a user’s location or browsing habits.
But many warn that encryption offers a false sense of security.
“The fundamental designers of cryptography are in an arms race right now, but there are a series of weaknesses and missing oversights that have nothing to do with encryption that leave people vulnerable,” says Patrick Peterson, CEO of Silicon Valley-based email security firm Agari. And many that do work, bog down or freeze computers, forcing “a trade-off between security and convenience,” he says.
In any case, most attacks don’t happen because some cybercriminal used complicated methods to gain entry into a network, he adds.
“Most attacks occur because someone made a mistake. With phishing emails, it just takes one person to unwittingly open an attachment or click on a malicious link, and from there, cybercriminals are able to get a foothold,” Peterson says.
In addition, experts agree that with enough time and money, any encryption can be broken. And already the NSA has bypassed –or altogether cracked– much of the digital encryption that businesses and everyday Web surfers use, according to reports based on Snowden’s disclosures. The reports describe how the NSA invested billions of dollars, starting in 2000, to make nearly everyone’s secrets available for government consumption.
Meanwhile, the U.S. government’s computing power continues to grow. This fall, the NSA plans to open a $1.7 billion cyber-arsenal – a Utah data center filled with super-powered computers designed to store massive amounts of classified information, including data that awaits decryption.