2015.01.12,

Critique

How to Secure Communication Online

author_posts/samvel-martirosyan
Samvel Martirosyan
twiterfacebook

Media researcher

The latest publication of Edward Snowden’s documents is quite disturbing, as security of online communication becomes more serious. The National Security Agency (NSA), in fact, monitors almost all communications widely spread online.  

Regarding Skype, the NSA training document from Snowden’s archive very clear reads: “Sustained Skype collection began in Feb 2011”. 

According to documents supplied by Snowden, the NSA has a five-point scale to determine the degree of difficulty of accessing online communication, ranging from “trivial” to “catastrophic.”

Thus, reading private messages on Facebook is considered a normal, everyday task, “while the level of difficulty involved in decrypting emails sent through Moscow-based Internet service provider ‘mail.ru’ is considered ‘moderate’.”

Things become more difficult with the use of the Tor network and heavily encrypted email service providers (Zoho is one such provider identified in the document).

Also troublesome is the Off-the-Record Messaging (OTR) cryptographic protocol and programs that use it. The NSA is unable to crack OTR. Such encryption is used by, for example, the apps TextSecure and Signal.

For the secret service, things becomes “catastrophic” when a person begins to use a combination of tools; for example, using an encrypted messaging service through Tor. It’s impossible to crack also those systems that use ZRTP encrypted voice over IP protocol (such as RedPhone, an app which ensures a secure connection on mobile phones ).

Also remaining secure is the now over-20-year-old encryption program PGP (Pretty Good Privacy).

However, according to the document, there are still a number of online communication transactions that aren’t secure and are easily accessible to secret service agencies. Journalists, as bearers of exclusive information, are one of the main targets. 

It’s clear that Snowden’s documents refer to the US secret service, but the US works with Britain, Canada, Australia, and New Zealand. Furthermore, agencies share their information with other countries: for instance, there are have been cases of cooperation with several European countries. 

But most importantly, the programs’ vulnerability hints at systematic problems, which means they can be decrypted by not only the aforementioned secret service agencies, but also smaller countries, major private companies, and organized crime groups. 

And as the data shows, today the security of open source programs is trusted more, since it’s more likely that independent experts can detect any vulnerability.

Samvel Martirosyan

The views expressed in the column are those of the author's and do not necessarily reflect the views of Media.am.


Add new comment

Comments by Media.am readers become public after moderation. We urge our readers not to leave anonymous comments. It’s always nice to know with whom one is speaking.

We do not publish comments that contain profanities, non-normative lexicon, personal attacks or threats. We do not publish comments that spread hate.

Leave a Reply

Your email address will not be published. Required fields are marked *