It’s been just over a year since the British newspaper The Guardian began releasing leaked intelligence information from former NSA analyst Edward Snowden. In partnership with the paper’s Glenn Greenwald, Snowden painted a picture of a National Security Agency that had become more like the tyrannical government in Orwell’s 1984 than a benevolent body that just wanted to keep the United States safe. The conclusion? We’ve all, every single one of us that uses the internet, have been and continue to be watched online.
Huge tech companies, from Google to Twitter, promised to start encrypting their users data and closing security holes — not a foolproof way to ward off the NSA, but encryption makes it more difficult for them to act on their carte blanche. While many of our most used services, like Facebook, did take steps to encrypt their data, a new report from National Public Radio (NPR) shows that those countermeasures against government overreach have fallen far short of the mark.
Holes in Encryption Show Defense is Far from Absolute
Steve Henn, a reporter with NPR, recently worked in unison with tech site ArsTechnica’s Sean Gallagher and Dave Porcello, a security expert with security firm Pwnie Express, to tap the computer and mobile devices at his home office. After all of the announcements since June 2013 that his favorite sites would be encrypting their data, Henn was relieved but not convinced. His home bugging experiment seems to have proved his suspicions accurate.
Henn used Google Maps to get directions from his home to a future destination. The data, supposedly encrypted, was easily picked up by his teammates, telling them exactly where he was going. Google search queries, also meant to be encrypted, were leaking the subject to Henn’s group of prying eyes. It’s worth noting that email and the vast majority of Google services are encrypted, but these holes are cause for concern. This isn’t meant to pick on Google, either. Twitter, Facebook, Apple’s App Store: name your favorite site that is supposedly encrypted, and chances are it isn’t — at least, not fully.
“Before anyone starts crying wolf, let’s also remember that this is the internet – it’s sort of a public communication technology by definition” says Andreas of Globi.ca. “If you’re not involved in questionable activities, what does it really matter if the NSA can read your data? If they want to see the webcam feed of me picking my nose at home, so be it, I don’t care. I hope that a lot of Americans would care though that their tax dollars are going to pay someone to watch me pick my nose.”
Of Course, We Didn’t Need NPR to Tell Us Any of This
While the story is undoubtedly interesting, it does little more than serve as confirmation of what many avid web users already know. Social media giants and media moguls may have taken steps to encrypt data and better protect their users, but the reality of our vulnerability can be seen around us everyday. Twitter was hacked — again — on Wednesday, when its TweetDeck application, a tool designed for monitoring different feeds, was broken into. Big accounts, like that for the White House, were even caught up in the scandal. That’s a vulnerability that should have been picked up in their push to protect user data.
And Twitter isn’t alone here. The problem is that, at least for the moment, very few tech companies have the strength to put up any real fight against the blunt force of NSA technologies. The NSA itself has stated during multiple lawsuits attempting to shut down its Orwellian practices that their systems are too complex to remove any data already gathered and to effectively slow down or specialize their surveillance without shutting the entire program down. Of course, if you believe that, they have a bridge in China they’d like to sell you. Even if they were telling the truth — and again, they’re not — they have little interest in temporarily stopping a program they believe protects the country they’re sworn to protect.
Thanks for trying, internet tech giants.