Another day, another NSA revelation courtesy of our favorite whistleblower, Edward Snowden. This one suggests that no internet encryption method is safe, that some technology companies that created these security protocols have actually worked with the agency to provide "back doors" into these encryption schemes. Virtual private networks (VPNs), which companies use to give employees secure remote access to their internal networks, are among the encryption schemes that the NSA has reportedly been working on breaking.
Wonderful. At this point every CIO in America must be wondering what he or she has to do provide secure communications, because in the face of these revelations it seems close to impossible.
What's really concerning: If the NSA has a backdoor, some other organization -- whether organized crime, a well-funded rival, or another country looking for an edge for its industry -- might have the ability to take advantage of these exploits as well.
That's the problem with the NSA's approach. Ostensibly, they are there to protect the security of the US, but in the name of securing us, they have made our ability to conduct business far less secure. The flaw in building a way around any security protocol is that no matter how altruistic those reasons may be, once there is a flaw, anyone can exploit it.
That means you have zero chance of protecting your most secret communications, whether that's your next product release, a merger or acquisition, a layoff, a key hire, or anything else. There's a good chance somebody can break the security protocol you've used to protect those communications and someone with nefarious goals can exploit that information to make money, embarrass you, gain a competitive advantage, or whatever else.
It's gotten me thinking that perhaps, Woodward and Bernstein had it right when they met their primary Watergate source "Deep Throat" in the corners of dark parking garages. When I pointed this out to some journalist friends recently, one pointed out that today, someone armed with an infrared camera and a distance mike could record the conversation.
In reality, there is no longer any secure way to send your communications. As a journalist this is particularly frightening. Cultivating secret sources becomes a huge challenge when your communications channels are being monitored by the government.
So what can you do besides throwing up your hands in frustration and disgust? Security guru Bruce Schneier writing in The Guardian outlined some ways you could possibly protect your company from NSA snooping, including turning to open-source encryption software, which is less likely to have back doors. None of the methods described in the article are foolproof. They are more meant to give you a fighting chance to stay off the snoops' radar.
Another idea, not mentioned in that article, is to lobby the government to stop spying on its citizens. This is not only a civil liberties argument -- it's also an economic imperative.
You could argue that most businesses have nothing to worry about, and in truth they probably don't, but if the government can pressure the technology companies to help them with their backdoor schemes, your company might be next -- for whatever reason. That would seem worth a call to your government officials for a chat. Heck, they'll be listening anyway.