Cyber security is a hot topic. Each passing day, we hear about more advanced security technologies. But how efficient is cyber security? And how exactly does it work?
Surely, the Edward Snowden case brought internet security from the world of IT specialists to the mainstream audience. It was shocking to learn that one of the most security-conscious organizations in the world had been hacked. What about ordinary users like us? Just to recap, Edward Joseph Snowden is a computer professional and a former Central Intelligence Agency (CIA) employee who presumably copied classified information from the US National Security Agency (NSA) and UK Government Communications Headquarters (GCHQ) for public disclosure in 2013. The information published revealed numerous global surveillance programs, many run by the NSA and with the cooperation of telecommunication companies and European governments.
Leaked information raised concerns from two opposing sides. From the user’s point of view, what was published by Snowden indicated a very large scale surveillance practice by governments, and confirmed privacy invasion and infringements on our freedom of communication. Learning that states were able to review and catalogue messages transmitted through popular email services was terrifying for users.
From the state’s point of view, it was a major security breach and an unacceptable act of vengeance, regardless of the content of the information leaked. Prime Minister David Cameron said “Britain is not a state that is trying to search through everybody's emails and invade their privacy. We just want to ensure that terrorists do not have a safe space in which to communicate.”
Later this year, the UK government is planning to introduce a new law which will ensure that any form of communication, whether email, text message, or video chat, can always be read by the police or intelligence services if they have a warrant.
Clearly, cyber security has become a major subject for both consumers and for national security. Technology companies have started to improve security measures, and broaden traffic encryption coverage. Encryption seems to have become the ultimate solution to all our security worries. What exactly is it: new technology, or has it already been in use for some time?
Traditional” encryption
Encryption is essentially scrambling data sent from one party to another in order to make it impossible to be read by a third party during its journey through the internet. There are two main types of the encryption: Server-side and Client-side.
Server-side encryption is the most common and traditional way of data encryption. It is basically encrypting the data on the server so that only provider and data owning client are allowed to see them. For example, Amazon S3 encrypts data at the object level as it writes it to disks in its data centers, and decrypts it for when it is accessed. As long as the request for the information is authenticated and the user has the access permissions, there is no difference in the way encrypted or unencrypted data is accessed.
Client-side encryption is the technique of encrypting data before it is transmitted to a server in a computer network. Usually, encryption is performed with an “encryption key” which is a piece of text, a code block, or software, that is not known to the server. Consequently, the service provider is unable to decrypt the hosted data. In order to access the data, it must always be decrypted by the client. Client-side encryption allows for the creation of “zero-knowledge applications”, which means providers cannot access the data its users have stored, thus offering a high level of privacy. However, client-side encryption is a bit like living in a fortress with limited interaction with the outside world. You may be secure in your fortress (PC), but unable to benefit from a broad spectrum of offerings out there because you are simply locked inside for safety.
A negative aspect of the server-side encryption is that service providers can still see your data because they have the encryption key. For example, Dropbox has the encryption key to view all data stored on their servers. So while it’s true that it’s an encrypted service, it is also true that Dropbox has full access to its servers and that the company could decide to cooperate with government surveillance programs (such as the US Patriot Act), or a rogue employee could snoop through user’s files.
It is also a fact that providers wants to (and do) analyze customer data for targeted advertising. You may test this yourself by simply searching for “bird seed” from your favorite browser. You should not be surprised when you then see bird-related ads while you continue browsing the web.
Knowing all these benefits and considerations, the technological world responded to this situation with a more advanced method of encryption, called End-to-End Encryption. Considering the complexity of this type of encryption (sometimes abbreviated as 'E2EE') we will address its particularities, its advantages and its disadvantages, in the next article on encryption.
Sources:
http://www.zdnet.com/article/the-impossible-war-on-encryption/
http://feelthebern.org/bernie-sanders-on-privacy-and-digital-rights/
http://www.wired.com/2016/01/security-news-this-week-now-california-wants-to-ban-encrypted-phones-too/
http://www.wired.com/2015/12/securitys-biggest-winners-and-losers-in-2015/hite-house-support-encryption/
http://www.wired.com/2015/12/securitys-biggest-winners-and-losers-in-2015/
http://www.wired.com/2015/12/security-this-week-the-government-really-doesnt-seem-to-like-encryption/
Photo credit: geralt via Pixabay, CC0 Public Domain License
Further reading:
SHAPING THE CYBER FUTURE
THE LARGEST CYBER-ATTACK IN SWITZERLAND
This is a really hot topic nowadays and this article is puts it together really well. Thanks!
A good account of the current state of matters in cyber security. I am looking forward to your next article on encryption.
quite inspiring and informative! thanks