NSA and Your Security

If you genuinely need privacy, use the one-time pad.

Recently the NSA came clean on a few issues at one of the many tech conferences taking place annually. Obviously they aren’t going to tell the whole story, but there’s no harm in making use of what they will tell us.

First off: PGP and GnuPG for encrypting your email generates an awful lot of useful “noise” that allows the NSA to collate all your connections. That noise is called “meta-data” — the wide open system chatter that allows computers to transmit information back and forth. Such things as length of message, frequency, timing within various contexts, etc., tells them who is actually worth investigating.

Second: If they decide you are interesting, they will get into your system or network. They will persist and rely on the weakest link — humans. They admit that the best way to slow them down is know your equipment and how it actually works. In other words, keep your IT technical expertise in-house and pay the price for real expertise. Get your IT people trained in security procedures and detecting intrusions. There is a powerful hint that using Open Source software where possible is one of the best ways to keep your security in-house. The NSA admits they have friends in the commercial software industry.

The best way to hide your private messages is in the most humdrum routine traffic. You’d be surprised how effective a private code language is when used as a matter of routine communications. And if something really must be kept secret, use a one-time pad because it reduces the likelihood it will be noticed in the massive traffic vacuuming the NSA does. And when they do notice such encryption, there is no way at all they can decrypt it without actual assistance from one of the participants. It takes time to get it right: More on the subject here and here and sample generators here and here.

The better policy is to remove as far as possible any need for such encryption. With a different moral frame of reference, the whole question dies. Heart-led living is the single biggest game changer. The real issue with computer security is keeping as much control over your stuff as possible, and that starts with having full control over your system. The more it matters, the more you have to make sure you gain some expertise.

About Ed Hurst

Disabled Veteran, prophet of God's Laws, Bible History teacher, wannabe writer, volunteer computer technician, cyclist, Social Science researcher
This entry was posted in computers and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s