Silicon Valley Nerds Seek Revenge on NSA Spies With Super Coding

Silicon Valley Nerds Seek Revenge on NSA Spies With Super Coding

Google Inc. (GOOG), Facebook Inc. (FB) and Yahoo! Inc. (YHOO) are fighting back against the National Security Agency by using harder-to-crack code to shield their networks and online customer data from unauthorized U.S. spying. The companies, burned by disclosures they’ve cooperated with U.S. surveillance programs, are protecting user e-mail and social-media posts with strengthened encryption that the U.S. government says won’t be easily broken until 2030.While the NSA may find ways around the barriers, the companies say they have to assure users their online connections are secure and data can’t be grabbed when transmitted over fiber-optic networks or digitally stored.

Microsoft Corp. (MSFT) is convinced it must “invest in protecting customers’ information from a wide range of threats, which if the allegations are true, include governments,” Matt Thomlinson, general manager of trustworthy computing, said in an e-mail. He didn’t provide details.

Internet companies including Google, Yahoo, Facebook, Microsoft and Apple Inc. (AAPL) are trying to distance themselves from news reports that they gave the agency data on electronic communications of Americans and foreigners or have lax security.

While the companies are trying to prevent the NSA from gaining unauthorized access to their data, they say they comply with legal court orders compelling them to provide the government information.

The NSA has tapped fiber-optic cables abroad in order to siphon off data from Google and Yahoo, circumvented or cracked encryption, and covertly introduced weaknesses and back doors into digital coding, according to reports in the Washington Post, the New York Times and the U.K.’s Guardian newspaper based on documents leaked by former NSA contractor Edward Snowden.

Game On

Companies are fighting back primarily by using increasingly complex encryption, which scrambles data using a mathematical formula that can be decoded only with a special digital key. The idea is to protect sensitive information like e-mails, Internet searches and digital calls.

Google has accelerated efforts to encrypt information flowing between its data centers, doubled the length of its digital keys and implemented measures to detect fraudulent certificates for verifying the authenticity of websites, according to a statement from the Mountain View, California-based company.

NSA spy programs have “the great potential for doing serious damage to the competitiveness” of U.S. companies, Richard Salgado, Google’s director of law enforcement and information security, told a Senate subcommittee Nov. 13.

Government Threat

“It’s very important that the users of our services understand that we are stewards of their data, we hold it responsibly, we treat it with respect,” Salgado said. “We’ve already seen impacts on the businesses.”

Google, Yahoo and Facebook generated $44.4 billion in advertising revenue so far in 2013 in part by mining users’ private data, according to Bloomberg Industries.

An Aug. 14 analysis by Forrester Research Inc. (FORR) analyst James Staten found the U.S. cloud computing industry could lose as much as $180 billion by 2016 due to the spying disclosures.

Yahoo will make encrypted connections standard by January for all its Mail users with 2048-bit digital keys, one of the stronger algorithms and twice as strong as previous standards, Sarah Meron, a spokeswoman for the Sunnyvale, California-based company, said in an e-mail.

Facebook, in addition to moving toward 2048-bit encryption keys, is accelerating a tactic known as “perfect forward secrecy” that prevents the NSA from deciphering the communications of users if it obtains a security code, Jodi Seth, a company spokeswoman, said in an e-mail.

Google announced in July it was moving to 2048-bit encryption. Kristin Huguet, a spokesman for Cupertino, California-based Apple, didn’t respond to e-mails.

Malware Unlocking

The National Institute of Standards and Technology has determined that known computing power won’t be able to break 2048-bit encryption until at least 2030.

Agencies like the NSA use stronger encryption, said Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard Law School.

Schneier recommends companies encrypt everything even though the NSA can often defeat it by, among other tactics, installing malicious software on computers to steal the security keys that unlock encryption codes.

“The NSA has turned the Internet into a giant surveillance platform,” Schneier, a computer security and privacy specialist, said in a phone interview.

Backdoor Grab

The companies may not be moving fast enough in a cat-and-mouse game with the NSA, said Kurt Opsahl, senior staff attorney for the San Francisco-based digital rights group Electronic Frontier Foundation.

“The NSA is one of the largest, most powerful, well-funded intelligence agencies in the world,” Opsahl said in a phone interview. “While the government has been misusing its legal authorities to require a set of data at the front door, the NSA has been sneaking in the back door to grab all the data.”

The NSA collects “the communications of targets of foreign intelligence value, irrespective of the provider that carriers them,” the agency said in an Oct. 31 statement.

The U.S. uses “every intelligence tool available” to intercept electronic communications of suspected terrorists relying on “the very same social networking sites, encryption tools and other security features” as innocent Americans, Director of National Intelligence James Clapper said in an Oct. 4 statement.

‘Political Problem’

Encryption isn’t foolproof. The NSA can use hacking attacks to obtain security keys or compel companies to hand them over with court orders, said Jonas Falck, chief executive officer and co-founder of Halon Security Inc., a network security company with U.S. headquarters in San Francisco.

Companies like Google also introduce security vulnerabilities when they decrypt data to analyze user trends for advertising purposes, Falck said in a phone interview. Google spokeswoman Niki Fenwick said the company declined to respond to this concern.

Companies have different levels of encryption, which mean electronic communications sent between them may not be protected from starting point to end point, Opsahl said.

Encrypting data can, at the least, make it harder for the NSA to gain unauthorized access to information, forcing the agency to pick targets or come out of the shadows and go before a court to obtain it legally, Opsahl said.

The other thing companies can do is lobby Congress to change the law to restrict what the NSA is able to do, according to Schneier.

“There is a technology component, but primarily this is a political problem,” Schneier said.

To contact the reporter on this story: Chris Strohm in Washington at

About bambooinnovator
Kee Koon Boon (“KB”) is the co-founder and director of HERO Investment Management which provides specialized fund management and investment advisory services to the ARCHEA Asia HERO Innovators Fund (, the only Asian SMID-cap tech-focused fund in the industry. KB is an internationally featured investor rooted in the principles of value investing for over a decade as a fund manager and analyst in the Asian capital markets who started his career at a boutique hedge fund in Singapore where he was with the firm since 2002 and was also part of the core investment committee in significantly outperforming the index in the 10-year-plus-old flagship Asian fund. He was also the portfolio manager for Asia-Pacific equities at Korea’s largest mutual fund company. Prior to setting up the H.E.R.O. Innovators Fund, KB was the Chief Investment Officer & CEO of a Singapore Registered Fund Management Company (RFMC) where he is responsible for listed Asian equity investments. KB had taught accounting at the Singapore Management University (SMU) as a faculty member and also pioneered the 15-week course on Accounting Fraud in Asia as an official module at SMU. KB remains grateful and honored to be invited by Singapore’s financial regulator Monetary Authority of Singapore (MAS) to present to their top management team about implementing a world’s first fact-based forward-looking fraud detection framework to bring about benefits for the capital markets in Singapore and for the public and investment community. KB also served the community in sharing his insights in writing articles about value investing and corporate governance in the media that include Business Times, Straits Times, Jakarta Post, Manual of Ideas, Investopedia, TedXWallStreet. He had also presented in top investment, banking and finance conferences in America, Italy, Sydney, Cape Town, HK, China. He has trained CEOs, entrepreneurs, CFOs, management executives in business strategy & business model innovation in Singapore, HK and China.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: