The NSA And Your Cloud Data: Navigating The Noise

Grazed from InformationWeek.  Author: Elan Yorad.

In the past few months, we’ve seen more and more coverage of how existing laws have been used to gain access to cloud-based data without the data owner’s knowledge or consent. What’s different with the latest revelation, as highlighted in The New York Times recently, are reports of the National Security Agency actively trying to undermine encryption technology and standards, including those adopted by National Institute of Standards and Technology, such as the Dual EC DRBG standard.

Does this mean that the NSA’s reach into electronic communications is so profound, and its abilities to dig into our communications so extensive, that businesses must come to terms with two equally unattractive options: accept that there is no way to control their own data even when they encrypt it, or avoid using cloud services?…

In short, no. Peeling back the layers, the situation is not as dire as heated coverage suggests. In fact, security experts say that the reports, while critical to fostering a debate on policy and law, could have overstated the NSA’s capabilities. While basic precautions are unlikely to stand in the way of the NSA’s surveillance efforts, as cryptography expert Bruce Schneier notes: "The defense is easy, if annoying: stick with symmetric cryptography based on shared secrets, and use 256-bit keys." Without access to the keys or the ability to crack the encryption, the NSA must directly approach the data owner who holds the keys to access the data…

Read more from the source @ http://www.informationweek.com/security/encryption/the-nsa-and-your-cloud-data-navigating-t/240161221?cid=RSSfeed_IWK_ALL