Skip to main content

The Snowden effect: How one whistleblower has made encryption cool

What's significant about Yahoo's encryption projects, as well as others recently undertaken over at Google, Facebook, Twitter, and a number of other companies, is the fact that these are happening at all. Keep in mind that just a year ago these projects would not have been considered to be high priority.

Last week, Yahoo announced some important improvements to its services to prevent snoops – even government ones – from eavesdropping on users. The Internet giant said all communications between its data centres are now encrypted, and a secure version of Yahoo Messenger is expected shortly. Yahoo has also enabled encryption of mail between its servers and other mail providers.

Yahoo is not the only company rolling out new security and privacy-friendly elements to its services and products for mainstream users. Google chairman Eric Schmidt told attendees at the South by Southwest conference that the search giant encrypts all its data centre traffic. Google also recently announced Gmail would use HTTPS by default to protect users. Secure chat messaging apps and cloud storage providers are bringing encryption to the average user, and users are welcoming these new products. The changes may be in direct response to the National Security Agency's extensive surveillance programs, but the users are the ones who ultimately benefit.

"I would also like to say: good job NSA. You turned Yahoo into an encryption powerhouse," Matthew Green, a professor of cryptography at Johns Hopkins University, wrote on Twitter shortly after the announcement.

The Snowden effect

Yahoo in particular was saddled with a reputation for being lax about security, although it wasn't alone. Vendors and companies were generally apathetic about security and privacy for consumers, since users appeared to care more about speed and ease of use than about extra security. Instead of putting the thinking caps on and innovating in terms of how security could be seamless for users, companies tended to build features users could see and appreciate.

Products and services devoted to securing online communications, protecting data, and shielding user activity were available, so long as you were an enterprise with a large IT budget. Need to secure messages and emails sent from mobile devices? Blackberry cornered the government and corporate market with its emphasis on security. Have documents containing sensitive data such as financial records? Businesses could buy secure file transfer services, encrypted drives, and other tools to protect their information. But these products were out of reach of end-users.

This changed in the past year, after former contractor Edward Snowden stole thousands of files from NSA's servers. People woke up. People started thinking about their emails, about the files they had on Dropbox, and the idea that info-hungry malware could read the documents on their computer. And they started asking about encryption.

"Snowden is the reason Yahoo now wants to be an industry leader on encryption. This is undeniable, even if you think Snowden is a traitor," Chris Soghoian, a privacy advocate with the American Civil Liberties Union said on Twitter.

Changes afoot

This awareness is a good thing. It's a little sad we had to have a massive case of insider theft to get to this point, but it crystallised the importance of encryption in a few short months – which is something security experts have been trying to do for years.

And along with Yahoo changing its practices, we are seeing a lot of new products and services designed to protect users online. HP is shipping Trust Circles with its laptops, as well as making the software available to other users. Cloud storage providers such as SpiderOak and CertainSafe encrypt individual data files. Secure messaging apps such as Wickr, CryptoCat, TextSecure, and RedPhone are gaining popularity. There are rumours that Facebook is considering building an anonymity app similar to Secret. Google has been long-rumoured to be working on a way to make encryption transparent on Drive.

Companies are beginning to deliver security features because users are finally demanding them. There's still a lot to do, but we have more choices now than we did a year ago.