Facebook to update old methods of crypto to combat NSA spying

Following the turmoil brought on by National Security Agency leaker Edward Snowden, there has been a huge emphasis on data privacy and information security. To combat the public’s concerns, insiders say Facebook is working on a security policy that would make it harder for the government to access users’ data.

The NSA has had public surveillance programs in place for years, but the issue has been put in the spotlight since Snowden’s leaks. He has exposed details of the NSA eavesdropping on U.S. citizens, as well as intelligence collection efforts in China and intelligence collection efforts on our own allies.

It has been revealed that the NSA collects American’s phone records and observes Internet communications via PRISM, covering email, Facebook, and instant messages.

Cryptographers have commented that the NSA could penetrate Facebook with ease due to the outdated Web encryption methods that the social media site has put into place.

Eran Tromer, an expert on coe-breaking hardware said, “Realistically, right now, breaking 1024-bit RSA should be considered well within reach by leading nations, and marginally safe against other players. This is unsatisfactory as the default security level of the Internet.”

The NSA has been estimated to spend at least $10 billion a year. Tromer projects that it would cost the institution only $1 million per device to “build dedicated hardware that can break 1024-bit RSA keys.”

Facebook’s new method will aim to minimize this vulnerability and make it very difficult for users’ information to be snooped on by an outside entity. Facebook currently uses encryption keys with 1024-bit length with HTTPS connection. The change will bring key lengths on SSL certificates to 2048 bits. The extended key length will make it more complicated for attackers to try to break the keys.

Google also currently uses 1024-bit keys, but employs the forward secrecy strategy, where a different key for each encrypted web session, instead of a master key. Still, the company plans to switch to 2048-bit keys by the year’s end.

The more secure 2048-bit method is used by Apple, Microsoft, Twitter, Dropbox and Myspace. When Facebook moves to 2048-bit keys combined with forward secrecy, it will be the hardest company for the NSA to crack.

Although several companies, including Facebook, Capital One, and Amazon U.K., have been under scrutiny for using weak encryption, no encryption is still the standard for regular web browsing.

With the public eye largely turned to data privacy and information security, it is paramount for all companies to strive to use the most recent and effective security practices. Find the right security pros to keep your company’s data, and reputation, safe with the help of Tiro Security, a leading provider of information security jobs Los Angeles.

Posted in