Can European Firms Trust AES Encryption?

Pablo Valerio, International Business & IT Consultant | 6/24/2013 | 29 comments

Pablo Valerio
The European Union is asking the United States about the scope of the recently exposed Prism cybersurveillance program and the collection of metadata on phone calls, emails, and other communications of foreigners, especially EU nationals. Yet perhaps the EU should be asking about another security concern.

The Advanced Encryption Standard (AES) is widely used to encrypt most forms of digital communications -- everything from banking data to email servers. The AES-256 encryption protocol in particular is about as strong as a data security tool gets, but is it really secure? Many people believe so, but AES is only truly secure if the user keeps sole access to the encryption keys. Therefore, it is becoming increasingly common to use zero-knowledge services, such as SpiderOak and Wuala. Those services give the organization full ownership over its data and promise that the service provider will have absolutely no visibility into it. The vendors say they cannot comply with subpoenas and court orders to decrypt data, since they never get access to the encryption keys. For obvious reasons, there is no password recovery.

But some people are concerned about the security of zero-knowledge services. Back in 2010, it was reported that the FBI had paid contractors to plant backdoors into the IPSec stack of the OpenBSD crypto framework. OpenBSD is a technology widely used for VPN and firewall installation in virtualized environments. If the FBI could do that, who knows what the NSA or any other organization could do? The NSA was the organization that gave the thumbs-up to AES in 2011, making it suitable for secure government communications.

Fear of government entities secretly intercepting sensitive data is a major reason some European organizations stay away from cloud services -- or at least from those provided by Amazon, Google, and Microsoft, which are based in the United States. The USA Patriot Act allows the US government to access any data it pleases if the data is considered essential to national security. Also, most of the Internet traffic worldwide travels through the US, making interception easy for government agencies there.

The European Parliament recently established that:

No data subject should be left unaware if sensitive data about them is exposed to a 3rd country's surveillance apparatus. The existing derogations must be dis-applied for Cloud because of the systemic risk of loss of data sovereignty. The EU should open new negotiations with the US for recognition of a human right to privacy which grants Europeans equal protections in US courts.

Also, the European Parliament wants to have half the EU public services running on cloud infrastructure solely under EU jurisdictional control by 2020.

Last month, well before the Prism scandal started, the United Nations Human Rights Council published a Report of the Special Rapporteur on the right to freedom of opinion and expression. Frank La Rue, the UN's special rapporteur, concluded that:

Individuals should have a legal right to be notified that they have been subjected to communications surveillance or that their communications data has been accessed by the State. Recognizing that advance or concurrent notification might jeopardize the effectiveness of the surveillance, individuals should nevertheless be notified once surveillance has been completed and have the possibility to seek redress in respect of the use of communications surveillance measures in their aftermath...
Individuals should be free to use whatever technology they choose to secure their communications. States should not interfere with the use of encryption technologies, nor compel the provision of encryption keys.

The report also calls mass surveillance a violation of basic human rights. It refers specifically to individual rights, but in my humble opinion, those rights should apply to corporations, too. Corporations must comply with court orders. It is important for CIOs to understand the ramifications of government surveillance and data-gathering programs, and they should take all necessary precautions when encrypting data and using cloud and virtualization services.

Maybe it's time to review these famous words uttered by US President John F. Kennedy on April 27, 1961:

The very word "secrecy" is repugnant in a free and open society, and we are as a people inherently and historically opposed to secret societies, to secret oaths and secret proceedings. We decided long ago that the dangers of excessive and unwarranted concealment of pertinent facts far outweighed the dangers which are cited to justify it. Even today, there is little value in opposing the threat of a closed society by imitating its arbitrary restrictions. Even today, there is little value in insuring the survival of our nation if our traditions do not survive with it.
View Comments: Newest First | Oldest First | Threaded View
Page 1 / 3   >   >>
Tuscany   Can European Firms Trust AES Encryption?   11/30/2013 2:33:58 PM
Re: Anyone else tracking the Edward Snowden Issue?

@Sara  Great point on Snowden, how ironic he ends up in a place that is diametrically opposed to the very things he was trying to blow the whistle on in the U.S.

Tuscany   Can European Firms Trust AES Encryption?   11/30/2013 2:29:46 PM
Internet Traffic Makes it Easy ( To Spy) ?

"...most of the Internet traffic worldwide travels through the US, making interception easy for government agencies there. "

Interesting, I never really thought about it, but it does make sense that with the majority of infrastructure here in the U.S. - worldwide traffic would most likely use U.S. based servers as well.   I would think this would make it easy to spy on most.

Don K   Can European Firms Trust AES Encryption?   6/27/2013 11:07:05 AM
Re: What's the alternative?
@Damian: Yes indeed, innovation is the key but it should come at the right time. 
eethtworkz   Can European Firms Trust AES Encryption?   6/26/2013 2:50:38 PM
Re: What's the alternative?
Hospice,

Lets just agree to disagree here.

If that was not the case would it have been so easy for any of the 5 Permanent members of the Security Council to do whatever they felt like?

That apart is the Current Power Setup representative of Changed nature of the World?

The Economy and power equations have come a long way since the Security Council was formed after World War 2.

 
eethtworkz   Can European Firms Trust AES Encryption?   6/26/2013 2:38:36 PM
Re: Anyone else tracking the Edward Snowden Issue?
Sara,

very relevant points regarding Edward Snowden's choices.

But lets be honest what Choice did he have?

Especially after seeing how the Obama Administration went after the Tea Party Supporters recently (via the IRS) any Genuinely freedom/Liberty Loving American will have no choice but to move overseas and then only criticize the US Government today.

Sorry if this sounds to be harsh but its true.

But then there is always Hope.

Now even Career Spooks say that PRISM is a stupid move and that NSA should'nt do the Data mining it does today.

Please see this article-

www.computerworld.com/s/article/9240346/Critics_question_effectiveness_of_NSA_data_collection

 

I particularly liked what Mike German(formerly from the FBI )had to say HERE

The mass collection of data from innocent people "won't tell you how guilty people act," German added. The problem with catching terrorism suspects has never been the inability to collect information, but to analyze the "oceans" of information collected, he said.

 

Can One hope for more sanity from the Administration now?

I genuinely hope so(but won't bet the Barn on it).


 
Pablo Valerio   Can European Firms Trust AES Encryption?   6/26/2013 9:52:44 AM
Pablo Valerio
Re: Anyone else tracking the Edward Snowden Issue?
@Sara, I have no sympathy of what Edward Snowden did, releasing secret documents. But, after seeing some of the documents online, I believe there is an ethical issue about keeping those court orders and surveillance schemes secret.

So far he has managed to engage the European Parliament and the EU commission asking the US to clarify the scope of those programs and basically demand that they stop mass surveillance of European nationals.

 


User Ranking: Blogger
Sara Peters   Can European Firms Trust AES Encryption?   6/26/2013 9:05:34 AM
Re: Anyone else tracking the Edward Snowden Issue?
@eethtworkz  I'm not entirely sure if I agree here.  "I also feel Snowden made the right decision to land up in China;He knows the Chinese are not going to be pushed/Bullied around by the Americans and especially on such a crucial issue." 

On one hand, yes, Snowden went to places that are unlikely to hand him back over to the US government.

On the other hand, he went to the countries that a) the US already has difficult relationships with, and b) are the sources of lots of cyber attacks on the US and elsewhere in the world. (And yes, the US is the source of lots of attacks itself.) So, he's only hurting his case. If the US ever gets its hands on Snowden, the fact that he fled, and fled to these particular countries, is going to make things extra hard on him.

Damian Romano   Can European Firms Trust AES Encryption?   6/26/2013 6:17:52 AM
Re: What's the alternative?
@Sohaibmasood - Oh, without a single doubt at all sir. Even in the smallest of situations innovation is key. 
sohaibmasood   Can European Firms Trust AES Encryption?   6/26/2013 5:28:53 AM
Re: What's the alternative?
Damian & David, I agree with both you. However, I would just like to add one more thing. Apart from using the tools that are available one must also try to innovate if possible. I can understand not every firm or individual can contribute to research & development of tools but atleast if you have the option you should give it a try. 
sohaibmasood   Can European Firms Trust AES Encryption?   6/26/2013 5:26:14 AM
Re: What's the alternative?
Yes, it does get played up a little now and then by the big guns but I wouldn't say it is completely useless. 
Page 1 / 3   >   >>


The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Pablo Valerio
Pablo Valerio   10/3/2013   35 comments
One of the factors keeping doctors from getting a complete picture of a patient's health condition is lack of patient cooperation. Patients are often advised by doctors to regularly record ...
Pablo Valerio   9/25/2013   21 comments
It's nearly impossible to do business anymore without access to huge amounts of data, whenever and wherever you want it. Yet cellular data roaming charges are pricey, WiFi spectrum is ...
Pablo Valerio   9/24/2013   20 comments
Aided by big-data and cloud computing, "personalized medicine" is enabling doctors and researchers to evaluate the potential of existing drugs in different individuals and make better ...
Pablo Valerio   8/28/2013   29 comments
A few weeks ago, Neelie Kroes, vice president of the European Union for the Digital Agenda, warned that American cloud companies could lose $35 billion because of the NSA spying scandal ...
Pablo Valerio   8/21/2013   39 comments
A new study by researchers from the MIT Sloan School of Management, the Hebrew University of Jerusalem, and NYU Stern School of Business shows that many people like or give positive ...
Latest Archived Broadcast
Ist Ihre Infrastruktur auch veraltet und nicht zukunftsfähig? Das Arbeiten in der Cloud wäre die Lösung, aber viele Firmen haben den Übergang zur Virtualisierung und die Cloud verpasst.
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
[email protected]
FRENCH ASSETS
GERMAN ASSETS
VIDEOS
WINDOWS CLIENT
WINDOWS SERVER
A Video Case Study – Translational Genomics Research Institute
e2 Europe Video


On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments


Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   11 comments


The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   6 comments


TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments


The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments


Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments


IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments


TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments


TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   6 comments


The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments


The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Sara Peters
Cloud SLAs a Mystery to Users

2|28|13   |   1:15   |   10 comments


A credit card may buy your users cloud services, but it doesn't buy them an understanding of SLAs and privacy compliance.
Sara Peters
Date Set for Next McKinnon Extradition Epic Fail

9|10|12   |   3:11   |   16 comments


The next episode in the 10-year saga of the "UFO hacker" extradition battle will happen Oct. 16.
E2 Interview
Can IT Help Fix the Global Economy?

6|8|12   |   02:32   |   2 comments


We ask CIO Steve Rubinow whether today's IT can help repair the global economy (and if IT played any role in the economy's collapse).
Ivan Schneider
The Infrastructure With the Dragon Tattoo

7|21|11   |   2:54   |   1 comment


Nasdaq OMX is being investigated by Swedish competition authorities as to whether it pressured Verizon to keep a competing exchange called Burgundy from collocating in the same datacenter as its biggest customers.