Dropbox, Google, SpiderOak and Sonic.net Score Five out of Five in Crypto Best Practices
San Francisco – The Electronic Frontier Foundation (EFF) today published a new infographic to illustrate how 18 service providers are encrypting communication. The chart supplements EFF’s popular “Who Has Your Back” series, which evaluates how companies respond to government requests for user information.
Over the last three weeks, EFF surveyed the companies on whether they are now employing or have concrete plans to employ a set of five best practices: Encryption of data center links, Hypertext Transfer Protocol Secure (HTTPS) support, HTTP Strict Transport Security (HSTS) support, forward secrecy and STARTTLS for email encryption.
Four of the companies surveyed-—Dropbox, Google, SpiderOak and Sonic.net—-are implementing all of the measures. In addition, six companies-—the aforementioned four, plus Twitter and Yahoo–are taking, or have committed to taking, the critical step of encrypting the connections for their data centers to protect against backdoor access like the NSA’s MUSCULAR program.
“In light of the National Security Agency’s unlawful surveillance programs, as well as other threats to network security, it is now more important than ever to deploy strong encryption throughout networks,” EFF Senior Staff Attorney Kurt Opsahl said. Like all EFF content, the infographic is available for publication at no cost under the Creative Commons-Attribution License.
I’ve been invited to workshop a draft paper at Fordham on Friday. The series is the Center for Information Law & Policy Faculty Workshop. If you are a friendly NY-area academic and want to come hear a discussion of the current draft of “Regulating Mass Surveillance as Pollution: Learning from Environmental Impact Notices” I gather you are welcome (it’s 12:30 – 2:30) if you RSVP to Joel Reidenberg or N. Cameron Russell. They’ll send you a copy of the paper, warts and all. (I’m not giving their email here so as not to get them sp-m.)
The paper is something of a departure for me, as it’s primarily about surveillance in public places, not online.