A new report by the Electronic Frontier Foundation (EFF), a consumer advocacy group that emphasizes data privacy, shows which Internet companies are doing the most to boost encryption of their data.
Dropbox, Google, SpiderOak and Sonic.net were all commended for implementing all five of EFF’s best practices for encryption. The EFF also commended Yahoo and Twitter for measures they have taken to increase encryption and protect user data.
After the former NSA contractor Edward Snowden revealed surveillance programs like MUSCULAR and PRISM, the EFF has asked Internet companies to implement strong encryption on every step of the companies’ communication with users.
The five best practices include encrypting data center links and encrypting websites with Hypertext Transfer Protocol Secure (HTTPS) by default, which automatically encrypts a communications between a user’s computer and the website.
The EFF also encouraged companies to enable HTTP Strict Transport Security (HSTS) to ensure secure communications, and asked email providers to implement STARTTLS for email transfer to encrypt messages using the standard email protocol.
Finally, the EFF asked companies to use forward secrecy for their encryption keys, which protects encrypted communications even if the keys are compromised.
“By adopting these practices, described below, these service providers have taken a critical step towards protecting their users from warrantless seizure of their information off of fiber-optic cables,” EFF wrote on its website, referring to the NSA’s MUSCULAR program, which tapped into the fiber-optic lines of companies like Google and Yahoo. “By enabling encryption across their networks, service providers can make backdoor surveillance more challenging, requiring the government to go to courts and use legal process.”
What do you think about the Electronic Frontier Foundation’s encryption report? Let us know in the comments.