NSA spying will ultimately benefit us all

Most of us would agree that the NSA has spread its nets too far and cut deeply into our personal privacy. Ultimately, and perhaps ironically, I am hopeful this transgression will leave us with better protection for our personal communication than ever before.

I predict that more and more communications service providers will provide strongly encrypted communications by default. They’ll also do so in such a way that outside, unauthorized parties (the NSA, law enforcement, and so on) will not be able to get the plaintext access to data they currently enjoy — at least not as easily as they do today.

Let me be clear: I’m speaking about my own beliefs about what will happen without a single shred of insider knowledge or intimation of a single company’s intent. No one has shared their plans or with me. You know as much as I know.

But the world is going cloud in a big way. More and more of our data and communication is going to end up in the cloud via one avenue or another. There are economies of scale that simply can’t be achieved any other way. The cloud movement can’t continue if customers constantly worry about how easily third parties can access their data.

How might cloud providers protect customer data? For example, a public cloud provider might turn on default encryption in such a way that no one except the customer has access to the private keys. The data might be stored in a public cloud but appear as gobbledygook to anyone but the client. The NSA or other law enforcement agents would have no incentive to ask for the data, warranted or unwarranted (in the legal sense) because all they’d get is encrypted data. Several of these services already exist, and it’s my strong personal belief that this model will become the norm.

I think the end result of the NSA being caught with so many prying eyes is that the public world is going to become, well, less public. What used to be commonplace (unencrypted datastreams) will become rarer and rarer as the reminder of this decade. InfoWorld’s Galen Gruman even shared with me that W3C was reworking the HTTP protocol to require encryption for v2 compatibility — and that’s a good thing.

Of course, law enforcement will still be able to compromise people’s privacy — grabbing data off the Internet isn’t the only way to capture people’s private messages. The NSA and other law enforcement agencies are quite adept at breaking directly into people’s computers or performing other hacks to get what they want. But it won’t be nearly as easy.

My best guess is that the era of easy digital spying is coming to an end. Most people don’t want it. No private company wants it. Cloud providers don’t want it. In the computer security world I’m known as a curmudgeon, but here, I see hope.