Tech giants turn to encryption to deter NSA

WASHINGTON – Google, Facebook and Yahoo are fighting back against the National Security Agency by using harder-to-crack code to shield their networks and online customer data from unauthorized U.S. spying.

The companies, burned by disclosures they've cooperated with U.S. surveillance programs, are protecting user e-mail and social-media posts with strengthened encryption that the U.S. government says won't be easily broken until 2030.

While the NSA may find ways around the barriers, the companies say they have to assure users their online connections are secure and data can't be grabbed when transmitted over fiber-optic networks or digitally stored.

Microsoft is convinced it must "invest in protecting customers' information from a wide range of threats, which if the allegations are true, include governments," said Matt Thomlinson, general manager of trustworthy computing.

Internet companies including Google, Yahoo, Facebook, Microsoft and Apple are trying to distance themselves from news reports that they gave the agency data on electronic communications of Americans and foreigners or have lax security.

While the companies are trying to prevent the NSA from gaining unauthorized access to their data, they say they comply with legal court orders compelling them to provide the government information.

The NSA has tapped fiber-optic cables abroad to siphon off data from Google and Yahoo, circumvented or cracked encryption, and covertly introduced weaknesses and back doors into coding, according to reports in the Washington Post, the New York Times and Britain's Guardian newspaper based on documents leaked by former NSA contractor Edward Snowden.

Companies are fighting back primarily by using increasingly complex encryption, which scrambles data using a mathematical formula that can be decoded only with a special digital key. Google has accelerated efforts to encrypt information flowing between its data centers, doubled the length of its digital keys and implemented measures to detect fraudulent certificates for verifying the authenticity of websites, the company said.

NSA spy programs have "the great potential for doing serious damage to the competitiveness" of U.S. companies, Richard Salgado, Google's director of law enforcement and information security, told a Senate subcommittee last week.

Yahoo will make encrypted connections standard by January for all its Mail users with 2048-bit digital keys, Sarah Meron, a spokeswoman for the Sunnyvale, California-based company, said in an e-mail.

Facebook is accelerating a tactic known as "perfect forward secrecy" that prevents the NSA from deciphering the communications of users if it obtains a security code, spokeswoman Jodi Seth said.