Zscaler's Sutton said the blame for the extent of the surveillance should not be placed on the NSA, which is executing on its mission, but on lawmakers who approved a poorly implemented system of oversight.
"Blame for programs such as PRISM and MUSCULAR rests squarely with the politicians that have implemented a system riddled with loopholes and such loose oversight that the rules are meaningless,” he said in an email.
Stronger encryption protocols need to be adopted at every level on the Internet, said Pravin Kothari, founder & CEO, CipherCloud. Kothari told CRN via email that fallout from the Muscular project and Prism program have a cumulative effect on U.S. cloud providers as they attempt to bolster trust with customers globally.
"On the topic of SSL decryption, cryptographers have for years warned that 1024-bit SSL encryption, in use by much of the Internet, can be broken and have advocated moving to 3072-bits or higher, which currently is projected to be secure until at least 2030," Kothari told CRN via email.
Other technology providers that offer cloud-based services are making moves in an attempt to bolster trust and security in the wake of the NSA revelations. Two secure email providers that shut down their encrypted email services in the face of not being able to protect customers from government intrusion announced plans to collaborate on a new end-to-end encryption protocol and architecture.
"What we call 'Email 3.0.' is an urgent replacement for today's decades old email protocols ('1.0') and mail that is encrypted but still relies on vulnerable protocols leaking metadata ('2.0')," the two firms said today in an announcement of the Dark Mail Alliance partnership. "Our goal is to open source the protocol and architecture and help others implement this new technology to address the privacy concerns over surveillance and back door threats of any kind."
PUBLISHED OCT. 30, 2013