Subscribe to Breaking News emails

You have successfully subscribed to the Breaking News email.

Subscribe today to be the first to to know about breaking news and special reports.

MIT Project Takes Steps to 'PRISM'-Proof' the Internet

A person types on a keyboardNBC News

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

Raluca Popa, a researcher at MIT, is working on a way to make online services more secure: by allowing data to be encrypted on the user's computer, rather than on a distant server. But it's still far from a perfect security solution.

"Really, there's no trusting a server," Popa told MIT's Technology Review. What she means is that no matter how trustworthy a company or person may be, your security can't be guaranteed when they hold the means to decode your data.

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
A person types on a keyboardNBC News

And make no mistake, services "in the cloud" can see much of the data you send using their services: Gmail infamously offers advertisements based on the contents of the mail you're reading. Your data may be encrypted while you're not looking at it — but when you log in, it's Google's servers doing the decryption of your data, not your computer. It's this step Popa hopes to change.

A new Web development tool called Mylar moves that decryption step from the servers you're communicating with to the computer you're using. With Mylar, the server knows what encrypted data to send you, but doesn't know what that data actually is.

This way, companies can't be pressured to give up user data on demand, and even the NSA, snooping via PRISM or another program, would see nothing but encrypted gibberish passing between you and the server. They could, of course, tell when and where you're accessing data (the valuable "metadata") but the content would remain hidden — unless, of course, they've hacked your computer, too. But that's a whole other challenge.

One other caveat: Since the server doesn't keep a copy of the decryption key, if you forget your password, your data is gone — forever.

The idea has been around for years, but Mylar is meant to be easily integrated with today's Web apps — though it hasn't been used by any major service yet. Popa hopes ongoing trials at a Boston hospital will show the tool is worth adopting.

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
MORE FROM news

Have feedback?

How likely are you to recommend nbcnews.com to a friend or colleague?

0 = Very unlikely
10 = Very likely
Please select answer

Is your feedback about:

Please select answer

Thank you!

Your feedback has been sent out. Please enjoy more of our content.

We appreciate your help making nbcnews.com a better place.