The NSA Has A Devastating Backdoor Around Lots Of Web Encryption

Business Insider

View photo

.
world Internet map

Facebook

The New York Times has published a report, drawing  on documents leaked by Edward Snowden, that reveals the National Security Agency is able to  circumvent the encryption, or digital scrambling, that guards the privacy of much of the traffic on the Internet.

The Times' report explains how, exactly, the agency has been able to obtain so much access to the world's web traffic.

From The Times:

Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.

So the world's largest spy agency is paying companies, coercing companies, stealing from companies, and/or altering the software of companies to get the access to Internet data.

In the words of  Bruce Schneier , an encryption expert and fellow at Harvard's Berkman Center for Internet and Society, the NSA is "doing it primarily by cheating, not by mathematics."

And the agency can only to this with the voluntary or involuntary cooperation of Internet companies.

That  $250-million-a-year  effort, called the  Sigint Enabling Project ,  “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable."

From The Guardian, which has published a parallel report:

"For the past decade,  NSA  has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies," stated a 2010  GCHQ  document. "Vast amounts of encrypted internet data which have up till now been discarded are now exploitable."

Ultimately, beyond the capabilities provided through the  a highly classified program, code-named Bullrun, is that the NSA and its British counterpart (i.e. GCHQ)  want even more access.

From the New York Times:

But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence.

One way to do this would be to  obtain the master keys  that companies use for Web encryption.  It is unclear how far the U.S. and U.K. spy agencies have come to realizing that goal.

According to Schneier, there are still ways to remain secure against NSA surveillance.



More From Business Insider
View Comments (6)