The New York Times has
published a report, drawing
on documents leaked by Edward Snowden,that reveals the National Security Agency is able to
circumvent the encryption, or digital scrambling, that guards the privacy of much of the traffic on the Internet.
The most alarming part is that they want it all.
The Times’ report explains how, exactly, the agency has been able to obtain so much access to the world’s web traffic.
From The Times:
Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.
So the world’s largest spy agency is paying companies, coercing companies, stealing from companies, and/or altering the software of companies to get the access to Internet data.
In the words of Bruce Schneier, an encryption expert and fellow at Harvard’s Berkman Center for Internet and Society, the NSA is “doing it primarily by cheating, not by mathematics.”
And the agency can only to this with the voluntary or involuntary cooperation of Internet companies.
That $250-million-a-year effort, called the Sigint Enabling Project, “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.”
From The Guardian, which has published a parallel report:
“For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies,” stated a 2010 GCHQ document. “Vast amounts of encrypted internet data which have up till now been discarded are now exploitable.”
Ultimately, beyond the capabilities provided through the a highly classified program, code-named Bullrun, is that the NSA and its British counterpart (i.e. GCHQ) want even more access.
From the New York Times (emphasis ours):
But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fibre optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence.
One way to do this would be to obtain the master keys that companies use for Web encryption. It is unclear how far the U.S. and U.K. spy agencies have come to realising that goal.
According to Schneier, there are still ways to remain secure against NSA surveillance.
Business Insider Emails & Alerts
Site highlights each day to your inbox.