NSA Teamed with U.K. and Tech Companies to Override Global Internet Privacy

Saturday, September 07, 2013
(AP graphic)

Virtually nothing is secret on the Internet regardless of the encryption used to protect the contents of emails, online banking, medical records and other personal information, not when government intelligence agencies are able, as it has now be revealed, to decipher virtually any kind of data moving across online networks.


The most recent news about the National Security Agency (NSA) finds that American analysts teamed up with British counterparts to crack much of the online encryption that’s supposed to shield the privacy of personal data, banking transactions and emails of hundreds of millions of Internet users.


Classified documents provided by whistleblower Edward Snowden to The Guardian, which shared them with The New York Times and ProPublica, revealed the NSA and GCHQ, Britain’s spy agency, have used supercomputers, “technical trickery,” court orders and other methods to undermine the privacy of everyday communications on the Web.


The NSA also worked with a number of technology companies—both in the U.S. and around the world—to build stealth-like “back door” entry points into their online product for NSA access. Some of these companies were coerced by the government into creating that back door, or surrendering their master encryption keys, according to the documents.


In fact, the NSA has been able for at least three years to read encrypted Internet information, following a breakthrough in 2010 that unlocked “vast amounts” of online data. The highly classified program, code-named Bullrun, is only accessible to a limited group of analysts working under the direction of Five Eyes, the umbrella name of the secret government surveillance agencies operating for the U.S., Britain, Australia, New Zealand and Canada.


“For the past decade, NSA has led an aggressive, multi-pronged effort to break widely used Internet encryption technologies,” stated a 2010 GCHQ document, according to The New York Times. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”


The Guardian added that the NSA spends a quarter of a billion dollars annually on a program that “covertly” influences the product designs of technology companies to make them accessible to government snooping.


One intelligence document indicated that the NSA’s massive and unprecedented global surveillance operation continues to be very active. The document quotes director of national intelligence James R. Clapper, Jr. as saying, “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic.” The passage appears in his budget request for the current year.


News of the encryption breaking alarmed some experts who accused the agencies of going too far.


“Cryptography forms the basis for trust online,” Bruce Schneier, an encryption specialist and fellow at Harvard’s Berkman Center for Internet and Society, told The Guardian. “By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet.”


“Today they are conducting instant, total invasion of privacy with limited effort,” Paul Kocher, a leading cryptographer, told the New York Times. “This is the golden age of spying.”


Observers also noted that the actions of the NSA to facilitate its own covert invasion of global Internet traffic will have the consequence of damaging the U.S.’s own security.


“The risk is that when you build a back door into systems, you’re not the only one to exploit it,” Matthew D. Green, a cryptography researcher at Johns Hopkins University, told the Times. “Those back doors could work against U.S. communications, too.”


While major tech companies have succumbed to what some describe as government “bullying,” several firms chose to dissolve their operations rather than comply with NSA demands for access to customer data.


Ladar Levison, the founder of encryption company Lavabit—one of the outfits that decided to close its doors—wrote in a public letter to his customers, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”

-Danny Biederman, Noel Brinkerhoff


To Learn More:

Revealed: How US and UK spy Agencies Defeat Internet Privacy and Security (by James Ball, Julian Borger and Glenn Greenwald, The Guardian)

N.S.A. Able to Foil Basic Safeguards of Privacy on Web (by Nicole Perlroth, Jeff Larson and Scott Shane, New York Times)

U.S. Government Employs 35,000 to Break and Decrypt Codes (by Noel Brinkerhoff, AllGov)   

NSA and FBI Secretly Mining Data from Internet Service Providers (by Noel Brinkerhoff, AllGov)        


Leave a comment