U.S. spy chief criticizes journalists for publishing leaks about anti-encryption efforts
The Obama administration has responded to revelations on the NSA’s successes in defeating online security and privacy published on Thursday by the Guardian, New York Times and ProPublica.
In a statement issued on Friday, the office of the director of national intelligence (ODNI), which oversees the US’s intelligence agencies, suggested the stories, simultaneously published on the front pages of the New York Times and Guardian, were “not news”, but nonetheless provided a “road map … to our adversaries”.
At the core of the story, based on reporting from dozens of top-secret documents relating to encryption passed to the Guardian by NSA whistleblower Edward Snowden, were efforts by the NSA and its British counterpart GCHQ to place “backdoors” in online security, and to undermine internationals standards.
• A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made “vast amounts” of data collected through internet cable taps newly “exploitable”.
• The NSA spends $250m a year on a program which, among other goals, works with technology companies to “covertly influence” their product designs.
• The secrecy of their capabilities against encryption is closely guarded, with analysts warned: “Do not ask about or speculate on sources or methods.”
• The NSA describes strong decryption programs as the “price of admission for the US to maintain unrestricted access to and use of cyberspace”.
• A GCHQ team has been working to develop ways into encrypted traffic on the “big four” service providers, named as Hotmail, Google, Yahoo and Facebook.
However, the ODNI said it was not surprising that intelligence agencies would work to defeat encryption, and that disclosing any specifics would cause damage.
“It should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries’ use of encryption,” the statement begins. “Throughout history, nations have used encryption to protect their secrets, and today, terrorists, cybercriminals, human traffickers and others also use code to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.
“While the specifics of how our intelligence agencies carry out this cryptanalytic mission have been kept secret, the fact that NSA’s mission includes deciphering enciphered communications is not a secret, and is not news. Indeed, NSA’s public website states that its mission includes leading ‘the US government in cryptology … in order to gain a decision advantage for the Nation and our allies.’
“The stories published yesterday, however, reveal specific and classified details about how we conduct this critical intelligence activity. Anything that yesterday’s disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.”
Privacy groups, however, said the NSA’s activities were endangering privacy and putting both US internet users and businesses users at risk.
“Even as the NSA demands more powers to invade our privacy in the name of cybersecurity, it is making the internet less secure and exposing us to criminal hacking, foreign espionage, and unlawful surveillance,” said the ACLU’s principal technologist Christopher Soghoian.
“The NSA’s efforts to secretly defeat encryption are recklessly shortsighted and will further erode not only the United States’ reputation as a global champion of civil liberties and privacy but the economic competitiveness of its largest companies.”
A blogpost by Dan Auerbach and Eva Galperin of the Electronic Frontier Foundation dubbed the activities “frightening” and “an egregious violation of our privacy”.
Meanwhile, the New York Times’ public editor Margaret Sullivan praised the collaboration, calling the organisations’ reporting “an important story, published courageously”. In the same post, she quoted the Times’ executive editor Jill Abramson as noting “The Guardian at the beginning was highly concerned about working in a way that kept the material secure – we went to lengths to safeguard the material.”
Abramson said she had met with US officials who had asked her not to publish the story, but said the decision to publish alongside the Guardian was “not a particularly anguished one”.