Worse than PRISM: the NSA’s war against Internet encryption
The National Security Agency (NSA) has compromised encryption software needed to ensure the privacy of Americans’ day-to-day Internet activity, in part through a “breakthrough” in 2010 allowing for the mining of data through Internet cable taps, as well as secret backdoor access into commercial encryption programs, according to joint reports by The Guardian, ProPublica and the New York Times on Thursday.
The reports, based on thousands of documents provided by former NSA contractor Edward Snowden, prompted immediate criticism from privacy advocate groups like the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU).
“Backdoors make all of us less safe and make US companies less secure, which come at a great expense of the reliability of American companies — companies which have been at the forefront of the tech sector,” EFF policy analyst Mark M. Jaycox told The Raw Story via email on Thursday. “When programs are less safe, customers will leave.”
According to the reports, the program was highlighted in a 2010 memo by the NSA’s British counterpart, Government Communications Headquarters (GCHQ), praising its “aggressive, multipronged effort” since 2000, when the NSA regrouped after losing the fight to openly install “clipper chips” in regular computers.
“Cryptanalytic capabilities are now coming online,” the GCHQ memo stated. “Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
The documents leaked by Snowden also revealed that the NSA has devoted around $250 million per year to a program designed to “covertly influence” tech companies’ products, more than 20 times the budget alloted for the PRISM program that was the subject of numerous reports by the Guardian earlier in 2013.
“The encryption technologies that the NSA has exploited to enable its secret dragnet surveillance are the same technologies that protect our most sensitive information, including medical records, financial transactions, and commercial secrets,” ACLU technologist Christopher Soghoian said in a statement. “Even as the NSA demands more powers to invade our privacy in the name of cybersecurity, it is making the internet less secure and exposing us to criminal hacking, foreign espionage, and unlawful surveillance.”
ProPublica founding managing editors by Stephen Engelberg and Richard Tofel defended their decision to run the report in a separate column on Thursday, arguing that the information Snowden provided proves that the privacy expectations of thousands of regular Internet users are not being met.
“The potential for abuse of such extraordinary capabilities for surveillance, including for political purposes, is considerable,” Engelberg and Tofel wrote. “The government insists it has put in place checks and balances to limit misuses of this technology. But the question of whether they are effective is far from resolved and is an issue that can only be debated by the people and their elected representatives if the basic facts are revealed.”
[Image: “Hacker At Work” via Shutterstock]