Recent revelations regarding the long-standing efforts of the National Security Agency to basically infiltrate even the most airtight encryption technologies has done nothing but reinforce the idea that our private digital data, no matter how theoretically “secure” it may appear to be, is never beyond the reach of the federal government.
As described in a plethora of top secret documents supplied by former NSA contractor and fugitive whistleblower Edward Snowden, the NSA has spent the better part of a decade (and billions of dollars) in an all-out war on encryption (a.k.a. “digital scrambling”), targeting popular data-protection technologies such as HTTPS, SSL and VPN, among others.
As these newly disclosed documents reveal, the NSA has been able to crack or circumvent a large part of the encryption technologies that protect sensitive online information such as medical records, proprietary trade secrets, banking systems, and e-commerce transactions. Various encryption technologies such as SSL and HTTPS are commonly used to protect private email accounts, Internet chats, Web searches, and online credit card purchases from prying eyes, but the NSA’s cryptanalysis efforts (utilizing elaborate supercomputers) have managed to bypass practically all of the major security protocols that exist today.
One recently revealed 2010 memo addressed to GCHQ (the British equivalent of the NSA) reads “For the past decade, N.S.A. has led an aggressive, multi-pronged effort to break widely used Internet encryption technologies.” This memo highlighted the accomplishments of a project codenamed “Bullrun”, a joint effort between the NSA and GCHQ.
Although the average lay-person may assume that these types of exploitation capabilities should be commonplace to the NSA, the opposite is actually true: Modern encryption technologies are highly complex, and many skeptics in the cryptanalysis community doubted that the NSA had already reached this level of sophistication. In a separate memo, British cryptanalysis experts working for GCHQ were reportedly surprised—the document reads “gobsmacked”—upon learning about the advances that the NSA had made in its penetration abilities.
As early as the year 2000, the NSA embarked on a multibillion-dollar clandestine initiative to standardize the practice of inserting a “back door” (i.e., a means by which to eavesdrop on data transmissions) into all encryption technologies.
This effort included attempts to collaborate with various technology companies in the US and overseas in order to build pre-made entry points into their product offerings. According to The Guardian, one of the most well-known examples of this is the recent revelation that Microsoft cooperated with government officials to grant access to pre-encrypted Skype calls, SkyDrive files and Outlook emails.
This carte blanche treatment was granted as part of a “top-secret NSA program known as Prism, in which other prominent Internet companies such as Yahoo, Facebook and Apple were also required to fork over sensitive data to intelligence officials. Many companies say that it wasn’t so much a “collaborative” effort with the NSA as it was a “coercion”, claiming that they were pressured into either building the back doors into their systems or handing over their master encryption keys to the government.
Interestingly enough, classified NSA documents have revealed that even when companies were not so willing to hand over their sensitive data, NSA agents would simply hack into their systems and steal their encryption keys.
Other business owners have had to take extreme measures in order to protect the privacy of their customers. Ladar Levison, owner of the popular encrypted email service Lavabit (which Edward Snowden used), opted to shut his entire business down on August 8th after refusing to acquiesce to the NSA’s demands to grant access to customer emails.
In an open letter to his clients, Levison wrote “I have been forced to make a difficult decision: To become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.”
Another prominent communications company, Silent Circle, recently had toshutter its encrypted email service due to security concerns.
In an interview with ZDNet’s David Gewirtz, Silent Circle CEO Michael Janke cited email metadata as being a major risk to customer privacy.
According to Janke, metadata such as message headers, ISP, operating system, the recipient’s email address, etc. are “all very dangerous bits of data to retain” when trying to keep your communications secure.
Recent intelligence budget documents reveal that the NSA shows no signs of slowing down its efforts to develop its decryption capabilities, citing the need to “defeat adversarial cryptography”.
Amid public outrage regarding the violation of basic civil liberties, the patent answer from the spy agency is that it is only using its powers for good in its fight against global terrorism. Many people, however, criticize this type of response as somewhat dismissive and aimed at appeasing the naive members of the populace.
Well-known actor and all-around activist Stephen Fry has recently joined in the efforts to end NSA spying, stating that “Privacy and freedom from intrusion are important for everyone. You can’t just scream 'terrorism’ and use it as an excuse for Orwellian snooping“.
Other critics contend that the NSA’s efforts to increase widespread surveillance in the name of anti-terrorism are actually counter-productive, citing the fact that if “back door” exploits are built into existing encryption systems, the NSA won’t be the only agency to attempt to use them. The NSA, on the other hand, sees these types of built-in exploits as essential, claiming that the need to be able to proficiently decrypt information will keep them on par with other intelligence superpowers such as China and Russia.
The U.S. government repeatedly requested for news agencies not to report on Project Bullrun, stating that it could cause enemies of the state to alter their communication methods, hindering US security efforts. Other concerns that have emerged include the risks to the financial well-being of the US technology products and services sector.
If products like encryption software or services like cloud computing are known to carry “back door” exploits that can easily render their security features ineffective, it could negatively impact technology sales as a whole.
Rob Enderle, a San Jose-based technology analyst, issued a scathing rebuke of the NSA’s policies, stating in an interview that “The National Security Agency will kill the U.S. technology industry singlehandedly.”
Staggering fact, recently discovered, is what Ninefold, Australian cloud services provider stated in their warning that even US companies abroad are subject toPatriot Act, law which allows US government to access their servers not located on US soil. They named Amazon Australia as an example of one such entity.
Having in mind that big US cloud companies have their offices/servers in bunch of foreign countries this should raise a lot of eyebrows an make us ask ourselves right questions.
Although there are strong voices on both sides of the fence, one thing is for certain: The NSA domestic spying scandal will no doubt change the landscape of technology and the Internet in the decades to come.
At this point, where we will all end up after the dust settles is anyone’s guess.