NSA cracks Web encryption using 'back doors,' files show
NSA cracks Web encryption using 'back doors,' files show
Michael Winter, USA TODAY 6:45 p.m. EDT September 5, 2013
http://www.usatoday.com/story/news/n...acked/2772721/
Snowden documents reveal spy agency campaign to compromise online privacy for national security.
http://www.gannett-cdn.com/-mm-/818c...rveillance.jpg
(Photo: Patrick Semansky, AP)
Story Highlights
- NSA also maintains control over international encryption standards
- Says it's the "price of admission for the U.S. to maintain unrestricted access to ... cyberspace"
- Affects the "big four" service providers %u2014 Google, Yahoo, Facebook and Microsoft's Hotmail
SHARECONNECT 118 TWEETCOMMENTEMAILMORE
U.S. and British intelligence agencies have cracked the encryption designed to provide online privacy and security, documents leaked by former intelligence analyst Edward Snowden show.
In a clandestine, decade-long effort to defeat digital scrambling, the National Security Agency, along with its British counterpart, the Government Communications Headquarters (GCHQ), have used supercomputers to crack encryption codes through "brute force" and have inserted secret "back doors" into software with the help of technology companies, The Guardian,The New York Times and ProPublica reported Thursday.
The NSA has also maintained control over international encryption standards.
As the Times points out, encryption "guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world."
The American Civil Liberties Union immediately called the NSA's efforts to defeat encryption "recklessly shortsighted'' and are making the internet less secure for all.
In a statement, the ACLU said the actions will "further erode not only the United States' reputation as a global champion of civil liberties and privacy but the economic competitiveness of its largest companies.''
"The encryption technologies that the NSA has exploited to enable its secret dragnet surveillance are the same technologies that protect our most sensitive information, including medical records, financial transactions, and commercial secrets," Christopher Soghoian, principal technologist of the ACLU's Speech, Privacy and Technology Project, said. "Even as the NSA demands more powers to invade our privacy in the name of cybersecurity, it is making the internet less secure and exposing us to criminal hacking, foreign espionage, and unlawful surveillance.''
The spy agencies have focused on compromising encryption found in Secure Sockets Layer (SSL), virtual private networks (VPNs) and 4G smartphones. The NSA spent $255 million this year on the program, which aims to "covertly influence" software designs and "insert vulnerabilities into commercial encryption systems" that would be known only the agency.
The documents leaked by Snowden, who has been granted temporary asylum in Russia, do not name specific companies or encryption technologies, and refer to customers and users as "adversaries."
The NSA calls its decryption efforts the "price of admission for the U.S. to maintain unrestricted access to and use of cyberspace."
A 2010 memo describing an NSA briefing to British agents about the secret hacking said, "For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies. Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable."
The GCHQ is working to penetrate encrypted traffic on what it called the "big four" service providers — Google, Yahoo, Facebook and Microsoft's Hotmail.
One document shows that by 2012, the British agency had developed "new access opportunities" into Google's systems.
"The risk is that when you build a back door into systems, you're not the only one to exploit it," said Matthew Green, a cryptography researcher at Johns Hopkins University. "Those back doors could work against U.S. communications, too."
The NSA says code-breaking is fundamental to its mission of protecting national security by deciphering communications from terrorists, spies or other U.S. adversaries.
During the 1990s, the agency fought unsuccessfully to have a secret government portal included in all encryption protocols.
Experts and critics say that while "back doors" may help intelligence gathering, they weaken the Web's overall security and trust, and could be used by others against U.S. communications.
"The risk is that when you build a back door into systems, you're not the only one to exploit it," Matthew . Green, a cryptography researcher at Johns Hopkins University, told the Times.
The Times and ProPublica said intelligence officials asked them not to publish the article, arguing that the revelations "might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read."
After removing "some specific facts," they chose to publish "because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others."
Long-shot bill forbidding NSA backdoors in encryption has renewed attention
Long-shot bill forbidding NSA backdoors in encryption has renewed attention
Introduced in July, the Surveillance State Repeal Act's provisions now seem more urgent.
by Megan Geuss - Sept 8 2013, 2:00pm EST
19
NSA leaks
View all… In the wake of revelations that the National Security Agency (NSA) has broken through many Internet privacy protections, Representative Rush D. Holt (D-NJ) has introduced legislation to prohibit the NSA from building backdoors into encryption mechanisms, according to TheNew York Times. While Rep. Holt actually introduced the legislation to the House in July under the name “Surveillance State Repeal Act,” recent news may bring this bill more attention.
Still, that's not saying much for its success. The bill mainly asks for the total repeal of both the Patriot Act and the FISA Amendments Act of 2008. Government transparency tool Govtrack.us currently estimates that the bill has a zero percent chance of getting through committee review and thus a zero percent chance of being enacted. (Govtrack.us notes that in 2011-2013, only 11 percent of bills made it past committee and only about three percent were enacted). Without any co-sponsors, the bill even has an uphill battle to see the light of day.
For now, Rep. Holt's legislation is going through the process at a time when doubt about the necessity of the NSA's spying techniques is palpably growing both in Congress and among businesses. A one-sheet summary of the bill, posted on July 24, 2013, specifically states that it would, “Prohibit the government from mandating that electronic device or software manufacturers build in so-called 'back doors' to allow the government to bypass encryption or other privacy technology built into said hardware and/or software.”
The bill would also increase the terms of the FISC judges from seven to 10 years, and it would “mandate that the FISC utilize technologically competent Special Masters (technical and legal experts) to help determine the veracity of government claims about privacy, minimization, and collection capabilities employed by the US government in FISA applications.”
On Friday afternoon, the Office of the Director of National Intelligence issued a statement about the leaks saying, “the fact that NSA’s mission includes deciphering enciphered communications is not a secret and is not news.” Still, the office cautioned that the recent revelations offered specific and classified details that give information “to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.”