Thanks to the leaks revealed by Edward Snowden, there are
now documents showing how far the NSA is going to ensure that it has access to
encrypted data. The data collected still cannot be legally accessed and read
without a warrant, however, NSA rules permit that the agency is allowed to
store encrypted data while they are “trying to decrypt it or analyze its
technical features.”
While this is done under the purpose of trying to protect
the American people from terrorist actions in the NSA’s more than 50-year-long
efforts and specialization in code breaking, many worry that these back doors
and vulnerabilities being inserted into internet programs may be exploited by
others as well. “’The risk is that when you build a back door into systems,
you’re not the only one to exploit it,’ said Matthew D. Green, a cryptography
researcher at Johns Hopkins University. “Those back doors could work against
U.S. communications, too.’”
According to the Snowden leaks, the NSA spends more than
$250 million a year to work with IT industries to influence them to make their
technology “exploitable” and easier to eavesdrop on. This includes working with
the industries making encryption chips to insert back doors or exploit security
flaws or even access the data before it even gets encrypted. Microsoft, for
example, has provided access to the pre-encrypted data of their most popular
services, including Outlook emails, Skype chats and phone calls, and their
cloud storage server, Skydrive. The documents also show the NSA keeps an
internal database of encryption keys for specific commercial products to
automatically decode items obtained from such services.
The “war” on encryption privacy began around the mid 1990’s when
encryption technology caught with the public. The NSA has since fought various
legal battles over their levels of access to encrypted data. During the Clinton
years, for example, the Clinton Administration fought against various
encryption software by proposing a method that would allow the NSA the key to
decoding messages that used these services. Political opponents John Ashcroft,
John Kerry, and a few other tech and civil liberty notables argued against the
proposal on grounds that it would kill the fourth amendment and America’s
global technology age. The NSA instead decided to go through with their
encryption-breaking tactics covertly, additionally giving them the benefit of
having the public believe simple encryption would keep their details private.
Due to Snowden’s recent leaks, the various companies that
have come under scrutiny by the public for their involvement with the NSA’s
codebreaking. Google, Microsoft, Yahoo, and Facebook were just some services to
hand over their users information, either willingly or through legal coercion,
and have recently been seeking permission to divulge more details about what
the government has requested of them. The email encryption site, Lavabit has
even shut down, rather than comply with the NSA’s demands, the founder warning,
“I would strongly recommend against anyone trusting their private data to a
company with physical ties to the United States.”
Encryption, however, still remains an impediment to the NSA’s
data collection and analysis, if implemented correctly, Edward Snowden revealed.
“Strong crypto systems” can be relied on, but, he warns, the NSA may still
simply circumvent the encryption by targeting the computers before encryption
or after decryption and simply taking the information then.
Thanks for the post!
ReplyDeleteWhen it comes to this bit of Snowden-NSA news, I think the most fascinating to watch has been how tech communities have reacted to it. Many engineers are all up in arms, upset that their peers have become pawns for the violation of privacy. How will professional communities react to these leaks? Or will they just pass it by?