NSA Circumventing Much of the Internet's Encryption: Reports
The National Security Agency has found ways to break or work around much of the encryption that guards information on the Internet, according to published reports.The National Security Agency, the U.S. government organization tasked with gathering intelligence from adversaries' communications and protecting domestic communications, has the capability to peer into far more Internet communications than previously thought, according to a report published on Sept. 6 and based on documents leaked by former NSA contractor Edward Snowden. Using a variety of tactics—including coercing vendors to provide access to their products, compromising corporate network infrastructure, or hunting down and exploiting vulnerabilities—the secretive agency can access content that had previously been considered safely protected by encryption, a New York Times article stated. While the leaked memos do not indicate a break in any specific encryption technology, the various strategies, collectively known under the code name "Bullrun," have allowed the NSA to effectively circumvent much of the security protecting communications. Messages that could not be broken have been stored until the agency is able to decrypt them, the memos stated. "For the past decade, NSA has led an aggressive, multi-pronged effort to break widely used Internet encryption technologies," said a 2010 memo distributed among employees of England's Government Communications Headquarters (GCHQ), the British counterpart to the NSA, according to the New York Times. "Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable."
"The point here isn't whether we should worry about consumers or not; we should consider this from the 'citizens' point of view," he said. "The NSA can and will store everything we send on the internet, not only in clear text but also encrypted. ... If we are to give away a bit of our freedom, it'd better be for very, very good reason, and in a very well controlled way, to ensure no one can ever abuse this collection of information."