While many encryption protocols have been broken—or worked around—by the National Security Agency and other intelligence organizations, Internet users hoping to keep their information and communications private should not be entirely disheartened, according to a presentation Dec. 29 at the Chaos Communications Congress hacking convention.
Based on the information from the archive of leaked Snowden documents, the presentation identified the communications technologies, such as Skype, that the NSA routinely monitors and from which it collects data. Yet other technologies—such as the onion routing protocol used by the TOR network and the Zimmerman Real-Time Protocol (ZRTP) used to encrypt communications by voice over IP service providers, such as Silent Circle—have hobbled the agency’s data collection plans, according to documents allegedly leaked by former NSA contractor Edward Snowden and cited by the two presenters, privacy activist Jacob Appelbaum and documentarian Laura Poitras.
“There have … been some victories for privacy, with certain encryption systems proving to be so robust they have been tried and true standards for more than 20 years,” they stated in an article published in Der Spiegel with other co-authors and based on the same research.
A variety of technologies that security professionals thought were secure have actually been either broken by the NSA or pose only minor hurdles for the company. By attacking the routers used to create VPNs based on the IP Security (IPSEC) protocol, the NSA is able to tap into VPN connections, the presenters and their co-authors stated in the Der Spiegel article. In addition, the agency has little problem accessing communications that are encrypted using the secure HTTP (HTTPS) protocol, the basis for much of the purportedly secure communications on the Web, according to Snowden documents cited in the article.
“The NSA and its allies routinely intercept such connections—by the millions,” the Der Spiegel article stated. “According to an NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012.”
The documents date back to 2012 but are thought to be an accurate representation of the NSA’s current capabilities.
Many people do not use encryption because “they think the intelligence agency experts are already so many steps ahead of them that they can crack any encryption program,” according to the Der Spiegel article. “This isn’t true. As one document from the Snowden archive shows, the NSA had been unsuccessful in attempts to decrypt several communications protocols, at least as of 2012.”