Privacy pulverized: NSA, GCHQ can bypass online encryption, new Snowden leak reveals
The New York Times, the Guardian and ProPublica all reported on Thursday that newly released Snowden documents expose the great lengths that the National Security Agency and Britain’s Government Communications Headquarters, or GCHQ, have gone to in order to eavesdrop on encrypted Internet communications.
According to the latest Snowden leak, the NSA and its British counterpart have circumvented the encryption methods used to secure emails, chats and essentially most Internet traffic that was previously thought to be protected from prying eyes.
The price tag for such an endeavor, the Guardian reported, is around a quarter-of-a-billion dollars each year for just the US, and involves not just intricate code-breaking, but maintaining partnerships with the tech companies that provide seemingly secure online communication outlets.
“The files show that the National Security Agency and its UK
counterpart GCHQ have broadly compromised the guarantees that
Internet companies have given consumers to reassure them that
their communications, online banking and medical records would be
indecipherable to criminals or governments,” James Ball,
Julian Borger and Glenn Greenwald reported for the Guardian.
REVEALED: US and UK spy agencies defeat privacy and security on the internet http://t.co/SeboSzdzBr— Glenn Greenwald (@ggreenwald) September 5, 2013
Outside of the shadowy collaboration with Silicon Valley companies, the governments have also reportedly employed supercomputers capable of decrypting codes commonly used by the most popular online protocols, including HTTPS, voice-over-IP and Secure Sockets Layer (SSL).
"For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used Internet encryption technologies," a 2010 GCHQ document referenced by the Guardian reads. "Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable."
With regards to reaching that goal through private-sector cooperation, the Guardian reported that the NSA works with tech companies to “covertly influence” their products.
So significant is the leak, the Times and ProPublica reported, that intelligence officials asked that the documents not be published in fear that the disclosures would prompt surveillance targets, such as terrorist organization, to alter the way they communicate online.
In an editorial published alongside the scoop this week by
ProPublica, reporters Stephen Engelberg and Richard Tofel said
the outlet decided to go ahead with the story because “It
shows that the expectations of millions of Internet users
regarding the privacy of their electronic communications are
News of the agency’s vast code-breaking capabilities comes just weeks following the shuttering of no fewer than two Internet services that provided encrypted email for paying customers.
Last month, the founder of email provider Lavabit announced that he was shutting down his company because staying in business would likely force him “to become complicit in crimes against the American people.”
“Our government can order us to do things that are morally and ethically wrong, order us to spy on other Americans and then order us, using the threat of imprisonment, to keep it all secret,” Levison told RT.
The next day, competitor Silent Circle announced they’d be suspending their encrypted email service as well.
In the three months since Snowden fled the US and began leaking classified documents to the media, a number of international outlets have published revelations made possibly by the analysis of top-secret files. According to the Times, Snowden supplied reporters with 50,000 documents, and the Guardian’s Greenwald said at least dozens were, in his opinion, newsworthy.
The latest revelation comes days after the media began reporting on the leaked US intelligence “black budget” supplied by Snowden. In that document, US Director of National Intelligence James Clapper prefaced an executive summary by saying that America is “investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic.”
According to the secret funding request, the US Consolidated Cryptologic Program asked for $11 billion in fiscal year 2013 towards covert, code-breaking programs.