Encryption services — promising privacy to email users — are regularly surveilled and cracked by both the NSA and the U.K.’s GHCQ spy agency.
The Guardian reported Thursday, based on top-secret documents leaked by NSA whistle-blower Edward Snowden, that the spy agencies “have successfully cracked much of the online encryption relied upon by hundreds of millions of people.”
Via the Guardian:
The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.
The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”.
Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.
Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.
A DoJ task force has publicly prepared legislation proposing to fines tech companies who would fail to comply in providing the government with surveillance capacities through built in backdoors. It was not known until these latest revelations, however, that spy agencies were regularly and often with the cooperation of encryption services gaining access to purportedly secure communications. A combination of subversion and coercion has meant the government has muted any promise of privacy through encryption services.
“The NSA spends $250m a year on a program which, among other goals, works with technology companies to ‘covertly influence’ their product designs,” the documents revealed, showing too that efforts in government cryptoanalysis had made some significant gains in cracking codes used to encrypt emails.