Bad news, America. All that effort you and your favorite companies have put into encrypting data was for nothing. After spending billions on research and supercomputers, the NSA can now get around almost any type of encryption according to documents leaked by Edward Snowden. Nothing is safe.
Against the government's wishes, The New York Times, The Guardian and ProPublica just published complementary corroborating, unsettling exposées into the NSA's top secret encryption techniques. The investigation also found that the agency spends hundreds of millions of dollars every year building backdoors into all kinds of software. Meanwhile, the bulk of the NSA's efforts go towards breaking through the most widely used encryption methods like Secure Sockets Layer (SSL), virtual private networks (VPNs) and smartphone encryption services. In effect, the agency can do whatever it wants.
The encryption cracking happens in a couple of different ways. According to the leaked memos, the NSA ideally finds away around the encryption by grabbing text before it's encrypted or after it's decrypted. Meanwhile, the agency is trying constantly trying to covertly influence international encryption standards and is pouring resources into new code-breaking techniques and will more or less do anything to gain access to the information it's seeking. "The intelligence community has worried about 'going dark' forever, but today they are conducting instant, total invasion of privacy with limited effort," Paul Kocher, a cryptographer that helped create the SSL system, told The Times. "This is the golden age of spying."
Most of the encryption-thwarting techniques fall under the umbrella of a highly classified and well funded program codenamed Bullrun. Since 2000, when the agency's fight against encryption on line started, the NSA has spent billions of dollars to make sure it has access to whatever information it wants, regardless of how it's encrypted. Each year, it spends $250 million alone on collaborating with U.S. companies and building backdoors. Prism, by contrast, operates on $20 million a year.
While especially unnerving in the context of the recent leaks, the NSA's desire to foil encryption techniques is hardly new. Since the 1970s the agency has been pushing back against the increasingly complex methods of encryption that bubbled up from the academy. But as the internet grew and encryption improved, the NSA has done everything from trying to institute an industry standard of encryption to blocking academic papers about encryption. As cybersecurity expert Bruce Schneier told The Guardian, all of this seriously undermines the basic principles of information exchange. "Cryptography forms the basis for trust online," said Schneier. "By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet.
In a way, we should've seen this bombshell coming. About a month ago, we learned that the NSA was bugging major internet companies to make master encryption keys so that they could avoid the hassle of decryption. But even then it was hard to believe that the program would go this far. Now, there's unfortunately not much you can do if you want to secure your data online. That is, not unless you have access to the increasingly accessible quantum encryption methods. Writing things on paper also works. [NYT, Guardian, ProPublica]
Pro-tip: If all this news concerns you, read Bruce Schneier's latest column, "How to remain secure against NSA surveillance."