We are still learning the secrets discovered by Edward Snowden. Among the most recent revelations is that “US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails.”
The Guardian reports the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees of internet privacy. The agencies “have adopted a battery of methods in their systematic and ongoing assault on… ‘the use of ubiquitous encryption across the internet.’
Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with ‘brute force,’ and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.”
The agencies insist they need to quarter-billion dollar program to defeat encryption because it “is vital to their core missions of counter-terrorism and foreign intelligence gathering.”
But the anti-encryption program puts all users at risk, not just suspected terrorists. The Guardian reports, the NSA & GCHQ have worked with software companies to insert vulnerable points or “backdoors” into commercial encryption software. Christopher Soghoian, principal technologist and senior policy analyst at the American Civil Liberties Union said, “Backdoors are fundamentally in conflict with good security. Backdoors expose all users of a backdoored system, not just intelligence agency targets, to heightened risk of data compromise. This is because the insertion of backdoors in a software product, particularly those that can be used to obtain unencrypted user communications or data, significantly increases the difficulty of designing a secure product.”
For those who value their privacy, security is almost synonymous with encryption. The executives at Google are extremely concerned with this program. The Washington Post reports, “Google’s encryption initiative… was accelerated in June as the tech giant struggled to guard its reputation as a reliable steward of user information.” Google began encrypting its Gmail service in 2010, and also encrypts search results for most users. Eric Grosse, vice president for security engineering at Google says Google resists government surveillance and has never weakened its encryption systems to make snooping easier.
Soghoian added, “If the NSA wants to get into your system, they are going to get in… Most of the people in my community are realistic about that. This is all about making dragnet surveillance impossible.”