Another leak from Edward Snowden alleges that the NSA is able to break the basic encryption many companies use to keep information 'safe' on the internet. With this information, on Sept. 6 BBC is reporting that the NSA has been at this activity since 2000.
ARS Technica details just what methods the NSA and the UK's equivalent, the Government Communications Headquarters, are using. They first note that there are companies who voluntarily offer this information over to the NSA. Companies can offer the agencies a backdoor to all their information and they will be compensated for it. They mention specifically that at least one telecommunications company—between AT&T or Verizon—has done this.
If companies don't fall into the voluntary category, the government agencies can either force the information out of them under legal duress or they can simply hack the information through their direct access to undersea fiber optic cables. The site mentions that Apple, Facebook, Microsoft and Google have been forced to hand over information, as some companies have already illustrated by publishing transparency reports. Though the report also notes that it's likely the companies have been gag ordered to not speak about the who, what ,when, where and why about the requested information.
The intelligence agencies are also working to make encryption standard weaker, so that hacking can becoming easier for them .As noted by ARS, "...the NSA has been lobbying agencies like the US National Institute of Standards and Technology, which previously approved intentionally weaker cryptographic standards with a known backdoor in them."
The Office of the Director of National Intelligence explained to VentureBeat that people shouldn’t find this information new. A statement begins, "It should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries’ use of encryption."
However, the methods used to obtain this information, if it really is just for adversaries, aren't really on the up and up. For VentureBeat, Meghan Kelly writes, "That disrupts trust in the security industry — and trust is the backbone of the security industry.” Her point is echoed in several other blog posts that note that the backdoors created by the NSA make it easier for the information to be accessed by hackers with malicious intentions.
The Guardian's Bruce Schneier is angry. He isn’t just angry about what the NSA is doing to our privacy and the integrity of the internet. He’s angry about what precedent this sets for the rest of the world, where there hasn’t always been even the hint of internet freedom.
“The NSA's actions are legitimizing the internet abuses by China, Russia, Iran and others.”
In response to the actions of the NSA and UK’s GCHQ, Schneier has issued a call to action. He wants contractors to share their stories about the NSA and for engineers to take back the internet.
“We need to figure out new means of internet governance, ones that makes it harder for powerful tech countries to monitor everything. For example, we need to demand transparency, oversight, and accountability from our governments and corporations.”
Do you think these intelligence agencies have really only been using these techniques against adversaries? Does it matter? Is this too great an invasion of privacy and a risk to our security to be allowed?