A
new survey from the Pew Internet Center shows that "86 percent of Americans were trying to scrub their digital footprints by doing a variety of things, like clearing browsing histories, deleting certain social media posts, using virtual networks to conceal their Internet Protocol addresses, and even, for a few, using encryption tools." That might help fend off hackers, but it won't keep the NSA out of your internet life. That's because the agency has figured out how to circumvent most encryption, meaning everything from global trade secrets to your medical records are an open book. That's the latest revelation from the Snowden documents, simultaneously published by
the New York Times,
the Guardian and
ProPublica. From the ProPublica story:
Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.
The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.
The N.S.A. hacked into target computers to snare messages before they were encrypted. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
Of course the NSA has been codebreaking and encryption breaking. That's what it does, though breaking the codes used by enemies is a slightly narrower scope that breaking the code of the entire internet universe. The scope of their efforts, and the cooperation of technology firms in creating special backdoors for the NSA and GCHQ, is previously unreported, confirmed news. The scope of what the NSA has done, in fact, confounded the Brits: "Referring to the NSA's efforts, a 2010 British document stated: 'Vast amounts of encrypted Internet data are now exploitable.' Another British memo said: 'Those not already briefed were gobsmacked!'" Indeed.
One major concern in this (beyond just about everybody's medical and bank records being an open book) is the vulnerabilities it creates across the internet. The backdoors created by the NSA could also be backdoors exploited by hackers. Additionally, the new reports show, the NSA has "has deliberately weakened the international encryption standards adopted by developers around the globe," meaning the NSA is deliberately trying to weaken global internet security to make its job easier. That has included a sort of bait-and-switch program with companies working on encryption tools. The agency "invites the makers of encryption technologies to present their products and services to the agency with the goal of improving American cybersecurity," but then "uses that same program to develop and 'leverage sensitive, cooperative relationships with specific industry partners' to insert vulnerabilities into Internet security products."
Welcome to a less secure internet, courtesy of the NSA. If the U.S. technology industry survives the NSA, it'll be a miracle.