The United States' National Security Agency has collaborated with technology companies and internet service providers to build the typically accepted standards of web security itself, and reportedly has the means to brute force encryption standards it itself had a hand in building.
New revelations from the Snowden cables reveal the NSA has cracked most encryption that was considered a safeguard for commerce and banking systems around the world, and the very same encryption that was supposed to protect sensitive data like medical records, as well as email, web searches, online chats, and phone calls - of Americans and others, globally.
Beginning in 2000, according to the New York Times, the NSA went about building supercomputers that were capable of breaking complex codes and encryption. Additionally, the secretive but bloated agency collaborated with US technology companies to build backdoors directly into their products and services.
These new revelations fly in the face of strings of denials from US internet companies after the initial Snowden leaks. Microsoft, Facebook, Apple and the gang were all adamant that there were no delibate backdoors built into software or hardware. Whether they were willing collaborators or had their hands forced in the name of "national security" is up in the air.
A 2010 GCHQ memo speaking of the NSA's work said: "For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies. Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable”.
$250 million a year is reportedly spent on a program which "covertly influences" technology company product designs, the Guardian reports, while the influence and capabilities of the agency against encryption is said to be closely guarded. Analysts were warned not to ask about, or speculate on, sources or methods.
The British spy agency, GCHQ, is itself largely bankrolled by the US taxpayer. It was earlier revealed that other English-language countries Canada, Australia, and New Zealand were allied with the USA's spying efforts - and although there was bluster from other European countries, protecting national business or security secrets was what had them irate. These latest leaks suggest even those were compromised, despite any international agreements.
The Guardian claims a GCHQ team has worked its way into encryptic traffic from top service providers - listed as Hotmail, Google, Yahoo, and Facebook.
The New York Times article is here while the Guardians' is here.
"Secure" email company Lavabit - which Edward Snowden is suspected of using to transmit information to Guardian journalists - shut itself down in light of the last round of leaks. Its CEO said if the public knew what he knew about email communications, they may be less likely to use it.
Likewise, popular law blog Groklaw decided to pull the plug, citing concerns about being able to properly provide anonymity where anonymity was necessary.
The latest revelations - that the United States and its allies are aggressively pursuing all online communications, including those that are encrypted - could be cited as a further reason for activists, the privacy minded, or civil liberties groups to withdraw from the internet, and there is a greater risk self censorship than ever before.
by A staff writer via TechEye - Latest Security headlines
Posts
No comments: