Latest Snowden Leak Reveals NSA War on Encryption, but It's Not Yet Dead

The Citizen's Guide to the Future
Sept. 5 2013 9:46 PM

Latest Snowden Leak Reveals NSA War on Encryption, but It's Not Yet Dead

170248179
Edward Snowden speaks during an interview in Hong Kong.

Photo by The Guardian via Getty Images

One of the only ways to shield against government surveillance is to use encryption tools to communicate securely. But the National Security Agency has made significant progress cracking popular encryption protocols in recent years, according to secret documents leaked by former NSA contractor Edward Snowden.

The New York Times, ProPublica, and the Guardian jointly reported Thursday that the NSA has been investing millions in its attempts to gain access to enciphered data sent over the Internet. According to the reports, the NSA made a significant breakthrough in 2010, enabling it to monitor “large amounts” of data flowing through the world's fiber-optic cables by cracking encryption. As suggested in previously leaked documents about the X-KEYSCORE Internet surveillance system, the NSA and its British counterpart GCHQ have in some cases gained access to data sent over virtual private networks, which are commonly used by businesses and privacy-conscious Internet users to encrypt browsing traffic and conceal IP addresses. And the agency has also worked to deliberately insert vulnerabilities into some international security standards, in an apparent attempt to undermine encryption to make it easier to break.

Advertisement

However, many crucial questions about the scope of the NSA’s decryption capabilities remain unanswered. The latest Snowden scoops adopt an alarmist tone, presenting what is essentially an apocalyptic vision of a world in which encryption has been rendered all but useless because of NSA supercomputers. But it seems clear from the reports that the NSA is still often forced to rely on vulnerabilities to hack into targets’ computers to bypass encryption. In some cases, in order to unscramble information, the agency also has to find ways to obtain the private “keys” used to decrypt it.*

The Guardian report says that the NSA has “capabilities” that can be used to crack Internet traffic encrypted using SSL, which shows up in the browser as HTTPS (unlike unencrypted HTTP). But it has long been known that ”capabilities” to get at SSL traffic exist, with governments and criminal hackers able to perform so-called “man-in-the-middle” attacks to covertly impersonate security certificates and secretly intercept data. Alternatively, the U.S. government may have coerced some companies into handing over their private SSL keys, or could even have obtained the keys through hacking. Either way, it seems highly unlikely that the NSA has worked out how to instantly decrypt SSL traffic indiscriminately and en masse as it is flowing across the cables that make up the Internet’s backbone. (If it had, there would be no need for the PRISM program, which involves the NSA using secret court orders to obtain data from Internet companies such as Google, Apple, and Yahoo.)

Undoubtedly, the NSA’s ceaseless aggressive efforts to crack encryption degrade the overarching security of the Internet’s infrastructure over time. But Snowden himself said in an interview in June that “encryption works” if implemented properly. PGP—used to strongly encrypt email and other data—is still likely to cause the NSA, GCHQ, and other spy agencies serious difficulties, and the same can be said about “off the record” instant messaging, and other peer-to-peer encrypted communications tools, such as Jitsi, Redphone, Silent Circle, and TextSecure. If the NSA can’t crack the encryption a target is using, it can certainly still use a spy Trojan to infiltrate a computer or smartphone and bypass the encryption. However, that the NSA is almost certainly forced in some cases to adopt hacking tactics to grab communications before they are encrypted illustrates that encryption per se is not fundamentally broken and can still help shield against dragnet government surveillance. At least, for now.

*Update, Sept. 6, 2013: This blog post originally stated that the NSA sometimes has to find private keys that were used to encrypt information. However, in public-key cryptography private keys are used to decrypt information that has already been encrypted.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Ryan Gallagher is a journalist who reports on surveillance, security, and civil liberties.

TODAY IN SLATE

Foreigners

More Than Scottish Pride

Scotland’s referendum isn’t about nationalism. It’s about a system that failed, and a new generation looking to take a chance on itself. 

What Charles Barkley Gets Wrong About Corporal Punishment and Black Culture

Why Greenland’s “Dark Snow” Should Worry You

If You’re Outraged by the NFL, Follow This Satirical Blowhard on Twitter

The Best Way to Organize Your Fridge

Politics

The GOP’s Focus on Fake Problems

Why candidates like Scott Walker are building campaigns on drug tests for the poor and voter ID laws.

Sports Nut

Giving Up on Goodell

How the NFL lost the trust of its most loyal reporters.

Is It Worth Paying Full Price for the iPhone 6 to Keep Your Unlimited Data Plan? We Crunch the Numbers.

Farewell! Emily Bazelon on What She Will Miss About Slate.

  News & Politics
Weigel
Sept. 16 2014 7:03 PM Kansas Secretary of State Loses Battle to Protect Senator From Tough Race
  Business
Moneybox
Sept. 16 2014 4:16 PM The iPhone 6 Marks a Fresh Chance for Wireless Carriers to Kill Your Unlimited Data
  Life
The Eye
Sept. 16 2014 12:20 PM These Outdoor Cat Shelters Have More Style Than the Average Home
  Double X
The XX Factor
Sept. 15 2014 3:31 PM My Year As an Abortion Doula
  Slate Plus
Slate Plus Video
Sept. 16 2014 2:06 PM A Farewell From Emily Bazelon The former senior editor talks about her very first Slate pitch and says goodbye to the magazine.
  Arts
Brow Beat
Sept. 16 2014 6:23 PM Bryan Cranston Reenacts Baseball’s Best Moments to Promote the Upcoming Postseason
  Technology
Future Tense
Sept. 16 2014 6:40 PM This iPhone 6 Feature Will Change Weather Forecasting
  Health & Science
Science
Sept. 16 2014 4:09 PM It’s All Connected What links creativity, conspiracy theories, and delusions? A phenomenon called apophenia.
  Sports
Sports Nut
Sept. 15 2014 9:05 PM Giving Up on Goodell How the NFL lost the trust of its most loyal reporters.