New information about the NSA’s ongoing digital monitoring of Americans has been revealed this week including information that the agency has been working with tech companies to build “back doors” into their encryptionmethods. These serve as access points to a person’s email, banking information, medical records or other private data they have online.
The NSA has taken great pains to protect the secrecy of this encryption-decoding program, internally referred to as “Bullrun.” Ultra-fast super computers are used to break codes, but the NSA is also working directly with companies to build in easy access points through their existing encryption.
According to a slide for the Government Communications Headquarters, or GCHQ, in the UK, the NSA has been at this game for many years. Former contractor Edward Snowden leaked these slides to The Guardian.
“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” explains the slide which was created in 2010. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
In another memo made available to the New York Times, a British analyst said of the program: “those not already briefed were gobsmacked!”
The NSA has been working with individual tech companies to build backdoors into their encryption services, though it’s not yet clear which companies have been confronted. As news of Prism emerged, all companies listed as being involved in the memos insisted that the government did not have “direct access” to user information and, furthermore, any information they did receive was only handed over in full accordance with the law.
It was later discovered that Microsoft had been working with the NSA through the Prism program to provide the government agency with a way around their own encryption services to better access user data. Though not specifically called out in these new programs, the Redmond company has likely been in contact with the NSA’s Bullrun program as well.
Britain’s GCHQ has specifically listed Facebook, Google, Hotmail (owned by Microsoft) and Yahoo as companies which have been working to allow backdoors through their encryption services. The NSA has spent significantly more cash in maintaining this operation as well, trumping Prism’s $20 million a year budget at $254.9 million.
The documents and memos obtained by The Guardian reveal that the NSA hopes to gain access to “data flowing through a hub for a major communications provider” as well as to a “major internet peer-to-peer voice and text communications system” by the end of 2013.
A number of industry insiders suspect that the NSA has been working for many years on influencing the way encryption services are built. In fact, the agency publicly tried to build in government access to all encryption services in the 1990s, but was shot down.
The Guardian, New York Times and ProPublica released this information yesterday, though not without some pushback from intelligence officials. Elements of these programs are, of course, considered top secret, and officials worried that the information contained in them could threaten public safety.
The Guardian says that although they took out some specifics from the report, they published as much as they could due to the “value of a public debate about government actions.”