NSA Has Secretly Been Hacking, Cracking, And Circumventing Encryption For Years
If you're using encryption with an American company, you might as well forget about any actual privacy.
Newly disclosed documents from leaker-on-the-run Edward Snowden reveal that the National Security Agency has been fighting a secret war on encryption…and winning.
We wrote about secure email options a while ago, most of which rely on methods like PGP and GnuPG to keep your communications private. Some of those services, namely the ones based in countries with a less intrusive government, like Switzerland, are still fine to use, but our daily internet lives are also encrypted in ways we don’t even realize. If you’ve seen that little padlock icon in your web browser’s address bar, you’re using an encryption service. (This comes up for online shopping and banking, among lots of other uses.) Or if you use a popular email service like Gmail, Hotmail, or Outlook–those are automatically encrypted too.
Except, these new documents show that the NSA has, since the mid-’90s, been studiously and aggressively hacking, coercing, and forcing their way into every encryption standard they can find. Sometimes they’ll serve as the “editor” of an encryption standard and write themselves a back door, so they can access the communications that use that standard whenever they want. Sometimes they bully, through legal or questionably legal means, American technology companies to either build them a back door or simply hand over the decryption keys.
In the mid-’90s, under President Bill Clinton, the NSA proposed a system called the “Clipper Chip” that would provide a back door to the then-new PGP encryption. The proposal was discussed publicly and rejected roundly, but the NSA appears to have simply embarked on the (wildly expensive, as well) project without telling anyone.
The project, according to the New York Times, is called “Bullrun,” and is so secret that this insane, spy-movie quote was necessary: “Unlike some classified information that can be parceled out on a strict ‘need to know’ basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.'””
For more on this alarming development, head on over to the New York Times.