The notion that encryption offered us all a blanket of privacy has been rudely ripped away. The latest Edward Snowden revelations indicate that a US$250m a year programme involving the NSA and GCHQ works with tech companies to insert weaknesses into encryption products so they can be unravelled whenever an individual falls afoul of the authorities.
Both the New York Times and The Guardian were given top secret files by Edward Snowden that claim hundreds of millions of people’s medical records, email, online transactions and more can be deciphered by security agencies.
According to Snowden, who is now holed up in Russia, this ability by security agencies to unscramble private encrypted communications, to access bank accounts and listen in on internet chats, is one of the US intelligence world’s most closely guarded secrets and could be one of the most explosive revelations yet since the former NSA contractor went rogue.
Using a variety of methods from influencing the setting of international security and encryption standards to using brute force via supercomputers, the documents show that encryption as we know it could really be just an illusion.
More damagingly, the documents allege that covert partnerships exist between ISPs and software companies and that secret vulnerabilities have been inserted into commercial encryption software with these companies’ collusion.
It is understood that the NSA spends US$250m a year on deciphering encryption technologies to give the US “unrestricted access to and use of cyberspace.”
Among Snowden’s other revelations was the existence PRISM, a system used by the NSA to access the servers of major internet giants like Facebook, Google, Microsoft and Apple to monitor internet traffic in and out of the US, and Tempora, a programme run by the UK’s GCHQ to spy on vast streams of data flowing through fibre optic networks.
If these revelations are true, that encryption as we know it is just a masquerade, then the internet as we know it stands upon feet of clay.
Security image via Shutterstock