Documents leaked by former Hawaii-based U.S. intelligence analyst Edward Snowden indicate U.S. and British spy agencies have cracked encryption codes designed to provide online privacy and security.
Hundreds of millions of people use the codes to protect their personal data, online transactions and e-mail correspondence. But the files show the U.S. National Security Agency and Britain’s Government Communications Headquarters, or GCHQ – working together – have compromised Internet companies’ guarantees that their customers’ communications and personal records remain private.
The documents show the security agencies have collaborated with Internet companies to leave vulnerabilities – known as “backdoors” or “trapdoors” – in commercial encryption software. According to the classified material, sometimes the collaboration is voluntary, sometimes it is forced with court orders, and sometimes it involves the use of supercomputers and other technical measures, including NSA influence on international encryption standards or government requests for companies’ encryption keys.
The records show the NSA spends some $250 million a year on a program that works with the U.S. and foreign IT industries to “covertly influence” their product designs. The files also reveal the British security agency has worked on ways to enter the encrypted traffic streams of major service providers, such as Yahoo, Google, Facebook and Microsoft’s Hotmail.
The latest information comes from documents the British newspaper The Guardian received from Snowden and shared with The New York Times and non-profit news organization ProPublica.
The new revelations are already causing backlash among privacy advocates.The New York Times cites experts as saying the NSA campaign to weaken communications security may have “serious unintended consequences” and allow others to exploit the weaknesses as well.
U.S. government officials have argued that NSA surveillance efforts are only aimed at stopping terrorism. Many technology companies say they cooperate with the intelligence agencies only when legally necessary. For example, as The Guardian reported previously, Microsoft worked with the NSA to get around encryption on Outlook email, as well as chat services. But Microsoft said it only did so to comply with “lawful demands.”