The NSA Can Spy On You With Or Without Encryption

The NSA Can Spy on You With or Without Encryption

The leaders controlling the US surveillance apparatus can't agree on encryption. FBI Director Comey has hysterically characterised it as a safe haven for evil-doers. A high-ranking Department of Justice official insisted that encryption could cause a child to die. Meanwhile, the National Security Agency's leaders are extremely chill about encryption — which is terrifying.

"Encryption is foundational to the future," NSA Director Adm. Mike Rogers said in a speech today. "So spending time arguing about 'hey, encryption is bad and we ought to do away with it' ... that's a waste of time to me," he continued.

That sounds nice and reasonable, right? Rogers isn't going on a rogue stand for privacy, though. He's maintaining a status quo. NSA Directors haven't really given a shit about encryption for a while. And while it's less annoying than Comey's fear-mongering, the NSA's relaxed attitude is worth treating with suspicion.

Rogers' remarks echo the sentiments of his predecessor, Michael Hayden, who supports end-to-end phone encryption. You may remember Hayden — he was in charge during the Snowden leaks. He's the guy who said "We kill people based on metadata."

As The Intercept pointed out, there's a reason NSA leaders aren't worried about encryption. They can operate an extensive surveillance program just fine without it!

Hayden has also spoken about how U.S. intelligence agencies have figured out how to get the information they need without weakening encryption — such as using metadata, which shows who is contacting whom. Another former NSA boss, Mike McConnell, has also spoken out against trying to install backdoors in encryption.

Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone's computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they have been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.

If Comey gets his way, our phones and computers will be less secure, because bad actors will figure out a way to exploit whatever flawed "good guys only" security holes are created for law enforcement. But this is a reminder that government officials who aren't fussed about encryption aren't necessarily privacy crusaders.

Some security bloggers have a dark interpretation of the NSA's attitude towards encryption. The theory: Maybe they don't care about a magical overhaul because they already know how to break commonly-used cryptography.

As the Freedom to Tinker blog at Princeton University's Center for Information Policy Freedom noted, the Snowden documents revealed that the NSA is heavily invested in breaking encryption:

NSA could afford such an investment. The 2013 "black budget" request, leaked as part of the Snowden cache, states that NSA has prioritised "investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic." It shows that the agency's budget is on the order of $US10 billion a year, with over $US1 billion dedicated to computer network exploitation, and several subprograms in the hundreds of millions a year.

When the man running the most notoriously over-reaching intelligence agency in this century says he thinks it's a waste of time to argue for a special government way to access private information, it's time to seriously consider the possibility that he already knows how to easily access that information.

[The Intercept]


Comments

    Firstly, what's documented and what's real are two different things. It's hard to believe anything that NSA says.

    Not to be naive, I firmly believe they're trying very hard to circumvent all forms of encryption.

    However, whether or not they've 'cracked the code' on what's out there, I suspect cryptography writers will (if not already) write much stronger/different forms of encryption.

    It'll become a more of less a game of catch up.

    Last edited 25/01/16 7:59 am

    Snowden has spoken in favor of encryption and said that encryption "works" (presumably against the NSA). Whether or not it can easily circumvent encryption, the NSA needs to at least appear as if it can to certain parties. The one thing the NSA probably has easier, better, more covert, and immediate access to is the data stored on the servers of all the providers (Google, Twitter, Facebook, Microsoft, etc).

    Persuade certain parties, sure, the U.S. government for ongoing funding.

    Unless they can thwart all forms of encryption, it'll have to do what it did to Juniper, possibly via rogue employees or by old school social engineering to create backdoors.

    Even more scarier, what happens when these backdoors are leaked to or discovered by the diabolical groups around the world?

    Edward Snowden showed the world the insides of NSA, lets hope their isn't a successor that'll unveil their tressure trove that they're (kind of) purporting to have.

Join the discussion!

Trending Stories Right Now