In the midst of the revelations about the NSA’s sweeping surveillance program, many people held out hope that the news reports simply weren’t true — they are — while others clung to the idea that they could somehow protect themselves. If the US government has its way, pretty soon that hope will be lost.
Any internet user’s main defence against the snooping feds or any prying eyes really has always been encryption. Even NSA chief Keith Alexander admitted earlier this year that encrypted data is “virtually unreadable” even for their top code crackers. But as you might guess after learning about PRISM, the government doesn’t just give up. Nay, according to a new CNET report, the feds have been systematically asking internet companies for master encryption keys that would let them easily read enciphered text bouncing from unsuspecting Americans to servers and back.
“The government is definitely demanding SSL keys from providers,” an unnamed source who had fielded one of these master encryption key requests told CNET. “The government’s view is that anything we can think of, we can compel you to do.”
It’s unclear exactly who the government is trying to strong arm into giving up their encryption keys. None of the companies that CNET talked to — which included Google, Facebook, Apple, Yahoo and others — would say whether or not they received the requests. A former Justice Department official did tacitly confirm their existence when pointing out how the government is struggling to keep its surveillance practices up and running as encryption becomes the standard on the internet.
This is all troubling news if you thought your data was safe, but there is hope. While the keys generally unlock documents encrypted using Secure Sockets Layer (SSL) there are more advanced forms of encryption that aren’t as easy to break into. One called Perfect Forward Secrecy (PFS) uses temporary keys for each web session, meaning a single master key won’t work. Currently, however, Google is the only major internet company that uses this method, though Facebook plans to start soon.
The overarching question in this scenario is inevitably whether any of this is illegal. We know that the surveillance that took place under PRISM falls within the confines of the law thanks to the Foreign Intelligence Surveillance Act (FISA), but it’s unclear if this extra effort by the government would be overstepping. Inevitably, it doesn’t really matter, because until a judge tells them to stop, the feds will keep pushing the limits of what they can do to keep the stream of information flowing. And if they do gain access to these master keys, then there really is nothing you can do it about it. [CNET]