The Washington Post is reporting that, according to a newly released internal document, the National Security Agency isn't just swiping location data from American mobile phones; they actually have the ability to decode private, encrypted data, putting texts and calls right at their disposal.
Though US Law may prohibit the NSA from collecting phone data (or demanding encryption keys) without a court order, the ability to decode these encrypted conversations own their own means they can cut out the courts entirely. More specifically, it's the encryption technology known as A5/1, which has been noted for its vulnerabilities for years, that the NSA can crack, and most global carriers haven't upgraded to more complex software yet.
But that's globally -- here in the United States, most manufacturers have already upgraded. According to The Washington Post's report:
The vulnerability outlined in the NSA document concerns encryption developed in the 1980s but still used widely by mobile phones that rely on technology called second-generation (2G) GSM. It is dominant in most of the world but less so in the wealthiest nations, including the United States, where newer networks such as 3G and 4G increasingly provide faster speeds and better encryption, industry officials say.
Though just because this older-form (30 years older, to be exact) of encryption is the one most commonly cracked, don't think that puts anyone toting a smartphone off limits. According to The Washington Post, experts have said that it is indeed possible for the NSA to decode more sophisticated means of encryption, although doing so is far more difficult and -- at least at this point in time -- can't be applied on a larger scale.
What's more, even though the majority of phones here in the US may have gotten an upgrade in security, it's still pretty disconcerting that a 30-year-old technology thats been proven time and time again to be insufficient is even still being used. Hopefully this will be the kick carriers need to finally upgrade all their phones to encryption software that actually, well, works. [The Washington Post]