Circumventing Encryption Frees NSA’s Hands Online
Leaked documents suggest that American spies can decrypt much of the data they collect by tapping into Internet service providers and telecommunications cables.
The NSA’s surveillance of encrypted Internet communications was previously believed to require the agency to go to Web service providers.
A series of leaks this summer revealed that the National Security Agency uses novel interpretations of U.S. law to gather data in bulk from the world’s largest Internet companies. Now new reports on the NSA’s technical capabilities suggest that the agency can actually read most online communications without going directly to service providers at all.
The New York Times, citing documents leaked by former NSA contractor Edward Snowden, reports that the NSA has “circumvented or cracked much of the encryption” used online. Such capabilities could be very powerfully combined with the access the agency is known to have to traffic carried by Internet service providers and major international telecommunications cables.
“This suggests that they no longer have to go to, say, Google; they can decrypt data from AT&T or use their own infrastructure, for example, on the undersea cables,” says Dan Auerbach, a staff technologist with the Electronic Frontier Foundation.
The NSA’s use of its surveillance capabilities is limited by U.S. law, which prohibits surveillance of U.S. citizens. However, leaks earlier this summer revealed that the agency used previously unknown legal interpretations to justify collecting data in bulk from U.S. communications companies for later analysis (see “NSA Surveillance Reflects a Broader Interpretation of the Patriot Act”). Opponents of the tactic say that bulk collection raises the risk of abuse of surveillance powers, accidental or otherwise.
The Times report and one from the Guardian based on the same documents omit many specifics about the NSA’s capabilities but describe methods that fall into two broad categories: targeted efforts that get around the encryption used by a particular company, and methods that can attack the underlying cryptographic systems used by many companies.
In the first category, the NSA is said to maintain a database of encryption keys used by many online providers to secure data, allowing any data from those services to be easily decrypted. The keys are reportedly obtained using court orders, by winning the companies’ voluntary collaboration, or by hacking into companies to steal their keys. Attacks on specific companies apparently also are possible because the NSA has compromised the encryption chips used by some service providers. It did this, the report says, by discovering security flaws or even persuading manufacturers to install backdoors.
The power and scope of the second category of attacks, which seek to undermine cryptographic algorithms, is less clear. The Times says the NSA has made progress with techniques that could make it practical to reverse encryption generally assumed to be secure, in part by influencing the design of cryptographic standards to create a secret backdoor. One major focus of those attacks was on SSL, the technology used to enforce secure connections to online services such as banking.
Cryptography experts are struggling to digest the news that standards they had believed to be secure may have vulnerabilities introduced by the NSA. However, without details of the nature and efficiency of such attacks it is unlikely SSL will be abandoned.
Technologies do exist that could allow companies to limit the NSA’s ability to circumvent encryption by getting hold of their encryption key used to secure data. A technique called “perfect forward secrecy” would prevent the agency from using an encryption key that had been taken from a company, or was mathematically cracked, to decrypt all future and past communications. Instead of using a key used over and over, perfect forward secrecy creates temporary keys used only for a particular secure communication session between a user and a provider.
Google adopted the method in 2011, and Auerbach says “my rough understanding” is that it is the only major service provider using it. The EFF has been trying for months to persuade other Internet companies to follow suit, without success.
Auerbach hopes that this week’s news will cause Internet companies to make implementing perfect forward secrecy more of a priority. Many companies have already reëxamined their security and privacy practices in light of the NSA revelations, he says, and that agency is unlikely to be the only one trying to circumvent encryption. “We’re not only talking about the U.S. government but also other intelligence organizations.”
Joseph Lorenzo Hall, senior staff technologist at the Center for Democracy & Technology, a Washington nonprofit, says that technical solutions such as perfect forward secrecy might just lead the NSA to compel Internet service providers to install a way around it. “Even if you were to invent a good technical solution you may be put in a position where you were ordered to compromise it,” he says. By creating such backdoors, he says, the NSA would actually undermine U.S. national security by creating ways in that other actors could exploit.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today