Snowden leak shows Web encryption loophole
By Rob Lever ,AFPWASHINGTON -- U.S. and British intelligence agencies have cracked the encryption that secures a wide range of online communications — including emails, banking transactions and phone conversations, according to newly leaked documents.
September 7, 2013, 12:03 am TWN
The documents provided by former U.S. intelligence contractor Edward Snowden to The New York Times, ProPublica and The Guardian suggest that the spy agencies are able to decipher data even with the supposedly secure encryption designed to make it private.
The U.S. National Security Agency, working with its British counterpart, GCHQ, accomplished the feat by using supercomputers, court orders, and some cooperation from technology companies, the documents indicate.
The Guardian report said the two spy agencies had “covert partnerships” with technology companies and Internet providers which allows the insertion of “secret vulnerabilities — known as backdoors or trapdoors — into commercial encryption software.”
The British paper said the NSA spends US$250 million a year on a program which works with technology companies to “covertly influence” their product designs.
The reports did not indicate which companies are cooperating with the agencies, but they suggested that Britain's intelligence agency was able to access to people's Hotmail, Google, Yahoo and Facebook accounts.
If the reports are accurate, the highly secretive program would defeat much of the protection that is used to keep data secure and private on the Internet, from emails to chats to communications using smartphones.
“Today's revelations indicate that the NSA appears to have engaged in a concerted hacking campaign that dwarfs anything Anonymous has ever done,” said Sascha Meinrath of the New America Foundation's Open Technology Institute, which works with people in authoritarian countries to avoid government tracking.
“Their actions have created back doors in numerous, supposedly secure, applications — online services we use every day ... undermining the integrity of communications on a global scale,” Meinrath said in an email.
Joseph Hall of the Center for Democracy and Technology, a digital rights organization, called the latest reports “shocking.”