ProPublica

Journalism in the Public Interest

Cancel

Revealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security

Newly revealed documents show that the NSA has circumvented or cracked much of the encryption that automatically secures the emails, Web searches, Internet chats and phone calls of Americans and others around the world. The project, referred to internally by the codename Bullrun, also includes efforts to weaken the encryption standards adopted by software developers.

The National Security Agency headquarters at Fort Meade, Md., in January 2010. (Saul Loeb/AFP/Getty Images

Note: This story is not subject to our Creative Commons license.

Closer Look: Why We Published the Decryption Story

Sept. 6: This story has been updated with a response from the Office of the Director of National Intelligence.

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

This story has been reported in partnership between The New York Times, the Guardian and ProPublica based on documents obtained by The Guardian.

For the Guardian: James Ball, Julian Borger, Glenn Greenwald
For the New York Times: Nicole Perlroth, Scott Shane
For ProPublica: Jeff Larson

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.

Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.

The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.

The N.S.A. hacked into target computers to snare messages before they were encrypted. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.

“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, “those not already briefed were gobsmacked!”

An intelligence budget document makes clear that the effort is still going strong. “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year.

In recent months, the documents disclosed by Mr. Snowden have described the N.S.A.’s broad reach in scooping up vast amounts of communications around the world. The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects.

The agency’s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans’ e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features.

The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission. If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say.

Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by Qaeda leaders about a terrorist plot and of Syrian officials’ messages about the chemical weapons attack outside Damascus. If such communications can be hidden by unbreakable encryption, N.S.A. officials say, the agency cannot do its work.

But some experts say the N.S.A.’s campaign to bypass and weaken communications security may have serious unintended consequences. They say the agency is working at cross-purposes with its other major mission, apart from eavesdropping: ensuring the security of American communications.

Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL, virtual private networks, or VPNs, and the protection used on fourth generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network.

For at least three years, one document says, GCHQ, almost certainly in close collaboration with the N.S.A., has been looking for ways into protected traffic of the most popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document.

“The risk is that when you build a back door into systems, you’re not the only one to exploit it,” said Matthew D. Green, a cryptography researcher at Johns Hopkins University. “Those back doors could work against U.S. communications, too.”

Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip.

“And they went and did it anyway, without telling anyone,” Mr. Kocher said. He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information.

“The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort,” he said. “This is the golden age of spying.”

A Vital Capability

The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus primarily on GCHQ but include thousands either from or about the N.S.A.

Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.

The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June.

“Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.

The documents make clear that the N.S.A. considers its ability to decrypt information a vital capability, one in which it competes with China, Russia and other intelligence powers.

“In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,” a 2007 document said. “It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.”

The full extent of the N.S.A.’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand. Only they are cleared for the Bullrun program, the successor to one called Manassas — both names of American Civil War battles. A parallel GCHQ counterencryption program is called Edgehill, named for the first battle of the English Civil War of the 17th century.

Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.’ ”

Only a small cadre of trusted contractors were allowed to join Bullrun. It does not appear that Mr. Snowden was among them, but he nonetheless managed to obtain dozens of classified documents referring to the program’s capabilities, methods and sources.

Ties to Internet Companies

When the N.S.A. was founded, encryption was an obscure technology used mainly by diplomats and military officers. Over the last 20 years, with the rise of the Internet, it has become ubiquitous. Even novices can tell that their exchanges are being automatically encrypted when a tiny padlock appears next to the Web address on their computer screen.

Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.

According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.” Sigint is the abbreviation for signals intelligence, the technical term for electronic eavesdropping.

By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by surreptitiously exploiting existing security flaws, according to the documents. The agency also expected to gain full unencrypted access to an unnamed major Internet phone call and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments.

In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.

The 2013 N.S.A. budget request highlights “partnerships with major telecommunications carriers to shape the global network to benefit other collection accesses” — that is, to allow more eavesdropping.

At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.

Microsoft asserted that it had merely complied with “lawful demands” of the government, and in some cases, the collaboration was clearly coerced. Executives who refuse to comply with secret court orders can face fines or jail time.

N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it.

How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored. To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means. “Approval to release to non-Sigint agencies,” a GCHQ document says, “will depend on there being a proven non-Sigint method of acquiring keys.”

Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.

Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.

Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”

“Eventually, N.S.A. became the sole editor,” the memo says.

Even agency programs ostensibly intended to guard American communications are sometimes used to weaken protections. The N.S.A.’s Commercial Solutions Center, for instance, invites the makers of encryption technologies to present their products and services to the agency with the goal of improving American cybersecurity. But a top-secret N.S.A. document suggests that the agency’s hacking division uses that same program to develop and “leverage sensitive, cooperative relationships with specific industry partners” to insert vulnerabilities into Internet security products.

A Way Around

By introducing such back doors, the N.S.A. has surreptitiously accomplished what it had failed to do in the open. Two decades ago, officials grew concerned about the spread of strong encryption software like Pretty Good Privacy, or P.G.P., designed by a programmer named Phil Zimmermann. The Clinton administration fought back by proposing the Clipper Chip, which would have effectively neutered digital encryption by ensuring that the N.S.A. always had the key.

That proposal met a broad backlash from an unlikely coalition that included political opposites like Senator John Ashcroft, the Missouri Republican, and Senator John Kerry, the Massachusetts Democrat, as well as the televangelist Pat Robertson, Silicon Valley executives and the American Civil Liberties Union. All argued that the Clipper would kill not only the Fourth Amendment, but also America’s global edge in technology.

By 1996, the White House backed down. But soon the N.S.A. began trying to anticipate and thwart encryption tools before they became mainstream.

“Every new technology required new expertise in exploiting it, as soon as possible,” one classified document says.

Each novel encryption effort generated anxiety. When Mr. Zimmermann introduced the Zfone, an encrypted phone technology, N.S.A. analysts circulated the announcement in an e-mail titled “This can’t be good.”

But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government’s nuclear department and another’s Internet service by cracking the virtual private networks that protected them.

By 2010, the Edgehill program, the British counterencryption effort, was unscrambling VPN traffic for 30 targets and had set a goal of an additional 300.

But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence.

A 2010 document calls for “a new approach for opportunistic decryption, rather than targeted.” By that year, a Bullrun briefing document claims that the agency had developed “groundbreaking capabilities” against encrypted Web chats and phone calls. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum.

But the agency was concerned that it could lose the advantage it had worked so long to gain, if the mere “fact of” decryption became widely known. “These capabilities are among the Sigint community’s most fragile, and the inadvertent disclosure of the simple ‘fact of’ could alert the adversary and result in immediate loss of the capability,” a GCHQ document outlining the Bullrun program warned.

Corporate Pushback

Since Mr. Snowden’s disclosures ignited criticism of overreach and privacy infringements by the N.S.A., American technology companies have faced scrutiny from customers and the public over what some see as too cozy a relationship with the government. In response, some companies have begun to push back against what they describe as government bullying.

Google, Yahoo and Facebook have pressed for permission to reveal more about the government’s secret requests for cooperation. One small e-mail encryption company, Lavabit, shut down rather than comply with the agency’s demands for what it considered confidential customer information; another, Silent Circle, ended its e-mail service rather than face similar demands.

In effect, facing the N.S.A.’s relentless advance, the companies surrendered.

Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”

Update (9/6): Statement from the Office of the Director of National Intelligence:

It should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries’ use of encryption. Throughout history, nations have used encryption to protect their secrets, and today, terrorists, cybercriminals, human traffickers and others also use code to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.

While the specifics of how our intelligence agencies carry out this cryptanalytic mission have been kept secret, the fact that NSA’s mission includes deciphering enciphered communications is not a secret, and is not news. Indeed, NSA’s public website states that its mission includes leading “the U.S. Government in cryptology … in order to gain a decision advantage for the Nation and our allies.”

The stories published yesterday, however, reveal specific and classified details about how we conduct this critical intelligence activity. Anything that yesterday’s disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.

John Markoff contributed reporting for The New York Times.

“And they went and did it anyway, without telling anyone”

Nothing like an out of control agency funded by taxpayers in an alleged democratic setting.

Time to retire the generals, fire the private contractors and shutter the agency.

The NSA is “winning” the war against cyber security, and the American people are losing. The losses to America are more devastating than it would appear at first.  The vast digital library that the NSA has assembled that includes virtually every digital trace of every American and many people throughout the World, has effectively dealt the United States out of one of the most promising businesses of the future, cloud computing. The credibility of America has been permanently trashed, and the last shred of trust that the World has held in the values supported by Americans has been lost. Yes, the NSA and its own selfish agenda has won, the rest of us have lost.

Cannot agree with Dr. Joe Doty more. Close them up.

ConcernedCitizens

Sep. 5, 2013, 4:12 p.m.

Questions

1)  Does NSA provide Monsanto or other corporations data upon request? In other words, are corporations able to request or purchase data about American citizens?

2) Has NSA (or its employees) ever provided Monsanto or other corporations data upon request? In other words, have corporations ever been able to request or purchase data about American citizens? Is this legal or illegal?

I’m disappointed that the media organisations involved chose to honour the requests of the intelligence community and not release details of the specific encryption technologies the NSA has the ability to decrypt. With financial information, medical records, and proprietary information all transmitted over the internet only with the understanding that encryption protects it from prying eyes, these details are of undeniable public interest. If the NSA has the ability, how do we know that other governments or malicious individuals have not also developed such capabilities?

@ConcernedCitizens: How is this even tangentially related to Monsanto?

This is a complicated issue. On the one hand, law-abiding citizens of the US and other countries rely on Internet encryption to protect financial and other personal information. On the other, Internet encryption allows groups like al Qaeda the communicate freely without free of being intercepted. It is worth remembering that had the US and the UK not been able to break German and Japanese encryption systems during World War II the outcome of that conflict might have been very different. It seems to me that it is in the US national interest for NSA to be able to access encrypted Internet communications, so long as they do so only in accordance with US law.

The questions that need answers now are who fed this information to Snowden and why. It seems unlikely that he would have been able to access such a tightly compartmented program on his own.

Please post the full documents so that other individuals and organizations may also analyze these documents without editorialization.

At ConcernedCitizens-

Yes, Monsanto has had access for a while. Exxon is another company that has had access to the electronic communications of anyone critical of their organization. If anyone speaks out against any high-level corporation, they are labeled a terrorist and are treated as such.

Would those who believe that NSA has provided Monsanto and Exxon-Mobile access to the communications of US citizens please cite their source(s) for this information?

As Bruce Schneier puts it, “They’re doing it primarily by cheating, not by mathematics.”

It’s an important distinction that I’m afraid was grievously muddled in this reporting. E.g., encryption protects an e-mail message as it travels from your computer to Gmail’s server. The NSA cannot read that message because it is encrypted. The NSA instead sends a National Security Letter demanding that Gmail hand over that message. This is like saying that an armored car can’t be hijacked, but the government can then legally require that the bank receiving that shipment hand it over after it had arrived. That’s not breaking encryption (hijacking an armored card). That’s avoiding it (get it after it’s been unloaded).

Another example: so what if I encrypt a file and then send it to my friend? The NSA can’t break that encryption, period. What it can do is get the key from me or my friend. It might coerce it out of us, it might trick us into revealing it, it might spy on us as we enter the key, but the one thing it can’t do is force it open by brute force. So if I encrypt a file and then die, and the only place where that key was stored was in my mind, then that file can never be decrypted. Ever.

It’s alarming that the NSA is doing what it’s doing, but it’s also important to know exactly how the NSA is doing this. The article gives the impression that these are technical attacks against encryption itself. They are not (the weaknesses in the NSA-sanctioned AES algorithm that was alluded to simply means that even with every computer on the planet working on it, a brute force attack will now take trillions of years instead of trillions of centuries). Instead, they are about NSA pursuing back channels to try to avoid the problem of encryption because encryption itself has not been and cannot be broken.

Why is this distinction important? Because encryption still works. The PGP (or GPG) that the article mentioned? That still works. Yes, the NSA can still “cheat” and demand the unencrypted message, but when the only holders of the unencrypted message is the sender who created the message and the recipient who decrypted the message, that’s a far more difficult “cheat” to pull off than if they could just send a NSL to a third party.

All governments must realize that there are 10’s of thousands of 12 year old boys and girls that when challenged can communicate with each other and break into any system.  Their minds have no restrictions. Gates and Allen may have been among the first to do so, others also look at the challenge.

Janet Innes_Kirkwood

Sep. 5, 2013, 4:48 p.m.

Right just the great White Fathers of the Anglo-American Five Eyes had a need to know everything in the entire world sort of like an all-knowing Jesus. The problem is that these guys are stupid because once you tilt your hand it is rather obvious and then you just watch what the boys and girls club does with this. They gave themselves all the advantages and told us they were all winners because they were all so much smarter than everybody else. They have shot the US Internet and information industry in the foot as well as undercut our standing and moral authority in the world. I wonder how many real terrorists they actually caught compared to how many they have made? However we are known to be number one in incarceration and war, and we have the over bloated military police spy industry to show for it coupled with the usual decline in the population’s standard of living. Gee not very exceptional in the empire department after all…. Even the UK poodle club is trying to jump off this sinking ship. Which way is land boys and girls???

So… can the NSA decrypt SSL, or not?

This article actually conveys very little about what the government can do—just a generalized suggestion that it’s “a lot.”

I agree with Rick Jones. Don’t protect these perps.

“Please post the full documents so that other individuals and organizations may also analyze these documents without editorialization.”

I suppose we could all buy an older computer, keep it offline, and compose lengthy messages in Lorem Ipsum, format in PDF, and then double-triple encrypt, and dump them on SkyDrive. I have the service but don’t use it.

Let them crunch that gobbledygook. It’s an old strategy. Overload the enemy with useless data. Too bad the enemy is our own government. Not that it’s a surprise.

@ConcernedCitizens,

You wrote:
————————-
Questions

1)  Does NSA provide Monsanto or other corporations data upon request? In other words, are corporations able to request or purchase data about American citizens?

2) Has NSA (or its employees) ever provided Monsanto or other corporations data upon request? In other words, have corporations ever been able to request or purchase data about American citizens? Is this legal or illegal?
————————-

Yes, the going price in 1995/96 for NSA data from their operatives (on the QT of course) was $25,000. That was the minimum. I was in the room. That was the domestic minimum.

i second that.  The article raises alarms without giving specifics.  The cat is out of the bag.  Tell us what they can crack for our own safety

Thank you NSA. You have just destroyed the US computer and internet industry. No foreign buyer will ever trust us enough to buy our equipment or services.

This was a major part of our economy. I sure hope that the 6 terrorist you claim you caught were worth destroying a multi-billion dollar industry.

It appears that the only way to stop this out of control agency is for a foreign government such as Brazil to sue the NSA for breaching their privacy laws, as our government has pretty much allowed them to run roughshod over the Constitution and whatever expectations for privacy we previously had.  And then they developed the Patriot Act to force compliance and make people who did not wish to participate disappear…

All these “revelations” about the NSA in the press have only demonstrated how so very little today’s news outlets, whether traditional or online, bother with genuine investigative journalism. The NSA is not this huge Enemy-of-the-State boogeyman filled with sinister, masterful ne’er-do-wells—it’s just another U.S. agency that’s still recovering from gross mismanagement during the Bush years, and filled with basically bureaucratic geeks who are more concerned about job security than anything else. And any discussion with people familiar with the NSA would tell you that (or you can just look up Thomas Drake’s characterization of the NSA under Bush’s people.) Yeah, they are pretty good at cracking encryption, but they are hardly the only ones (go look up what the Russian company, ElcomSoft, has been doing over the years), but…foreign governments, terrorist groups, criminal organizations, and even just tech savvy folk know that most if not all of what the NSA cracks are older or bug-ridden encryption protocols and that it really isn’t that hard to substitute in somewhat more up to date, less buggy, and vastly stronger encryption software and techniques. This is why you are not seeing a whole lot of success against targets that you would expect the NSA to really go after. They may cast a very big net, but the fish they are after know how to eluded it.

DJ Matthew Reece

Sep. 5, 2013, 5:21 p.m.

Well…the worst part of this is that corrupt federal agents use this to cover their tracks and avoid accountability.  I have personal experience in this with a CIA named Dennis Ende. Check my blog for the story…mu phone hacked and tapped illegally ... djmatthewreece.blogspot.com
100% true story…

The original source and purpose of what became the internet was a military/intelligence system. Still is. The fact that it was turned into a commercial and public utility does not change that. Additionally, use of commercial operating systems for command and control of things like the electrical grids and intelligence operations, given that no individual or group has really understood the whole thing for about 30 or 40 years, everything is vulnerable, and anything can be cracked, as was pointed out 40 years ago, is foolish. Current encryptions can’t be cracked unless you have the key. And absolutely anything worth anything can be bought.

What I got out of this article is the need to make The NSA’s key collection obsolete. If every individual that uses encryption simply generates a new 4096-bit private-public key pair on a regular basis and tightens up security on their systems, secure communications can be restored.

Same can be done for symmetric keys—just like passwords they should be changed regularly.

It is also necessary to stop using commercial proprietary operating systems. Open source ensures that one knows there are no back-doors installed in their encryption software or their desktop.

I have to find my old copy of PGP 2.6.2 source and rebuild. That version should still provide Pretty Good Security. Thanks, Phil!

Your real name

Sep. 5, 2013, 5:54 p.m.

Informative writing.  On the other hand, in terms of the big picture, what on earth do you *expect* the NSA to be doing, if not cracking codes and monitoring communications ?  In spite of the current collaborative effort credits, it looks like ProPublica has been working on the story the longest.  It would be interesting to see the a similar long term project for other agencies.

As with the IRS scandal there will always be people or groups In the government that disagree with your beliefs or views and they will use this technology to there ends no matter What the safe guards.

The points made in this article are good ones with some minor exceptions. For one thing, they are not in a position to assess the potential damage release of such information may have, or the lives they may put at risk. Secondly, if they were genuine in there attempts to kick off a National debate, they could reveal elements of the programs without a complete compromise of the programs. Third, if the Government wanted to discuss the release of information in a legal context, ie restraining order, (due process of law), they have precluded this possibility. Ultimately, it is probably the Jurisdiction of the Supreme Court to assess the balance of interests at play here. I am very curious about the information, but could wait for the proper balance of interests to be weighed by appropriate Parties. As it is, they are setting the stage for the release of information that they in only their judgement,  have decided is in “our” best interest, who gave them that Right. When terrorist attacks that could have been foiled by this technology occur, and they report on the carnage, will there be any acknowledgement that they may have some of the blame, I think not, they will just sell more newspapers.
In my opinion the Press needs to go through the steps, this is far to important an issue for a unilateral decision on their part, a delicate balance of Free Speech and Security are at stake.

Wendy Schwartz

Sep. 5, 2013, 6:02 p.m.

Just for fun: What if Snowden was a plant to try to scare everybody off the internet in order to stop the increasing public transparency. Wouldn’t that be brilliant?

Half of the problem, if not all of it, is in the hidden content of the code we run.  The solution for this is obvious:  Only run open-source programs.  Ditch Microsoft and Apple, go with Ubuntu.

It won’t solve all the problems, but it’s a start.

And this is how al-Qadea (or however it’s spelled this week) wins - toss out an occasional fear bomb then sit back and watch us destroy ourselves in response.

Wendy Schwartz

Sep. 5, 2013, 6:06 p.m.

....also does this mean the new iPhone is just a loudspeaker straight to the feds?

@Leo Cotnoir:
I’m afraid your are mixing arguments here. There is a clear difference between engaging a war-time enemy and spying on the general public and commercial interests.

We need ethical independent privacy advocates like Dick Cheney and Mike Tigas to examine the Constitutionality of such programs…

The Other Ron

Sep. 5, 2013, 6:13 p.m.

Why didn’t you answer the more important question of whether the NSA shares with the FBI?

“the American manufacturer agreed to insert a back door into the product before it was shipped”

Thanks, PP for destroying the American tech h/w industry.

@Wendy Schwartz “....also does this mean the new iPhone is just a loudspeaker straight to the feds?”

Only if the NSA shares with the FBI.  From what I’ve read, though, about the FBI’s inability to crack TrueCrypt, the answer seems to be no.

Shocking!
But, of course, I am not shocked.
The US government has broken the rules on privacy thousands of times.
We wrote about it when The Guardian and others published a story on Aug. 16: NSA broker rules on privacy thousands of times

http://warrenswil.com/2013/08/16/a-massive-story-nsa-broke-rules-on-privacy-thousands-of-times/
Thank you, Edward Snowden, for telling us something we REALLY need to know.
Is anyone in the US paying attention with the all-Syria-all-the-time news broadcasts?
I doubt it.
In the (K)now blog
http://warrenswil.com/

Thomas Jefferson

Sep. 5, 2013, 6:22 p.m.

The KGB of the Cold War could only have fantasized about the secret domestic spying of the NSA. It is J Edgar Hoover of several magnitudes with several cherries on top!
Hail to the United Police States of America!
Zig Heil! Zig Heil!

John Dingler, artist

Sep. 5, 2013, 6:22 p.m.

Notice that the otherwise excellent article—because it informs us of the NSA’s ubiquitous, surreptitious, and anti-4th Amendment spying—is written from the point of view of the success of the NSA. It instead should have been written from the point of view of the abridgment of 6th Amendment freedoms. Therefore, the article puts the NSA in a good light, wrongly.

“Many users assume — or have been assured by Internet companies —
that their data is safe from prying eyes. . .”

In other news, many users believe in the Tooth Fairy, Santa Clause,
and Atlantis.

Sheesh.

Yeah, I know it’s “Claus.”

So sue me.

Debt Suspension Rights

Sep. 5, 2013, 6:28 p.m.

If collected data is not transferred to competing interests nor used against the entity being spied upon in public, the effect is not as bad.

The Other Ron

Sep. 5, 2013, 6:37 p.m.

“Hail to the United Police States of America!”

How inordinately naive are you that the agency tasked with code breaking is… breaking codes?  Sheesh…

The Other Ron

Sep. 5, 2013, 6:41 p.m.

“They’re doing it primarily by cheating, not by mathematics.”

Good for them!  (Last I checked, the world didn’t run on the Marquess of Queensberry Rules.)

MRW,

If you were really in a room where NSA employees sold access to Monsanto and did not report it to the proper authorities you are guilty of a felony. Perhaps you might with to reconsider your accusations.

Jim - yes indeed. Osama has won from the grave. I wonder if Bin Laden foresaw the aftermath of 9/11, the ripples of paranoia that have emanated from that day and how the government would exploit peoples fears. This country is now the scariest place on Earth, doubtless trending toward a police state and with an overbearing government hell-bent on picking up every jot of information about every individual on the planet. It’s nothing short of psychotic. The inmates running the madhouse.

I wonder whether anyone, besides me, posting here has every worked at NSA. Judging by the insanity of most of the comments, I rather doubt it.

Wendy Schwartz

Sep. 5, 2013, 6:48 p.m.

the real crime is when the taxpayer public are IRS targeted, have their emails “not get through”, and are generally screwed with if they speak up. There are over 200 people in Washington who can request and use agency data and they have no involvement with law enforcement.  They are “senior campaign staff” but they have the power to get, and use, anything they want for retribution on behalf of big campaign backers.

Dear ProPublica!
Please tell me and your readers, how does a Government know you are going to publish a story before you publish it? Are you secretly forced to do it? Do you voluntarily do it? Do they have complete access to your systems, and/or personal?
Inquiring minds won’t to know?

Wendy, if you snug up that tinfoil hat you’ll be just fine.

Wendy Schwartz

Sep. 5, 2013, 6:59 p.m.

Here is the scenario that frightens me: Eric Schmidt at google went nuts today because Valleywag outed his private N.Y. sex den. Does he call investor Ray Lane and say “get ‘em” and then Ray calls Valerie Jarret and says : “I want every blogger on Valleywag audited by the IRS and I want a copy of all their hard drives!”?

Wendy, that would be illegal and I doubt that anyone at NSA or any other Federal agency would go along with it. Nixon tried something very similar and you might recall that he was forced to resign.

Billy Gramcracker

Sep. 5, 2013, 7:16 p.m.

America - “Home of the Free” really??????. Brave…not so much. “Home of Cowards and Scoundrels” Amen!!!!!