The Internet has been cracked

by fmhilton

In case you have not heard the news, 3 different and highly respected papers in simultaneous reporting broke a story that bears repeating in every single format available.

According to the New York Times, Pro Publica, and the Guardian, the NSA has not only unlocked the security of the entire Internet, but has also been coercing telecommunication and technology firms to provide their key encryption to be altered for the NSA.

The Guardian wrote:

US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.

The New York Times reported that:

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

Pro Publica reported that:

Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.

So what’s really surprising about this, you might ask. Didn’t we hear about this before?

An awful lot, actually:

1. That the NSA has successfully cracked much of the popular encryption used for everyday on-line transactions. You order something from Ebay or Amazon, they can view the transaction. They can read your credit card numbers. They know what you bought, when you bought it and how much you paid for it. Think about that. Did you believe that nobody could see this while you were buying that stuff? Don’t feel so safe any more, do you?

2. They did it by stealth. When they couldn’t do it on their own, they paid telecommunication companies money or otherwise coerced them into editing the encryption that they use to protect various data.

Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.

Even the sections of our own government are enabling this stealth:

The N.S.A.’s Commercial Solutions Center, for instance, invites the makers of encryption technologies to present their products and services to the agency with the goal of improving American cybersecurity. But a top-secret N.S.A. document suggests that the agency’s hacking division uses that same program to develop and “leverage sensitive, cooperative relationships with specific industry partners” to insert vulnerabilities into Internet security products.

So in the end, as the Guardian noted,

In effect, facing the N.S.A.’s relentless advance, the companies surrendered.

We’ve been sold out to the NSA by the very companies we trust to keep our data safe.

Another surprising little note about this reporting: the New York Times and the Guardian were asked by the NSA to not publish their articles as TechDirt noted about one small aside in the NY Times article:

Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read.
The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others

ProPublica had a longer explanation of why they reported on this news:

The story, we believe, is an important one. It shows that the expectations of millions of Internet users regarding the privacy of their electronic communications are mistaken. These expectations guide the practices of private individuals and businesses, most of them innocent of any wrongdoing. The potential for abuse of such extraordinary capabilities for surveillance, including for political purposes, is considerable. The government insists it has put in place checks and balances to limit misuses of this technology. But the question of whether they are effective is far from resolved and is an issue that can only be debated by the people and their elected representatives if the basic facts are revealed.

So not only is the NSA successfully breaking the Internet, coercing the technology companies to pervert their standards and invading our privacy, they’re also attempting to suppress the news and mislead the public.

It’s about time for this to stop, isn’t it? That’s the opinion of the Guardian.

Don’t know about you, but I fully agree.