You may have thought that if you use a good encryption program, your data are safe. Wrong! Newly disclosed documents show that the National Security Agency has been waging a secret war against encryption — the digital scrambling used to safeguard everything from banking to trade secrets to email to Web searches and phone calls – and is winning.
The docs, obtained by the Guardian, the New York Times and ProPublica from former NSA contractor Edward Snowden, show that the NSA has been working with industry to weaken standards and establish “back doors” to encryption programs. The agency has worked closely with its British counterpart, GCHQ; documents indicate that GCHQ, “almost certainly in collaboration with the NSA,” says the New York Times, has been looking for ways into protected traffic of such Internet companies as Google, Yahoo, Hotmail and Facebook.
According to the Times:
The NSA hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
The Times says that while attempting to foil terrorist plots, the NSA is compromising the security of average American citizens:
Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth-generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network.
Tech-savvy individuals may want to take steps to keep their data from the N.S.A.’s prying eyes. The Guardian’s Bruce Schneier suggests a number of ways to do that, including using an air gap (it involves a computer that has never been connected to the Internet).