The Guardian, in its latest story based on the documents supplied by Snowden, reveals the NSA has been working for years to subvert all the encryption and security technologies used on the Internet and on computers. This apparently has included working with corporations and developers to include back doors into software and devices.
The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.
The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”.
Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.
Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.
Revealed: How US and UK spy agencies defeat internet privacy and security
As reported by the New York Times:
The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.
Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.
Michael Froomkin, Laurie Silvers & Mitchell Rubenstein Distinguished Professor of Law at the University of Miami School of Law, writes on the latest revelations of NSA spying on all Internet traffic, and points out accurately that “The Sky *IS* Falliing”.
It’s everything, everything that Cypherpunks ever muttered about over their beer.
This is the secret that likely explains why the Obama and Cameron administrations were willing to do almost anything to try to get Snowden, the reporters he leaked to, and the anyone who touched their data.
This is the nuclear winter of data security.
What do we do?
I used to say, we don’t really care if the NSA is reading our traffic, because if they are, the secret is so valuable they won’t waste it on anything but the most important national security matters. The Snowden revelations suggest that wasn’t completely right — there was some information sharing with civilian domestic law enforcement, although it was obfuscated in ways that undermined the constitutional guarantee of the right to confront witnesses against you. More importantly, the fact of the Snowden revelations mean that the cat is out of the bag, so the disincentive to use the information will be greatly reduced.
For now, however, it is not hyperbole to say, as Schneier does, that “[b]y subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract.” It’s going to be tough, hard work to rebuild the Internet, and even harder work afterwards to rebuild trust in systems not to mention both public and private institutions.
Are we up to either job?
One might wonder, even if we felt up to it, at this point in the devolution of our society, will the powers of government permit us to do the job, even if we feel up to it?
I posted the following question to Prof. Froomkin in the comments on his web site:
As a professor of law, does it not bother you that the American people and members of Congress seem to be missing the underlying issue here?
Namely, that the Rule of Law guaranteed by the Constitution and Bill of Rights is in practice dead as a door nail in our nation?
Rich banks, hedge fund companies, mortgage companies, violated the most fundamental laws in the most blatant manner, e.g. the total abandonment of the Title process for housing. And not a SINGLE ONE of them has suffered legal consequences. They are immune. Two banks in the past month sacked the wrong home, took possessions, sold them. Turned out to be WRONG PERSON and wrong house. Police would not even charge the banks with a crime.
As for any pretense of habeas corpus, due process, and the fundamental protections against search and seizure (which to me clearly equate to an implicit right of privacy in the Constitution): These things simply no longer apply.
Am I the only one left standing who is bothered by the refusal to acknowledge these fundamental principles anymore?