How The NSA and GCHQ Defeat Privacy

Glenn Greenwald has done it again. With the help of Edward Snowden he has been buy leaking many of the National Security Agency's (NSA) dirty little secrets. Yesterday he dropped another bomb as he laid out the methods used by the NSA and British Government Communications Headquarters (GCHQ) to destroy online privacy:

US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.

[...]

The files, from both the NSA and GCHQ, were obtained by the Guardian, and the details are being published today in partnership with the New York Times and ProPublica. They reveal:

• A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made "vast amounts" of data collected through internet cable taps newly "exploitable".

• The NSA spends $250m a year on a program which, among other goals, works with technology companies to "covertly influence" their product designs.

• The secrecy of their capabilities against encryption is closely guarded, with analysts warned: "Do not ask about or speculate on sources or methods."

• The NSA describes strong decryption programs as the "price of admission for the US to maintain unrestricted access to and use of cyberspace".

• A GCHQ team has been working to develop ways into encrypted traffic on the "big four" service providers, named as Hotmail, Google, Yahoo and Facebook.

I think the most important thing to note is that, from the information leaked, it doesn't appear as though the NSA or the GCHQ have actually broken common encryption algorithms. In cryptography terms an encryption algorithm is only broken if an attack finds a method of decrypting data encrypted with that protocol faster than can be done via brute force (guessing every possible decryption key). What the NSA and GCHQ are doing is buying off commercial entities to insert back doors into their security products. Keep this in mind as major media outlets wrongly (as far as we know) begin reporting about how the NSA is able to break all known encryption algorithms.

None of the information in this latest leak surprises me. It's been apparent for a while that the state's surveillance apparatus has been relying on a fascist marriage between private and public entities. The game is afoot and the NSA and GCHQ believe they can wage war on the Internet without suffering repercussions. Those of us who dwell may not be as agreeable as they think.