- The NSA has secretly and successfully worked to break many types of encryption, the widely used technology that is supposed to make it impossible to read intercepted communications.
- Referring to the NSA’s efforts, a 2010 British document stated: “Vast amounts of encrypted Internet data are now exploitable.” Another British memo said: “Those not already briefed were gobsmacked!”
- The NSA has worked with American and foreign tech companies to introduce weaknesses into commercial encryption products, allowing backdoor access to data that users believe is secure.
- The NSA has deliberately weakened the international encryption standards adopted by developers around the globe.
As with most of the Snowden revelations, this one comes from a PowerPoint talking about the program, so there’s some vagueness about exactly what has been accomplished. That vagueness is intentional because this program is “five eyes” secret, meaning only specially cleared analysts from the US, Canada, the UK, Australia and New Zealand can access it. The PowerPoints were apparently created to brief others at a lower security level about the basics of the program. All three news organizations have also agreed not to publish any details that could compromise the NSA’s operation.
So, the big question that is only hinted at in the stories is whether the non-commercial protocols that encrypt internet traffic, SSL/TLS, which is used by the HTTPS protocol that secures web traffic, has been compromised to the point where the five eyes can read any encrypted web traffic that they can intercept. One of the UK slides published by the Guardian seems to hint so, but it’s not clear to me that they have from what I read. That would be a huge revelation if true. HTTPs is used by every so-called secure website, including banks, web email providers and web service providers like Salesforce.