Topics:

NSA backdoor encryption access re-ignites debate over government role in encryption

Tools

The National Security Agency has compromised encryption methods in order to ensure its ability to capture the plaintext of messages, reviving national debate about intelligence community overreach in information technology and communications technology.

The revelations of NSA backdoors comes from articles based on the new leaks from Edward Snowden, published simultaneously Sept. 6 in a joint The New York Times-ProPublica article and in a separate piece in The Guardian. Methods utilized by the NSA and its British government counterpart Government Communications Headquarters include collaborating with or strong arming technology companies to insert vulnerabilities known to the intelligence agencies into encryption products. The Times and ProPublica also say the NSA also coerced some companies into handing over encryption keys.

Among the agencies most intensive targets have been the Secure Sockets Layer and Hypertext Transfer Protocol Secure protocols, virtual private networks, and protections used on fourth generation smartphones, the articles state. Within the NSA, the code name for those efforts was BULLRUN, shows a top secret document (.pdf) posted online as part of the articles unveiling.

In a prepared statement, Director of National Intelligence said the news stories "reveal specific and classified details about how we conduct this critical intelligence activity."

"Anything that yesterday's disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using," the statement adds.

All three new organizations said they were asked by intelligence officials not to publish the new revelations from Snowden documents, but did so "because of the value of a public debate about government actions that weaken the most powerful privacy tools."

It's a debate that many thought predicated at least on a understanding that the NSA would not force the private- or public- sectors into undermining the integrity of cryptology techniques in order for the intelligence community to have a guaranteed access to encrypted messages.

Security researchers almost uniformly agree that backdoors undermine the efficacy of encryption since they create the possibility that unknown parties might find and utilize them, as well. Famously, hackers used a backdoor mid-last decade in the Vodafone Greece mobile phone network to wiretap the cell phones of top Greek governmental officials, including the prime minister.

The administration of President Bill Clinton attempted to have the private IT sector adopt encryption hardware known as the Clipper Chip that would have carried keys the NSA would have had access to through a key escrow. The attempt was a reaction to the rise of Pretty Good Privacy, an encryption program that eluded government cracking. By the mid 1990s, after researchers found vulnerabilities in the NSA algorithm and in response to widespread condemnation, the Clinton administration let the proposal whither.

"The NSA's techno-dodges give civil libertarians a choice of two large pitches on which to throw their fits. Should they be more angry about the national security bureaucracy first seeking the public's consent to drink from the national information stream and then, when told 'no,' ignoring the thumb down? Or is the greater outrage the fact that the vast and secret surveillance program was established at all, and not how it was established?" wrote Reuters columnist Jack Shafer shortly after the news articles came out.

For more:
go to the New York Times and ProPublica article
- go to The Guardian article
- download a BULLRUN overview document labeled TOP SECRET//SI/REL TO USA, FVEY (.pdf)

Related Articles:
NSA inserted backdoor into NIST random number generator method
White House NSA surveillance board heavy on the Washington insiders
Metadata is a proxy for content, argues Princeton professor in ACLU lawsuit against bulk metadata collection