Documents leaked by Edward Snowden show that the National Security Agency, despite its seemingly best efforts, is unable to crack certain types of cyber defenses.
The German newspaper Der Spiegel uncovered among the former contractor’s document trove new details about the extent of the spy agency’s ability to crack online encryption, which defenders of the agency say is necessary to monitor potential terrorists’ communications.
While the government has been able to crack the defenses used by services such as Skype and Facebook as well as the common “https” online connections — as opposed to the more familiar "http" addresses — it has a much more difficult time with more advanced programs well known to privacy advocates.
According to one Snowden document, as of 2012, agents had “major” problems tracking users on the Tor network, which encrypts and relays data all around the Web. The Off-the-Record (OTR) protocol for encrypting instant messages also caused significant problems for the agency, as did the Pretty Good Privacy (PGP) email encryption program, which is decades old and relatively common among security proponents.
Combining multiple protections can create a “catastrophic” lack of information for the NSA, the documents state.
Privacy advocates and supporters of strong online protections say the NSA’s attempts to crack all encryption expose the entire globe to spying and attacks from hackers.
Flaws in systems such as the Advanced Encryption Standard, which an arm of the Commerce Department explicitly recommends as a way to protect people’s data, is “far too dangerous to keep secret,” American Civil Liberties Union principal technologist Chris Soghoian tweeted.
The NSA defended the actions as legal and necessary to track people trying to harm the U.S.
“Terrorists, weapons proliferators, and other foreign targets often rely on the same means of communication as ordinary people,” spokeswoman Vanee Vines said in a statement shared with The Hill.
Snowden’s revelations about the NSA’s ability to crack many online communications have prompted major technology companies to employ new digital protections, in order to regain users’ trust. Google and Yahoo, for instance, have announced plans to strengthen their email encryption tools in order to skirt the NSA’s surveillance.
The Snowden documents seem to indicate that the agency has a harder time cracking encryption methods developed out in the open, however, by academics and open-source hackers, rather than by private companies.