N.S.A. Foils Much Internet Encryption

N.Y. Times


N.Y. TIMES

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.

 

Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.

The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.

 

The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.

----

An intelligence budget document makes clear that the effort is still going strong. “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year.

In recent months, the documents disclosed by Mr. Snowden have described the N.S.A.’s reach in scooping up vast amounts of communications around the world. The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects.

The agency’s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans’ e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features.

 

The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission. If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say.

Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by leaders of Al Qaeda about a terrorist plot and of Syrian officials’ messages about the chemical weapons attack outside Damascus. If such communications can be hidden by unbreakable encryption, N.S.A. officials say, the agency cannot do its work.

 

Read more at the N.Y. TIMES

The NSA Is Losing The Benefit of the Doubt

RUTH MARCUS WASHINGTON POST

Footnote 14 should scare every American. Even the parts that aren’t blacked out.
The footnote is contained in the just-declassified 2011 opinion by U.S. District Judge John Bates, then the chief judge of the Foreign Intelligence Surveillance Court.

In the ruling, Bates found that the government had been sweeping up e-mails before receiving court approval in 2008 and, even after that, was illegally collecting “tens of thousands of wholly domestic communications.”
That’s not the really scary part. This is: “The court is troubled that the government’s revelations . . . mark the third instance in less than three years in which the government has disclosed a substantial misrepresentation regarding the scope of a major collection program,” Bates wrote in Footnote 14.

He cited a 2009 finding that the court’s approval of the National Security Agency’s telephone records program was premised on “a flawed depiction” of how the NSA uses metadata, a “misperception . . . buttressed by repeated inaccurate statements made in the government’s submissions, and despite a government-devised and Court-mandated oversight regime.
“Contrary to the government’s repeated assurances, NSA had been routinely running queries of the metadata using querying terms that did not meet the required standard for querying. The Court concluded that this requirement had been ‘so frequently and systemically violated that it can fairly be said that this critical element of the overall . . . regime has never functioned effectively.’ ”

Followed by two full paragraphs of redactions. We can only imagine what that episode entailed.


U.S. District Judge John Bates

To judge the significance of Bates’s footnote, it helps to know something about the judge. This is no wild-eyed liberal. Bates spent almost two decades in the U.S. Attorney’s Office in Washington. He served as deputy to independent counsel Kenneth Starr during the investigation of President Bill Clinton. He was named to the bench by President George W. Bush.
If Bates is worked up about being misled by the government — and the sober language of that footnote is the judicial version of a severe dressing-down — people should listen.

Security demands secrecy. The Constitution demands that secrecy be coupled with oversight. In theory, that oversight is twofold, from Congress and the judiciary, through the mechanism of the surveillance court.
In practice, oversight necessarily depends on some measure of good will from the overseen. No matter how well-intentioned and diligent the overseers, particularly in an area as technologically murky and politically fraught as surveillance, the intelligence experts tend to hold the cards.
Their deeply ingrained institutional bias is to reveal only what is absolutely necessary, to trust their secrets and secret methods to as few outsiders as possible. When that instinct for secrecy edges into a willingness to mislead, tacitly or explicitly, effective oversight collapses.


Sen. Ron Wyden          Dir of Nat'l Intelligence James Clapper


We have already seen this phenomenon on display before Congress, in the person of Director of National Intelligence James Clapper. In March, Sen. Ron Wyden asked Clapper whether the NSA collects “any type of data at all on millions or hundreds of millions of Americans.” Clapper’s answer, “No . . . not wittingly.”
This was, as Clapper acknowledged, “clearly erroneous.” His belated apology rings hollow. Clapper was not only forewarned about the question, he refused to correct his misrepresentation for months, until it was proved false.
-----
It is possible to construct a happier narrative. After all, Bates’s rebuke was prompted by the intelligence community’s own disclosures. The government then cleaned up its act, with court-approved procedures to minimize privacy invasions. Congress was informed of the program, the court’s problems with it and the fixes being made. The relevant documents were declassified and released (albeit in the face of a lawsuit). President Obama has proposed additional oversight mechanisms, such as building adversary procedures into the surveillance court.
These are hopeful signs, but they do not erase the ugly history: “repeated inaccurate statements” to the court, “clearly erroneous” congressional testimony. Current assurances, made under the duress of unauthorized disclosure, must be judged in light of past performance. An intelligence community consistently too cute by half ends up harming itself, along with the country it strives to protect.