The NSA has broken much of the encryption that surrounds a variety of electronic communications around the globe, according to classified documents obtained from NSA leaker Edward Snowden by the Guardian and subsequently shared with the New York Times and ProPublica.
The Times says that some of the agency’s “most intensive efforts” have gone into defeating methods of encryption popular in the U.S., including virtual private networks and the security used on 4G smartphones.
In the 1990s, the agency fought for backdoor access to private encryption systems, but lost the legal battle and instead had to get past the protections in other ways: It built specialized computers to crack encryption, worked with technology companies to build entry points into their products or forced compliance via court order, and covertly introduced weaknesses into international encryption standards used by hardware and software developers. It’s compiled an internal database of encryption keys for specific commercial products, and even hacks into computers to read messages before they’ve been encrypted.
Only top-level analysts of the “Five Eyes,” the intelligence-sharing alliance between the NSA and its equivalents in Australia, Britain, Canada, and New Zealand, know the full extent of what the NSA does, but even some of them are surprised by the agency’s capabilities. According to one memo from Brtain’s Government Communications Headquarters, the NSA’s British counterpart, several of its analysts who’d not been briefed on the NSA’s abilities were “gobsmacked” when they learned what the NSA could do.
The NSA objected to the Times’ publishing the story because of concerns that its targets would switch encryption methods, but the paper went ahead anyway, citing “the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.” (The paper did remove “some specific facts,” though.)