The U.S. National Security Agency has broken much of the encryption used to protect emails, bank transactions, medical records and most other forms of sensitive information on the Internet, the New York Times, ProPublica and the Guardian jointly reported.
According to documents leaked to the Guardian by former NSA contractor Edward Snowden, the agency began partnering with technology companies in the early 2000s to gain backdoor access to encrypted information.
Meanwhile, the agency invested billions of dollars in what the Times described as “custom built,” “super fast” computers to break encryption algorithms.
In one 2010 memo from the NSA to the U.K. Government Communications Headquarters, the agency apparently wrote: “For the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies…Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
As reported by the Guardian earlier this summer, the NSA and the GCHQ have for years share intelligence with one another.
For at least three years, the Times wrote, the GCHQ has sought access to encrypted customer information at major tech companies like Google, Microsoft and Yahoo. Documents leaked by Snowden indicate that in 2012 the GCHQ was granted some degree of that access to Google.
Until the Guardian and the Times reported this story, only a small number of analysts at the top of the intelligence communities in the U.S., U.K., New Zealand, Canada, and Australia knew about the NSA’s backdoor access. “In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,” the agency wrote in one document. “It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.”
This latest leak is the first since the Guardian announced its plan to partner with the Times in reporting on certain Snowden stories. The two major papers–along with ProPublica–are now combing through some 50,000 of the secret intelligence documents.
The NSA asked the papers not to publish the story, fearing it would prompt enemies to switch to stronger encryption systems.
The NSA’s concern highlights the fundamental risk the agency has taken by systematically sewing backdoor loopholes in the Internet’s security systems: “[W]hen you build a back door into systems, you’re not the only one to exploit it,” Johns Hopkins University cryptographer Matthew D. Green told the Times. “Those back doors could work against U.S. communications, too.
Illustration by Jason Reed