The documents highlight the NSA’s fears about encryption, the mathematical formulas used to shield online communications from spying. Though the documents are two years old, experts think it unlikely that much has changed.
Eyes Online
“Twenty years ago,” the documents read, “the fact that communications were encrypted meant they were very likely to contain foreign intelligence, because only governments or other important targets had the resources to purchase or develop and implement encrypted communications.”
Today, however, encryption is a far more common tool on the Internet. Online banking and shopping are all done through at least some level of encryption, and the NSA views this as “a threat.”
It is the job of the Five Eyes intelligence service – the allied secret services of Britain, Canada, Australia, New Zealand, and the United States – to crack encryption codes across the globe. The NSA alone is allocated $34.3 million for a Cryptanalysis and Exploitation Services department.
Once these encryptions are broken, the NSA can collect data from sources previously thought private. Skype, for example, used by 300 million people, has been monitored by the NSA for years.
“Sustained Skype collection began in Feb 2011,” the document reads.
While Microsoft promised to ensure consumer privacy when they bought the company in 2011, the U.S. Foreign Service Intelligence Surveillance Court has ordered Skype to provide user information to the NSA.
The documents also reveal that the NSA has the ability to track a document’s path through the Internet, monitor Facebook chats, and decrypt some emails, though these are considered low priorities for the agency.
Hypertext Transfer Protocol, the familiar https acronym that precedes almost every website viewed online, is meant to be a sign of security, but the NSA routinely intercepts millions of these connections daily. The documents show that the Five Eyes are especially interested in intercepting users’ passwords.
Virtual Privacy Networks (VPN), previously thought to be secure connections between two remote points on the Internet, often used by companies with multiple branches, can also be breached by the NSA. These include VPN’s used by the Greek government, which the documents prove the NSA has access to.
Where to Seek Shelter in the Digital Storm
While many Internet users lack the know-how or confidence to use strong spy-proof encryptions, there are still codes the NSA has yet to crack.
One service the NSA has “major” difficulty monitoring is the email provider Zoho. It also struggles to track members of the free, open source Internet browsing software known as Tor. Tor, also known as The Onion Router, connects users through a network of 6,000 computers that encrypt data so that no single computer contains all of an individual’s information.
Encrypting programs Truecrypt and Off-the-Record also give the NSA serious trouble, largely because of their open source format. Because the code can be viewed and modified by any user, it becomes harder for intelligence agencies to insert monitoring codes – as they have with closed source systems like Apple and Microsoft – without being noticed.
Still, these methods alone don’t guarantee a user’s total privacy. What really gives the NSA pause are users that utilize a combination of Tor, the instant messaging system CSpace, and an Internet cell phone encryption system called ZRTP, used in open source programs RedPhone and Signal.
While the documents may provide a moment of relief for privacy advocates, they also show the extent to which the NSA and other allied intelligence agencies are currently working to undermine any semblance of Internet confidentiality.
