According to information published in Tech Week Europe, XKeyscore, one of the tools used by the NSA to spy on Internet traffic, might be able to get through VPN services and allow the NSA to access traffic information. The XKeyscore tool has been at the heart of much of the controversy surrounding the NSA spying programs.
Cracking the Code
According to some of what Edward Snowden, the man who leaked information about the NSA spying activities, said, it seems to indicate that the NSA can get around VPN encryption. Snowden had also said that encryption works, but there does seem to be information that shows that the NSA has ways of getting into encrypted communications.
According to the article, a slide in the presentation that was leaked shows that the NSA either exploits or takes advantage of exploited machines in certain nations. That allows it to get the traffic data from those machines and, using an IP address, they can get information from that traffic.
The article also indicates that the NSA collects a massive amount of data. According to the information, there were 41 billion records collected in 30-days during 2012. Some of the information is only held for 24 hours, according to the NSA’s own documents, but metadata may be kept for 30 days.
XKeyscore is credited by the NSA for capturing 300 terrorists. This claim appeared on one of the slides, as well.
The NSA maintains that it is not collecting data in any unchecked way. The organization claims in the article that they gather the information lawfully.
The information from Snowden also indicates that it is very easy for intelligence agents to use this system. One need only enter an IP address, an email address or even a Facebook login to get information on someone who is being watched. That information can include everything from website cookies to telephone numbers.
VPN encryption does protect against many forms of privacy invasion, but there is always a competition of sorts going on between those who create privacy tools and those who seek to subvert those privacy tools. Right now, it is widely known that PPTP encryption is not secure, but L2TP and OpenVPN is generally believed to be safe. The endpoints where the VPN servers exist, however, always have to be considered. Some experts recommend getting services or using servers in nations that are not friendly to US law enforcement, such as Russia and Panama.