According to The Guardian, The New York Times and ProPublica, the campaign by the NSA to crack Internet security has gotten so advanced that they may have cracked encryption. Of course, given that just about everything that has come out in the media about the NSA – aside from the documents that the NSA never wanted to have leaked – has been only somewhat true or completely false, it’s hard to take this information at face value. Nonetheless, it is disturbing.
Encryption: The Final Frontier
Currently, given that it’s well established that the NSA has been spying on people’s Internet traffic, many people are relying on encryption, such as that provided by VPN connections or SSL connections, to safeguard their privacy online. According to the reporting, the NSA has managed to crack the encryption, allowing them to monitor social networking sites, software manufacturer sites and other sites. The process, according to the reporting, alleges that the NSA has put backdoors into security software to make this possible.
Mathematically, it is as close to as impossible as anything can be to break the encryption that a VPN connection using a protocol such as L2TP or OpenVPN uses to keep information secure in real time. The example generally used to describe exactly how difficult this would be is that, in reality, it would take all of the computers in the world working together at once longer than the total age of the entire universe to break encryption at random. The idea that backdoors have been inserted into some security software, however, is troubling.
As the ProPublica reporting notes, the NSA had wanted to insert its own backdoor into all encryption in the 1990s but wasn’t allowed to do so. Given the agency’s reputation for having little or no regard for the restrictions placed upon them, it would arguably not be too surprising if they had gone ahead and done so on their own without permission or the legal authority to even do so.
Whenever one is dealing with information from intelligence agencies, it’s important to keep in mind that disinformation has always played a role in espionage. It is conceivable that the NSA simply wants people to believe that encryption is not secure and, therefore, that it’s not worth using it, opening up all of their data for the NSA to analyze however they want. There is also been no demonstration of this ability to break encryption. While there have been demonstrations of older encryption protocols being broken – most notably PPTP, there have been no demonstrations that any of the more modern and secure forms of encryption can be broken and, in fact, the NSA may just be lying about this, as well.