Story highlights
NEW: This is the most important leak to date from Edward Snowden, an analyst says
Reports: NSA and GCHQ have cracked much of the encryption protecting online data
The agencies have secret partnerships with technology companies, the reports say
The encryption safeguards data including e-mails, banking systems and medical records
The U.S. National Security Agency has secretly succeeded in breaking much of the encryption that keeps people’s personal data safe online, according to reports by The New York Times, The Guardian and ProPublica.
The reports, produced in partnership and published Thursday, are the latest to emerge based on documents leaked by former NSA contractor Edward Snowden to Britain’s Guardian newspaper.
According to the reports, the NSA, alongside its UK equivalent, Government Communications Headquarters, better known as GCHQ, has been able to unscramble much of the encoding that protects everything from personal e-mails to banking systems, medical records and Internet chats.
The agencies’ methods include the use of supercomputers to crack codes, covert measures to introduce weaknesses into encryption standards and behind-doors collaboration with technology companies and Internet service providers themselves.
“Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software,” The Guardian says.
The Guardian cites a 2010 GCHQ memo that it says describes a briefing on NSA accomplishments given to GCHQ employees.
“For the past decade, NSA has lead (sic) an aggressive, multi-pronged effort to break widely used Internet encryption technologies,” the memo reportedly says. “Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
A second memo is quoted as saying that when the British analysts, who often work alongside NSA officers, were first told about the program, “those not already briefed were gobsmacked.”
Another document states that GCHQ has been working to find ways into the encrypted data sent via four big Internet firms, Google, Yahoo, Facebook and Microsoft’s Hotmail, the reports claim.
GCHQ told CNN it had no comment on The Guardian report.
The reports claim that the NSA worked to develop more covert ways of unscrambling online data after losing a public battle in the 1990s to insert a government “back door” into all programming.
‘Foundation of web security’
Computer security expert Mikko Hypponen believes the revelation is the most important leak to date from Snowden.
“It may not have gained as many headlines as some of his other stories, because most people don’t understand how crypto systems work. If indeed U.S intelligence does indeed have such a wide range of systems, then I’m surprised,” he told CNN.
Crypto encryption is relevant to everyday applications that everyone uses, for example in communications and transactions, he said. “Now we learn that the foundation of web security has been compromised.”
Hypponen, the chief research officer for F-Secure, said he believes the NSA and GCHQ had probably cracked the encryption by placing moles in key companies at key locations. “Any major service provider must have sizable amounts of moles from intelligence agencies. Remember that the NSA has 35,000 people working for it,” he said.
“The ordinary user should not be worried by these revelations – it’s obvious that intelligence agencies are not interested in hacking financial transactions – but they should be outraged.”
He suggested those outside the United States should be the most concerned.
“How many U.S. politicians use French cloud-services? Almost none. But how many French politicians use U.S. cloud services? All of them,” he said. “Remember that 96% of the planet’s inhabitants are foreigners to the United States, so it’s wrong that the U.S. has a legal right to access foreign communications.”
Public concern
The scope of hidden U.S. surveillance programs has been brought to public light through leaks to media outlets by Snowden, who fled the United States and is now in Russia under temporary asylum. He faces espionage charges.
The revelations have led many Americans, according to polls, to harbor skepticism about the NSA programs. They’ve also generated concern in Congress as well as from privacy groups and libertarians.
Last month, President Barack Obama sought to allay people’s unease over the work of the intelligence agency in an interview with CNN “New Day” anchor Chris Cuomo.
Obama said he was confident no one at the NSA is “trying to abuse this program or listen in on people’s e-mail.” The president chalked much of the concern with domestic snooping on changes in technology.
“I think there are legitimate concerns that people have that technology is moving so quick,” Obama said. “What I recognize is that we’re going to have to continue to improve the safeguards and as technology moves forward, that means that we may be able to build technologies that give people more assurance.”
CNN’s Bharati Naik contributed to this report.