A few weeks ago, over at The Washington Spectator, I wrote a post on the NSA, which mentioned its historical–and historic–struggles with the pioneers of encryption:
[W]hen the NSA got wind of academic research on cryptography, its agents approached those working on such research and “suggested” that all such research be vetted by the NSA. Roughly, the NSA’s instructions to encryption researchers were: keep us apprised of what you are doing and run it by us for clearance before you release it to other academics.
It might have been the first time that a powerful covert government agency had suggested that academic research be controlled and monitored in this fashion: the NSA wanted nothing less than a monopoly on cryptography research. Given the NSA’s resistance to encryption reaching the masses, it’s a miracle we have it facilitating e-commerce today.
…[T]he NSA [and] the FBI…became more aggressive in attempting to prosecute those who made encryption software public.
For instance, the 1991 release of PGP (Pretty Good Privacy), a data encryption tool by developer Phil Zimmerman, was regarded as the “export” of a deadly weapon. It triggered a criminal investigation and ultimately failed prosecution of Zimmermann.
…We should not imagine that because the battle to bring encryption and privacy to the masses was won in the past that all future battles will be.
And today, I awoke to read this:
The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.
….Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.
The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products.
This is perhaps the most stunning revelation to have come from Edward Snowden yet. Privacy advocates have always suggested the use of encryption as a privacy-enhancing tool; these revelations show the NSA is winning the battle against it as well.
The NSA has now marked itself out as a truly distinctive agency: one that will stop at no measure–legal or not–to achieve its goals of complete surveillance. The almost perfectly asymmetrical relationship with secrecy that it has demanded and often, successfully created, has been one of its most astonishing achievements. This latest effort shows just how far it is willing to go.
Thus far, I’ve only read two news reports on Bullrun, the NSA’s anti-encryption program; I hope to write more on it once I’ve had a chance to read more about its details.
One thought on “The NSA’s Bullrun Around Encryption”
I think the was not stunning, or surprising, especially because we don’t know what level/types of encryption have been defeated. Especially after the Clipper chip, it should not be surprising that the NSA spent tons of money to break encryption, and likely succeeded for some of it. I have a colleague who spent a year in China that is certain her encrypted VPN was cracked by the Chinese. For better or worse, none of this is surprising.