Published on October 28th, 2013 | by The Town Crier0
Technology – Big Brother is reading your emails
There are plenty of works of fiction based on the efforts of our intelligence agencies breaking the encryption of enemy communications. In his novel, Enigma, Robert Harris writes about the efforts of WWII code breakers at BletchleyPark which eventually led to the allies winning the war. Dan Brown hypothesises a staggeringly powerful super computer that can decode thousands of encrypted emails per hour in his book, Digital Fortress. But recent disclosures by US whistle blower, Edward Norton, reveal that truth may be stranger than fiction.
In a recent set of leaks published in several national newspapers, Norton claims that both America’s National Security Agency (NSA) and the UK’s GCHQ routinely crack the encryption programs that protect email transmissions, online banking and internet shopping. You might think that this is no great cause for concern; after all, if the security services cannot crack communications from terrorists and other threats, how can they keep us safe? However, there is a more disturbing side to the story.
The traditional way to crack codes or break encryption systems is to use what is known as brute force, literally to keep trying different combinations until you find the one that unlocks the code. Modern super computers are so powerful that they can try millions of different combinations in a fraction of a second. The NSA has spent literally billions of dollars trying to do just this in a programme called Bullrun. But with 128 bit encryption now the commercial standard (there are over 300 billion trillion possible combinations with 128 bit encryption) it can take even a supercomputer several hours to crack just one email. So, for the past decade or so, the NSA in particular has been working hard to find other ways to access information that is encrypted. Part of this involves using legitimate court orders, for instance instructing a bank to provide details of transactions on a suspect account. But the NSA goes much further than that.
Norton claims that the NSA has persuaded several of the software companies that develop encryption systems to create “back doors” in their software. He stops short of saying who the particular software companies are; perhaps because he didn’t know. A back door is a built in vulnerability that allows anyone who knows where it is and how to open it to unlock the encryption without having to resort to brute force. It is not clear how the software developers were persuaded to cooperate; possibly the NSA cited national security concerns or they maybe even recruited developers working within the companies. RSA, a business that develops encryption algorithms that are then used by other software companies in their own encryption software, has recently withdrawn one of its main products because it discovered a back door had been built into it. Senior managers had no idea that the back door was there which suggests the NSA had recruited a “spy” within the business.
There is a major problem with this; it is not just code breakers from the intelligence services who can make use of these back doors. Any hacker that discovers them can use them not just to decode emails but to break into internet bank accounts and access online shopping transactions. If the NSA is recruiting (and presumably paying) developers within the encryption software industry, what is to stop those same developers selling on that information to the highest bidder? The best hackers in the world tend not to work for the security services; they either work for themselves or for criminal gangs. Many top hackers have an anarchistic mindset and are against big business and the establishment; hence the rise of hacker groups such as Lulzsec.
The NSA has subverted the encryption industry in the interests of national security and their fight against terrorism. In so doing, they have created a whole raft of separate problems that affect the very people that they are trying to protect.