WASHINGTON — The National Security Agency, working with the British government, has secretly been unraveling encryption technology that billions of Internet users rely upon to keep their electronic messages and confidential data safe from prying eyes, according to published reports Thursday based on internal U.S. government documents.
The NSA has bypassed or altogether cracked much of the digital encryption used by businesses and everyday Web users, according to reports in The New York Times, Britain’s Guardian newspaper and the nonprofit news website ProPublica. The reports describe how the NSA invested billions of dollars since 2000 to make nearly everyone’s secrets available for government consumption.
In doing so, the NSA built powerful supercomputers to break encryption codes and partnered with unnamed technology companies to insert “back doors” into their software, the reports said. Such a practice would give the government access to users’ digital information before it was encrypted and sent over the Internet.
“For the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” according to a 2010 briefing document about the NSA’s accomplishments meant for its UK counterpart, Government Communications Headquarters, or GCHQ. Security experts told the news organizations such a code-breaking practice would ultimately undermine Internet security and leave everyday Web users vulnerable to hackers.
The revelations stem from documents leaked by former NSA contractor Edward Snowden, who sought asylum in Russia this summer. His leaks, first published by the Guardian, revealed a massive effort by the U.S. government to collect and analyze all sorts of digital data that Americans send at home and around the world.
Those revelations prompted a renewed debate in the United States about the proper balance between civil liberties and keeping the country safe from terrorists. President Barack Obama said he welcomed the debate and called it “healthy for our democracy” but meanwhile criticized the leaks; the Justice Department charged Snowden under the federal Espionage Act.
Thursday’s reports detailed how some of the NSA’s “most intensive efforts” focused on Secure Sockets Layer, a type of encryption widely used on the Web by online retailers and corporate networks to secure their Internet traffic. One document said GCHQ had been trying for years to exploit traffic from popular companies like Google, Yahoo, Microsoft and Facebook.
GCHQ, they said, developed “new access opportunities” into Google’s computers by 2012 but said the newly released documents didn’t elaborate on how extensive the project was or the type of data it accessed.
Even though the latest document disclosures suggest the NSA is able to compromise many encryption programs, Snowden himself touted using encryption software when he first surfaced with his media revelations in June.
During a Web chat organized by the Guardian on June 17, Snowden told one questioner “encryption works.” He said “properly implemented strong crypto systems” were reliable, but he alluded to the NSA’s capability to crack tough encryption systems.