General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsWorse Than PRISM: The NSA’s War Against Internet Encryption
By Arturo Garcia
Thursday, September 5, 2013 19:47 EDT
The National Security Agency (NSA) has compromised encryption software needed to ensure the privacy of Americans day-to-day Internet activity, in part through a breakthrough in 2010 allowing for the mining of data through Internet cable taps, as well as secret backdoor access into commercial encryption programs, according to joint reports by The Guardian, ProPublica and the New York Times on Thursday.
The reports, based on thousands of documents provided by former NSA contractor Edward Snowden, prompted immediate criticism from privacy advocate groups like the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU).
Backdoors make all of us less safe and make US companies less secure, which come at a great expense of the reliability of American companies companies which have been at the forefront of the tech sector, EFF policy analyst Mark M. Jaycox told The Raw Story via email on Thursday. When programs are less safe, customers will leave.
According to the reports, the program was highlighted in a 2010 memo by the NSAs British counterpart, Government Communications Headquarters (GCHQ), praising its aggressive, multipronged effort since 2000, when the NSA regrouped after losing the fight to openly install clipper chips in regular computers.
Cryptanalytic capabilities are now coming online, the GCHQ memo stated. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.
MORE...
http://www.rawstory.com/rs/2013/09/05/worse-than-prism-the-nsas-war-against-internet-encryption/
Thinkingabout
(30,058 posts)idwiyo
(5,113 posts)Mojorabbit
(16,020 posts)MotherPetrie
(3,145 posts)msanthrope
(37,549 posts)And here it is.
Do we have an expected delivery date on 'worse than whatever this is, this week?'
Uncle Joe
(58,355 posts)Thanks for the thread, Purveyor.
longship
(40,416 posts)So don't go there.
Strong encryption is designed to be not crackable except by brute force. And then cracking one message doesn't help to crack another.
And using long key lengths means there isn't enough computer horsepower in the solar system to crack it.
So, if you want privacy, use an open source (i.e., no back door possible) encryption client and use a long key length. The NSA may be able to track the e-mail but they cannot read it.
Strong encryption is still beyond even the NSA, or anybody else.
But I wouldn't expect they have many people at the Guardian (or the NYT) who understand the mathematical principles behind strong encryption.
Fumesucker
(45,851 posts)And then trust that the NSA hasn't put a back door in the compiler either.
longship
(40,416 posts)I use only Linux and open source code on my computers. If you think there's back doors on any of it, with all due respect, you are delusional.
Sheesh!
Ratty
(2,100 posts)Are the hints that they may have convinced some companies to put backdoors in hardware. Open source won't help you there. Can't compile your own CPU, network card, or encryption chip.