When the level of NSA spying efforts began to become apparent thanks to the massive document leak by whistleblower Edward Snowden, encryption was touted as the solution. But as the agency’s ability to decrypt was exposed, the number of viable options has become smaller.
Encryption is often promoted as the be-all-end-all solution to all online security woes. We now know that it is unfortunately a flawed system that has been cracked for years.
For example, Skype was supposed to be unbreakable, thanks to the nature of the software. But the encryption was broken years ago, and all messages sent there are entirely open to collection and scrutiny.
Most email clients are easy to break, and any platform promising total privacy is either naive, or lying. Social networks are child’s play to access by the Five Eyes. Even browsers like Tor, while harder, are not unbreakable by a long shot.
It was starting to look like there was no encryption the agency couldn’t break. But a Snowden document has shown that isn’t so.
According to Spiegel Online, Truecrypt is still providing a major headache for the NSA, which can only decrypt some information with “extreme difficulty”. Instant messaging/texting services CSpace and ZRTP are apparently as close to private as can be found, with the NSA believed to have not yet cracked their way through the mathematical coding to see what lies beneath.
This information is two years old, and so there are some chances things could have changed. But anonymous experts cited by the German media outlet said that it was unlikely that this is the case.
What was most interesting (and alarming) about this report is not that the NSA can decrypt the majority of coding out there. It is that they are weaking cryptographic standards in the process.
As part of a top secret initiative, cryptographic processes are regularly tested and made vulnerable. But this is not just something that impacts their projects, but also the internet’s bottom line as far as security is concerned.
With weakening cryptographic standards and protections, anyone can take advantage of the vulnerabilities. Because it is weakened, people can find out about those vulnerabilities courtesy of the very agencies creating them. Which can then be exploited for anything from official information related to national security, to the financial details of a single citizen.
To say it is shockingly counter productive (and dangerous) would be a gross understatement.