The NSA Is Reading All the Stuff You Think You've "Encrypted"

It's now a given that the NSA works to grab data from sites like Facebook—but what about the stuff that's explicitly private, the websites guaranteed to be protected and secure? The New York Times reports that American spies have been decoding our scrambled online acts for years.

Aside from data-siphoning programs like PRISM and on-demand requests for personal profiles, the basic technology that prevents someone from eavesdropping on your internet banking or password-protected emails is compromised—that little padlock icon you see in your web browser, smashed to virtual bits. The report, based on more documents furnished by Edward Snowden (and perhaps part of the cache carried by Glenn Greenwald's partner), say a secret US initiative called "Bullrun" (and a British counterpart named "Edgehill") obviate any need for backdoor access to our online data:

Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL, virtual private networks, or VPNs, and the protection used on fourth generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network.

There's no need for a backdoor when the NSA is just standing casually in the front. With basic security precautions pushed out of the way, an enormous bulk of all online communication is completely naked—it might as well be printed out.

Even the spies behind the spying are amazed by the potential of this decryption, says the Times:

When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, “those not already briefed were gobsmacked!”

The potential is of course one that sprawls way beyond military and terrorist threats—this isn't some weaponize decryption, it's the same stuff you use on Gmail or Bank of America. It's mainstream. It's pedestrian. And entire concept of internet privacy is built atop encryption techniques that no one has the keys to—certainly not court-evading bogeymen in Virginia and beyond.

Photo: AP