NSA Has Cracked Much Of The World's Computer Encryption
ROBERT SIEGEL, HOST:
From NPR News, this is ALL THINGS CONSIDERED. I'm Robert Siegel. The computer encryption that keeps your email, online bank transactions and electronic medical records private is no obstacle for government spies - that revelation today from "The Guardian" newspaper, "The New York Times" and ProPublica. They report that the National Security Agency has cracked much of the code used by technology companies and in some cases, they don't even have to crack it.
The NSA has worked with tech companies to create back doors, allowing the government access in cyberspace. The reporting is based in part on documents leaked by former government contractor Edward Snowden. Stuart Millar edited the story published in "The Guardian" today, and joins us now. Welcome to the program.
STUART MILLAR: Thank you for having me.
SIEGEL: And first, you're saying the NSA and its counterpart in the U.K. have easy access to nearly everyone's electronic communications. Is that right?
MILLAR: Well, what we've been able to establish from the documents is that over the last 13 years or so, there has been a massive effort in both the U.S. and the U.K. to circumvent, crack, and in other ways undermine all the major encryption codes, and the documents show that they've achieved considerable success in that and now can access vast amounts, to use their terms, of encrypted data that's passing across the world's communications.
SIEGEL: Is there anything that we know is invulnerable to the NSA or the British GCHQ?
MILLAR: Well, what we think - from the documents - is that a lot of the commercial encryption software that's out there may have been compromised, either by the traditional code-breaking techniques of the NSA and hacking or through, as you mentioned, collaboration with the companies themselves. So the advice would really be to focus on open-source software that people use for encryption. That is much harder for the NSA to insert vulnerabilities into.
SIEGEL: Now, your reporting details the use of super computers to break encryption, and this would be considered computerized brute force. What do you mean by that?
MILLAR: Exactly. So that's almost like this sort of traditional means by which they would crack codes, and that's something that the NSA has led the world on, and then that's where they just get massively powerful computers to churn through number sequences until they hit the right sequence of numbers that unlocks the encryption. The sort of disturbing thing about the latest revelations is how much they don't necessarily need to do that anymore.
They use hacking to steal passwords. They insert vulnerabilities into the software themselves, either directly with the companies or by influencing the encryption standards that are agreed on a world level to underpin encryption. So actually, from the documents, it seems to tell us that this traditional brute force code-breaking has become much less important to them, and that's perhaps a testament to the fact that encryption has actually become more powerful and is harder to crack in that way.
SIEGEL: Here's a statement from the office of the director of National Intelligence today. It says: It should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries' use of encryption. And then later, it says: Anything that these disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we're using to try to intercept communications.
MILLAR: Well, the first thing I would say to that is that in the documents, the NSA and GCHQ includes Internet users, ordinary consumers, as adversaries. It's not, as they call them, bad guys who are just being scooped up in this. It is hundreds of millions of Internet users worldwide, in the U.S. and beyond. This is not targeted. And we listened to the national security concerns that were aired to us by the administration as did The New York Times and ProPublica.
And we all came to the same conclusion that the public interest concerns that millions of people have their private data undermined deliberately by the U.S. and British intelligence agencies outweighed any marginal advantage that might give to, you know, another bad guy.
SIEGEL: Mr. Millar, thank you very much for talking with us.
MILLAR: It's been a pleasure. Thank you.
SIEGEL: That's Stuart Millar, who is deputy editor of "The Guardian" newspaper. He's based in New York City.