We now have pretty good algorithms to encrypt our online communications. It is true that given sufficient time and computer power, some of those encryption systems can be broken but (at least as I understand it) the de-encryption has to be done separately for each individual case. This inconvenience clearly must be an irritant to those in the NSA who want to be able to more easily scoop up all telecommunication information, despite having probably the most powerful computers in the world and an army of people to do this work.
So the NSA has decided that given the almost unlimited coercive powers assumed by them in the ‘war on terror’, why go to all that trouble? Thanks to reader Marcus Ranum, I read this article that says the NSA has simply demanded that the telecommunication companies hand over their encryption master keys to them. As Declan McCullagh writes:
The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users’ private Web communications from eavesdropping.
These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users.
If the government obtains a company’s master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act. Web encryption — which often appears in a browser with a HTTPS lock icon when enabled — uses a technique called SSL, or Secure Sockets Layer.
“The government is definitely demanding SSL keys from providers,” said one person who has responded to government attempts to obtain encryption keys. The source spoke with CNET on condition of anonymity.
But that is not all. In another article, McCullagh says that the government is also demanding that major internet companies hand over their users’ stored passwords because password and other encryption is becoming more sophisticated.
The U.S. government has demanded that major Internet companies divulge users’ stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.
Some of the government orders demand not only a user’s password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.
For all those still opposed to what Edward Snowden did, please realize that it is only because of his sacrifice and courage that we have this growing snowball of revelations.