Erstellt am: 6. 9. 2013 - 17:31 Uhr
The NSA cracking internet encryption?
New reports are alleging that the US National Security Agency and Britain's GCHQ have secretly been unravelling encryption technology intended to protect the confidential data of millions of internet users. Documents leaked by the former American intelligence analyst, Edward Snowden, have been published by the Guardian, the New York Times and the news website ProPublica. The encryption techniques are used by internet services such as Google, Facebook and Yahoo. Graham Cluley, a computer security expert and blogger, spoke with Reality Check’s Steve Crilley.
According to these latest revelations from Edward Snowden, we’re told that the NSA in America and GCGQ in the UK have been cracking encryption. How worried should we be about this?
I think it is pretty worrying. It’s not just that they’ve found a way of cracking the encryption (which is serious enough in itself since all of us who use the internet are using encryption every day). But it also appears they have been influencing encryption standards, making them deliberately weaker and covertly working with technology companies to introduce “backdoors” into their software. That’s bad news for everyone surely because if the authorities can break into encrypted communications for legal reasons, well that means that other people could potentially do so as well.
Why do you think internet companies would allow this. What’s their incentive?
Well I wonder if there was legal pressure to do this or, if we put our conspiracy hats on, whether there were big government contracts in their eyes as well.
How safe or secure does it make the whole internet feel?
It is a worry isn’t it? And of course, we’re all using encryption. Every time you buy something online, every time you are logging into your webmail, you are using encryption which it appears the NSA have had some success at hacking.
What kind of encryption are we talking about?
According to the leaked documents, (for example) a number of VPN (Virtual Private Network) software systems have been cracked, as have anonymizing proxys, SSL, TLS. And a whole host of technologies which are used to secure our information online potentially can be cracked.
Are they harvesting information and looking for unusual spikes and unusual activity (say transactions to Pakistan) and they would then look at another level of someone’s banking details?
What you may look at who is communicating with whom and when. Then, that begins to give you some sort of roadmap into who else you may want to investigate and explore further. Obviously there are individuals of interest to law enforcement who are using encryption and the authorities may wish to gather information about them and they may specifically target those individuals. But right now, I imagine there are a lot of people who are more nervous about using the internet. This may have been going on for some time and we simply don’t know just how much information is being gathered and how it could be being stored.
And what can we say as of today about privacy of information based on these latest revelations?
Well, although these revelations are quite shocking and disturbing, I think we shouldn’t turn our back entirely on encryption. Using encryption should make it more difficult for government and criminals to access our information so maybe we could re-assess the types of encryption we use as we gather more information about this. But we also need to start asking our governments what on earth they think they are doing and is the kind of intrusion into our privacy that is occurring right now, justified by the threat of terrorism?