+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

REPORT: NSA Asks For Encryption Keys That Could Allow It To 'Live On The Network'

Jul 26, 2013, 22:54 IST

kyle_b_thomas via FlickrGovernment surveillance requests have reportedly gone as far demanding master encryption keys, from technology companies, Declan McCullagh of CNET reports.

Advertisement

Encryption keys are so important to government agencies as they would allow agents to decrypt intercepted communications internally, rather than request bits and pieces of decrypted information from private tech companies.

"The government is definitely demanding SSL keys from providers," a source who has responded to government attempts told McCullagh, adding that acquiescing would be illegal.

Anonymous sources also tell McCullagh that government entities have also made requests for passwords, yet companies have resisted those requests by saying the government would be effectively "acting" as a particular individual.

Those same companies — Apple, Microsoft, Yahoo, AOL, Verizon, AT&T, Time Warner Cable, and Comcast — "declined to respond to queries about whether they would divulge encryption keys to government agencies," writes McCullagh.

Advertisement

A series of revelations from NSA leaker Edward Snowden about overarching government surveillance programs — both foreign and domestically targeted — eventually led to a Glenn Greenwald article in the Guardian about so-called "pre-encryption" access to emails. Greenwald writes that companies like Microsoft aided intelligence analysts in "circumventing" encryption, though Greenwald offered no clear definition of what "pre-encryption" or "circumvent" mean in this context.

The reason McCullagh's distinction of government requests for actual "encryption keys" (algorithms that create encrypted messages) changes the entire NSA surveillance ball game.

As noted in our previous reporting, AT&T and Verizon have both been implicated in allowing the NSA to tap into their communications traffic.

In a report about the NSA's mission for the 21st Century, the agency notes: "The volumes of routing of data make indexing and processing nuggets of intelligence information more difficult. To perform both its offensive and defensive mission, NSA must 'live on the network.'"

This is not the same as collecting metadata. Directly tapping into the two companies that provide 90 percent of America's communications is literally like collecting all communications data — content, location, contacts, pictures, words, etc.

Advertisement

That's scary enough, but as McCullagh notes, many companies, big and small, use something called SSL to encrypt their (and your) communications.

Encryption keys could be used to decrypt vast swaths of domestic communications — including all the past encrypted communications which leaked document show they save in massive data centers.

Though at least some of these companies admit they've resisted encryption key requests. In the same breath, they've begged the government to allow them more leeway in disclosing how much they give to America's intelligence apparatus.

"I believe the government is beating up on the little guys," an encryption source told McCullagh. "The government's view is that anything we can think of, we can compel you to do."

The view isn't so concrete though, and so far some of these companies seem to have balked at the requests. Still, agencies like the NSA can keep up the pressure, and the question of the legality of these requests will invariably come into play.

Advertisement

"That's an unanswered question," Jennifer Granick, director of civil liberties at Stanford University's Center for Internet and Society, told McCullagh. "We don't know whether you can be compelled to do that or not."

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article