Rob here with Patriot Privacy and the Self-Reliance Institute.
The other day I sent an Alert headlined “The NSA Document Dump.”
I wanted you to be aware that the National Security Agency had released thousands of documents on Christmas Eve. And, based on the huge amount of email I received in response to that Alert, it’s clear many of you remain concerned about what the NSA has been doing when it comes to spying on American citizens.
Since the Christmas Eve document dump, a number of privacy and security journalists have been methodically working their way through the materials. I’ve been keeping up with the published reports and I want to bring two of the reports (along with an index) to your attention – especially because we’ve discussed privacy/encryption/security programs and web services a good bit over the last several years.
The first report, “New Documents Reveal What Security Measures the NSA Can and Can’t Crack,” is very brief but important. If you only have time to check out one of the three items I am sharing, make it this one.
In the report, the author gives a quick overview of what web security measures the NSA has cracked and what they’ve had difficulty cracking.
Here’s the most important section:
“[The NSA documents] reveal that the NSA along with other agencies operating under the Five Eyes alliance—the secret services of Britain, Canada, Australia, New Zealand, and the United States—routinely circumvent secure Hypertext Transfer Protocol (HTTPS) connections, which is used to protect financial transactions, webmail accounts, and other user-specific features online. In fact, the documents show that by late 2012, the NSA had been planning to crack up to 10 million HTTPS connections a day.
“The encryption measures of other services have also been compromised by intelligence services. These include Skype, which since 2011 has been under order of the U.S. Foreign Intelligence Surveillance Court to make its data available to the NSA; and VPNs, which use largely insecure Point-to-Point Tunneling Protocol (PPTP) and Internet Protocol Security (Ipsec) connections.
“But the NSA and its counterparts have not been entirely successful in their efforts. In fact, they have encountered “major problems” with cracking the encryption measures of the anonymizing service Tor. They have also struggled to decrypt email messages encoded by ZoHo, TrueCrypt, and PGP.”
A word of caution. As the author notes, just because the NSA has struggled with some encrypted services, it doesn’t mean that they haven’t succeeded at times.
But here’s my takeaway.
For the overwhelming majority of us – who want to keep our communications as private as possible from crooks and snoops other than the NSA – Tor, ZoHo, TrueCrypt, and PGP remain very effective services.
Look at it this way. If the NSA has difficulty cracking those services, no one else stands much of a chance.
OK. Here’s the Index I mentioned above.
It’s called “NSA Documents: Attacks on VPN, SSL, TLS, SSH, Tor” and it provides links to many of the raw documents used to examine what success the NSA has had in cracking various privacy/encryption/security programs and web services. It’s a ton of material, but there’s the link if you want to look at some of the released NSA documents in raw form.
Finally, the second report I wanted to bring to your attention is “Prying Eyes: Inside the NSA’s War on Internet Security.” The report by Der Spiegel is a more detailed and fascinating read about what privacy/encryption/security programs and web services remain viable and what services the NSA has cracked.
The report’s overview states:
“U.S. and British intelligence agencies undertake every effort imaginable to crack all types of encrypted Internet communication. The cloud, it seems, is full of holes. The good news: New Snowden documents show that some forms of encryption still cause problems for the NSA.”
If you have the time, I think you’ll find it an eye-opening and worthwhile read.
If you like, shoot me an email at [email protected] and let me know what you think of these reports.
But, bottom line, it’s good to know that there are still privacy/encryption/security programs and web services that provide the protection we can use to stop most – if not all – prying eyes.
Be safe, secure and free!
Rob Douglas – Former Washington DC Private Detective
Freedom Writers Publishing
1815 Central Park Dr. #358
Steamboat Springs, CO 80487