N.S.A. Gathers Data on Social Connections of U.S. Citizens. The NSA's Secret Campaign to Crack, Undermine Internet Encryption. The National Security Agency headquarters at Fort Meade, Md., in January 2010.
(Saul Loeb/AFP/Getty Images Sept. 6: This story has been updated with a response from the Office of the Director of National Intelligence [2]. N.S.A. Able to Foil Basic Safeguards of Privacy on Web. Revealed: How US and UK spy agencies defeat internet privacy and security. US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.
The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments. The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – "the use of ubiquitous encryption across the internet".
But security experts accused them of attacking the internet itself and the privacy of all users. U.S. spy agencies mounted 231 offensive cyber-operations in 2011, documents show. Additionally, under an extensive effort code-named GENIE, U.S. computer specialists break into foreign networks so that they can be put under surreptitious U.S. control.
Budget documents say the $652 million project has placed “covert implants,” sophisticated malware transmitted from far away, in computers, routers and firewalls on tens of thousands of machines every year, with plans to expand those numbers into the millions. The documents provided by Snowden and interviews with former U.S. officials describe a campaign of computer intrusions that is far broader and more aggressive than previously understood.
The Obama administration treats all such cyber-operations as clandestine and declines to acknowledge them.