Der Spiegel has released a new assortment of documents illustrating to what extent the NSA has succeeded in cracking a variety of web security measures.
The documents provide a number of revelations. First, they reveal that the NSA along with other agencies operating under the Five Eyes alliance—the secret services of Britain, Canada, Australia, New Zealand, and the United States—routinely circumvent secure Hypertext Transfer Protocol (HTTPS) connections, which is used to protect financial transactions, webmail accounts, and other user-specific features online. In fact, the documents show that by late 2012, the NSA had been planning to crack up to 10 million HTTPS connections a day.
The encryption measures of other services have also been compromised by intelligence services. These include Skype, which since 2011 has been under order of the U.S. Foreign Intelligence Surveillance Court to make its data available to the NSA; and VPNs, which use largely insecure Point-to-Point Tunneling Protocol (PPTP) and Internet Protocol Security (Ipsec) connections.
But the NSA and its counterparts have not been entirely successful in their efforts. In fact, they have encountered “major problems” with cracking the encryption measures of the anonymizing service Tor. They have also struggled to decrypt email messages encoded by ZoHo, TrueCrypt, and PGP.
The documents published by Der Spiegel are two years old, which has some worried that the NSA and other agencies have made progress in breaking the more problematic encryption standards in the past few years.
Many security experts therefore see the documents as evidence of the ongoing struggle between government surveillance programs and privacy advocates, not to mention the insufficiency of current cryptographic standards. Security researcher Jacob Appelbaum explains: “We thought that with cryptography we could change the entire balance. We can say now that the first crypto wars were not won. If anything they were lost, or they’re still going on now.”