Skip to main content

NSA and GCHQ able to break majority of Internet encryption and security

The NSA and GCHQ are able to break the majority of the world's online encryption through a combination of partnerships with Internet companies, influencing encryption standards and "brute force" exerted via supercomputers.

Top secret documents leaked to the Guardian by Edward Snowden, further reveal the extent to which Internet companies work with the intelligence agencies to allow their customer's private data to be accessed by the US and UK state.

Many of the supposedly secure and encrypted services used to protect private information, including email, medical records and online banking, which are marketed as secure by Internet firms, are in fact open to the agencies through backdoors that have been placed in the encryptions, to allow GCHQ and the NSA to access to the data.

This system has allowed GCHQ to break the encryption of much of the world's communications it collects through the Tempora programme, which plugs straight into fibre optic cables that run through the UK.

"For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used Internet encryption technologies," a 2010 GCHQ document reads. "Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable."

The NSA spends a quarter of a billion dollars (£160.5 million) on the anti-encryption programme alone, dwarfing the $20 million (£13 million) a year spent on PRISM, the data collection programme.

As part of the project, the NSA has been able to greatly influence the international standard on which encryptions rely, allowing the agency to introduce weaknesses that can be used to gain access.

The "sole editor" of the US National Institute of Standards and Technology, approved for global use in 2006, was "eventually" the NSA, the documents reveal.

A 2012 update names the big four companies which the NSA works with, as Microsoft, Google, Yahoo and Facebook, and says that the agencies "continue to work on understanding" the firm's systems, adding "work has predominantly been focused this quarter on Google due to new access opportunities being developed".

Accepting the fallout that a leak could have, one document stated: "Knowledge that GCHQ exploits these products and the scale of our capability would raise public awareness generating unwelcome publicity for us and our political masters."

The documents also reveal that GCHQ is "responsible for identifying, recruiting and running covert agents in the global telecommunications industry...This enables GCHQ to tackle some of its most challenging targets".