JEFFREY BROWN: Next: new revelations about the government’s ability to crack through important Internet privacy safeguards.
Hari Sreenivasan has the story from our New York studio.
HARI SREENIVASAN: Like other surveillance stories in recent weeks, the government’s efforts have been led by the National Security Agency, or NSA. And like other disclosures, the latest information comes from documents provided by former NSA contractor Edward Snowden.
In this case, the reporting was done by a partnership of The New York Times, ProPublica and The Guardian. Reporters found the NSA is able to crack through encryption or protective encoding tools that are used by businesses, banks, social media and other kinds of online commerce.
For example, it’s often assumed that when you purchase a product online or bank online with a secured and locked HTTPS connection, you have protected your password and financial information. But the news reports say the NSA can unlock that information.
Nicole Perlroth is a cyber-security reporter with The New York Times. She joins us from San Francisco.
So, Nicole, how significant is this?
NICOLE PERLROTH, The New York Times: This is huge.
This was the last bastion of privacy on the Internet. And what we have discovered is that, for the last two decades, the NSA has been actively working to crack or circumvent the encryption technologies that we all use, not just for Internet banking and to protect medical records and electronic voting systems, but that we actually, as you pointed out, use for everyday Internet communications like e-mail or Internet chats, et cetera.
HARI SREENIVASAN: So, how does the NSA do this? We’re talking about a set of locks and keys that we think we have to protect the things. Do they have another set of keys or have they poked holes in the locks?
NICOLE PERLROTH: All of the above.
What we have learned is that there’s been a sustained multipronged effort to break or circumvent many of the encryption technologies that have been developed over the last two decades. So, in some cases, the NSA is using its power and influence as the world’s best code maker to set standards that only it knows how to break.
In other cases, it’s getting into servers and taking encryption keys. It’s using secret court orders, in some cases through its intermediaries, to grab encryption keys from private companies. And, in some cases, it’s working hand in hand with companies to embed itself into encryption chips that scramble information for much of the world’s businesses and governments or working with companies to build in custom solutions that give it pre-encrypted access to communications.
This has all been done in secret. So, as we point out in our article, two decades ago, we as a nation had a big conversation around the Clipper chip, which was the Clinton administration’s way of putting in a backdoor to all encryption technologies. And, as a nation, we decided that this was fundamentally unacceptable, that we wanted some things to remain secret.
And what we found out yesterday and what we said today in our article is that the NSA has gotten around that, effectively done the same thing in secret.
HARI SREENIVASAN: And what’s their justification? That they want to be able to pick the locks of communications from the bad guys?
NICOLE PERLROTH: Exactly, that their efforts depend on the ability to read terrorist communications, and to track where the money is going, and that the only way that they can do that is to break this encryption.
The problem is now it’s no longer targeted. So, during World War II, the U.K. and U.S. broke the encryption surrounding the Enigma machine, and that was hugely influential in determining the end of that war. The problem is now, it is not just the Enigma machine. It’s everyday communications. It’s U.S. technologies that basically assure their users that they can trust these companies that their communications are private. And what’s been happening is in the background the NSA has been finding ways inside.
HARI SREENIVASAN: So, have U.S. technologies been complicit in this? Have they been enabling the NSA with backdoor keys or access?
NICOLE PERLROTH: It’s difficult to say how much of this is voluntary and how much of it is coerced.
If you look at the documents that we got from Edward Snowden, there’s multiple mentions of cooperative partnerships and voluntary relationships, which would insinuate that the partnerships are voluntary. But then I spoke with a number of technology companies that said off the record that they were compelled by court order, and faced in some cases contempt of court, if they didn’t hand the government their encryption keys or build out these custom solutions.
And they’re not able to talk about this because they are under gag order or secret court orders forbid them from talking about exactly what these relationships look like.
HARI SREENIVASAN: And this sort of influence by government is something that we have accused Chinese companies of, putting in backdoors into American technologies.
NICOLE PERLROTH: That’s right.
What we found out is that all these accusations that American lawmakers have leveled against Huawei and ZTE in China, that basically American lawmakers accuse those companies of planting backdoors in their systems that would allow the PLA to spy on American corporations.
And what we have been finding out essentially in our report today is that the U.S. government has been doing the exact same thing. So, it definitely puts American lawmakers in a bind and it puts American companies in a bind in terms of their global market share. And it will be interesting to see what happens over the next coming months.
HARI SREENIVASAN: So your report tomorrow morning — in tomorrow morning’s paper is going to be about the reaction to all of this. How are government agencies or people that are in the technology community reacting?
NICOLE PERLROTH: Well, the NSA put out a statement today that effectively said that this was a huge setback for them, and that they didn’t believe that the story should have been published, that there was — that national security concerns outweighed the public’s need to know and debate about this topic.
Everyone else I have spoken with, however, is very glad that we made these disclosures. People in the cryptography community that thought they had won this war with encryption two decades ago are heartbroken. American companies are extremely frustrated that they continue to make assurances to their customers that their systems have not been breached or compromised and they are not handing the government their encryption keys, but I think the public no longer can trust those assurances anymore.
So I think what we’re seeing now is a fundamental lack of trust.
HARI SREENIVASAN: All right, Nicole Perlroth from The New York Times, thanks so much.
NICOLE PERLROTH: Thank you.