Spooks break most Internet crypto, but how?
Thursday's revelation that US and British intelligence agencies are able to decode most Internet traffic was a transforming moment for many, akin to getting definitive proof of intelligent extraterrestrial life. It fundamentally changed the assumptions that many of us have about the tools hundreds of millions of people rely on to shield their most private information from prying eyes. And it challenged the trust placed in the people who build and provide those tools.
But the reporting from the New York Times, ProPublica, and The Guardian was short on technical details about exactly how cryptographic technologies such as virtual private networks and the secure sockets layer (SSL) and transport layer security (TLS) protocols are bypassed. As stated recently by Edward Snowden, the former National Security Agency (NSA) contractor who leaked highly classified documents leading to the reports, "Encryption works. Properly implemented strong crypto systems are one of the few things you can rely on." How is it, then, that agents from the NSA and its British counterpart known as the Government Communications Headquarters (GCHQ) are reportedly able to bypass the crypto protections provided by Internet companies including Google, Facebook, Microsoft, and Yahoo?