Nearly three years ago, one of the National Security Agency’s most pernicious practices was made public through reports compiled based on information obtained by whistleblower Edward Snowden. Glenn Greenwald was one of several journalists to help reveal a $250 million per year program that worked to weaken the encryption standards created by U.S. companies.
This week, Greenwald took this matter a step further and revealed a portion of the report, a collaborative effort of The Guardian, The New York Times, and ProPublica, which was kept secret at the time.
“In support of the reporting, all three papers published redacted portions of documents from the NSA along with its British counterpart, GCHQ. Prior to publication of the story, the NSA vehemently argued that any reporting of any kind on this program would jeopardize national security by alerting terrorists to the fact that encryption products had been successfully compromised. After the stories were published, U.S. officials aggressively attacked the newspapers for endangering national security and helping terrorists with these revelations.”
Greenwald went on to explain that there was a level of compromise reached when this report was first released in 2013. “None of the documents in the Snowden archive identify all or even most of the encryption standards that had been targeted,” wrote Greenwald. “There was a concern that if an attempt were made to identify one or two of them, it could mislead the public into believing that the others were safe.”
Greenwald also noted that some of the editors working on the 2013 report were concerned that identifying specific encryption standards would help terrorists, alerting them to which ones they should stop using. Here’s the New York Times redaction that followed:
To the untrained eye, this document is virtually impossible to interpret. But many in the tech universe wondered if an unredacted version would reveal which encryption standards had been compromised; a big deal for the U.S based companies who guarantee security for sensitive records to their clients and are being hurt by this NSA practice.
Again, to the untrained eye this says very little. But as Greenwald explained, “the reference to ‘the two leading encryption chips’ provides some hints, but no definitive proof, as to which ones were successfully targeted.” Matthew Green, a cryptography expert at Johns Hopkins who spoke to Greenwald about this matter said he couldn’t speculate about which encryption standards the NSA had broken through. But what he did say speaks volumes about the harm the NSA has done to American companies.
“The damage has already been done,” explained Green. From what I’ve heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That’s too bad, because I suspect only a minority of products have been compromised this way.”
As Rudy Takala noted at The Washington Examiner, “The revelation comes as several U.S. lawmakers push to openly prohibit U.S. companies from offering products with strong encryption. Sens. Dianne Feinstein, D-Calif., and Richard Burr, R-N.C., have said they hope to see legislation to that effect this year.”
If Feinstein and Burr get their way, expect U.S. tech companies to further suffer the consequences of government’s inability to allow private, legitimate uses of encryption. Instead of seeking a balance that both combats terrorism and protects American commerce, the government has effectively thrown the latter out the window; the tragic result of its refusal to respect constitutional limits.