Matthias Balk/picture-alliance/dpa/AP Photo
The agency has fulfilled a decades-long quest to break the encryption of
e-mail, online purchases, electronic medical records and other Web
activities, the New York Times, the U.K.’s Guardian and ProPublica
reported yesterday.
Disclosures that the U.S. National Security Agency can
crack codes protecting the online traffic of the world’s largest
Internet companies will inflict more damage than earlier reports of
complicity in government spying, according to technology and
intelligence specialists.
Sept. 6 (Bloomberg) -- Full
episiode of "Bloomberg West." Guests: Veracode VP of Research Chris Eng,
CGV Capital Partner’s Glenn Solomon and Bloomberg's Allan Holmes,
Stephen Engle, Willem Marx and Nela Richardson. (Source: Bloomberg)
The agency has fulfilled a
decades-long quest to break the encryption of e-mail, online purchases,
electronic medical records and other Web activities, the
New York Times,
the U.K.’s Guardian and ProPublica reported yesterday. The NSA also has
been given access to -- or found ways to enter -- databases of major
U.S. Internet companies operating the most popular e-mail and
social-media platforms, the news organizations reported.
The
reports, based on documents from former intelligence contractor Edward
Snowden, emerged amid an expanding debate over whether NSA surveillance
activities undermine civil liberties. The revelations raise fresh
questions about the security of data held by companies including
Google Inc. (GOOG),
Facebook Inc. (FB) and
Microsoft Corp. (MSFT) just as more commerce shifts online.
“This
is a fundamental attack on how the Internet works,” Joseph Lorenzo
Hall, senior staff technologist at the Washington-based policy group
Center for Democracy & Technology, said in an interview. “Secure
communications technologies are the backbone of e-commerce” including
the transfer of medical records and financial exchanges.
“People in business will either not engage in those activities, or find other ways,” Hall said.
Snowden Revelations
The
reports in the Guardian, the Times and the non-profit ProPublica news
website said that NSA spends more than $250 million a year on a program
working with technology companies to “covertly influence” product
designs. The reports didn’t name the companies cooperating with the NSA
and didn’t describe the extent to which the agency was using its
code-breaking capability on the Internet.
The classified
documents are the latest that Snowden has exposed revealing previously
secret NSA programs. The 30-year-old former employee of government
contractor
Booz Allen Hamilton Holding Corp. (BAH) faces espionage charges in the U.S. and is in Russia under temporary asylum.
President
Barack Obama’s
administration has been coping with increasing public backlash over
U.S. spying activities since top-secret documents leaked by Snowden
began emerging in June. Foreign governments, including Brazil and
Germany, have objected to U.S. surveillance and spying operations.
Obama Remarks
Brazilian authorities canceled a trip to
Washington
this week to prepare for President Dilma Rousseff’s state visit in
October to protest allegations the U.S. spied on communications between
officials in Latin America’s largest economy.
Obama told reporters at a news conference today in St. Petersburg,
Russia,
that “what we do is similar to what countries around the world do with
their intelligence services.” He said that he had met with Rousseff and
Mexican President Enrique Pena Nieto during the G-20 summit to “discuss
the allegations made in the press about NSA.”
The U.S. president
also said that the nation should review the spy programs to determine if
they should continue. “The nature of technology and the legitimate
concerns around privacy and civil liberties means that it’s important
for us, on the front end, to say, all right, are we actually going to
get useful information here,” he said. “And if not, or how useful is it,
if it’s not that important, should we be more constrained in how we use
certain technical capabilities.”
Lost Business
U.S.
companies that are “household names” gave the NSA access to all
communications, said Cedric Leighton, a former Air Force intelligence
officer and a former NSA training director. Companies gave easy access
to NSA because their managers believed it was necessary and they trusted
that the government agency wouldn’t do anything wrong, Leighton said.
“But this takes the cake,” he said. “This has done a lot of damage to our ability to collect intelligence.”
Even
before the latest reports, U.S. technology companies offering network
infrastructure services such as cloud computing and popular
social-networking applications were facing the prospect of losing
business overseas.
Industry groups sounded alarm at the
revelations. “This is a tragic case of myopia on the part of the NSA,
and the surveillance infrastructure throughout the government,” said
Ed Black,
president of the Computer & Communications Industry Association, a
Washington trade group, in a statement today. “By secretly embedding
weaknesses into encryption systems in order to create a ’back door’ for
surveillance access, the NSA creates a road map for similar
cyber-incursions by others with less noble intentions.”
‘Hugely Disappointing’
Companies
offering cloud services -- in which businesses pay a third party to
provide databases, storage and computing power -- may lose as much as
$35 billion by 2016 as foreign companies avoid U.S. solutions because of
the fear the NSA may have access to the data, according to a
study released last month by the Information Technology & Innovation Foundation.
“This
is a hugely disappointing revelation,” Daniel Castro, author of the
Washington-based group’s study, said in an e-mail. “This most recent
news will certainly contribute to the perception that U.S. Internet
companies cannot be trusted.”
Michael Birmingham, a spokesman for
the Office of the Director of National Intelligence, which oversees
U.S. intelligence agencies, declined to comment on the reports.
“Anything
that yesterday’s disclosures add to the ongoing public debate is
outweighed by the road map they give to our adversaries about the
specific techniques we are using to try to intercept their
communications in our attempts to keep America and our allies safe,”
according to a
statement posted to the national intelligence office’s website today.
More Legal Protection
Obama
and officials from intelligence agencies have defended the NSA’s
surveillance programs as essential to thwarting possible terrorist
attacks. U.S. officials have told lawmakers that the programs are legal
and subject to oversight by a federal court and members of Congress.
Sixty-six
percent of U.S. Internet users polled believe current laws aren’t good
enough to protect people’s privacy online, according to a survey
released yesterday by the Pew Research Center. That compared with 24
percent who believe current laws provide reasonable protections, Pew
said. The July 11-14 telephone survey of 792 Internet users has a margin
of error of plus or minus 3.8 percentage points.
Obama Measures
Amid
increasing public unease over the surveillance programs, Obama said
Aug. 9 he would ask Congress to change the section of the Patriot Act
allowing collection of telephone records, to increase oversight and
transparency.
The president also said he’ll propose a legal
advocate to serve as an adversary when spy agencies make requests in the
secret sessions of the Foreign Intelligence Surveillance Court, which
vets requests for electronic eavesdropping. Last week, he met for the
first time with a panel he requested to review U.S. surveillance
initiatives.
Leslie Miller, spokeswoman for Google, said in an
e-mail that the company doesn’t “provide any government, including the
U.S. government,” access to its systems.
“As for recent reports
that the U.S. government has found ways to circumvent our security
systems, we have no evidence of any such thing ever occurring,” Miller
said. “We provide user data to governments only in accordance with the
law.”
‘Legally Obligated’
Microsoft provides the U.S.
government information when “legally obligated to comply with demands,”
according to a July 15 blog post by Brad Smith, general counsel for the
Redmond, Washington-based company. “To be clear, we do not provide any
government with the ability to break the encryption, nor do we provide
the government with the encryption keys.”
Smith’s comments apply to yesterday’s reports, said Dominic Carr, a spokesman for Microsoft.
“We
are unaware of and do not participate in such an effort, and if it
exists, it offers substantial potential for abuse,” Suzanne Philion,
spokeswoman for Sunnyvale, California-based
Yahoo! Inc. (YHOO),
said in an e-mail today. “Yahoo zealously defends our users’ privacy
and responds to government requests for data only after considering
every applicable objection and in accordance with the law.”
Facebook’s spokeswoman Sarah Feinberg didn’t respond to requests for comment.
Google, Microsoft,
Apple Inc. (AAPL)
and 19 other technology companies sent a letter in July to Obama and
congressional leaders urging that the companies be allowed to report
statistics concerning requests for user data received from intelligence
agencies.
To contact the reporter on this story: Allan Holmes in Washington at
aholmes25@bloomberg.net
To contact the editor responsible for this story: Bernard Kohn at
bkohn2@bloomberg.net
This week, Nucleus Research compiled an 
Promoted Comments