Privacy SOS

NSA documents suggest powerful intel agency is engaged in a civil war

The Guardian, the New York Times, and ProPublica today simultaneously published bombshell stories about the NSA's massive decryption efforts. Find links to all the stories and documents here.

Computer expert and privacy advocate Bruce Schneier, who helped Guardian reporters understand the documents, which were given to the paper by Edward Snowden, summed up the story nicely:

What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it's in. Period.

If the NSA wants to target you, good luck. You probably can't stop it. Where does that leave us, given that we know the government has a history of spying on people who are doing no wrong?

The government and its defenders never tire of repeating the refrain: "We must do this to protect you from terrorists. We don't spy on ordinary people. We are simply keeping you safe." And indeed, the NSA's official mission is to conduct foreign intelligence operations. But is that what the NSA does today?

One document released today, which describes the agency's decryption efforts, should put to rest the claim that the NSA is principally interested in foreign surveillance.

The Guardian reports:

The NSA's codeword for its decryption program, Bullrun, is taken from a major battle of the American civil war. Its British counterpart, Edgehill, is named after the first major engagement of the English civil war, more than 200 years earlier.
 
A classification guide for NSA employees and contractors on Bullrun outlines in broad terms its goals.
 
"Project Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies. Bullrun involves multiple sources, all of which are extremely sensitive." The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.
The document also shows that the NSA's Commercial Solutions Center, ostensibly the body through which technology companies can have their security products assessed and presented to prospective government buyers, has another, more clandestine role.
 
It is used by the NSA to "to leverage sensitive, co-operative relationships with specific industry partners" to insert vulnerabilities into security products. Operatives were warned that this information must be kept top secret "at a minimum".
 
A more general NSA classification guide reveals more detail on the agency's deep partnerships with industry, and its ability to modify products. It cautions analysts that two facts must remain top secret: that NSA makes modifications to commercial encryption software and devices "to make them exploitable", and that NSA "obtains cryptographic details of commercial cryptographic information security systems through industry relationships".
The NSA's Bullrun program works to insert vulnerabilities into the systems of so-called 'security products,' although we don't know which ones — even Edward Snowden didn't have clearance to access that information. Some "specific industry partners" help NSA modify commercial encryption software to give analysts backdoors into the contents of emails that users have gone to great lengths to secure. 
 
All of this wouldn't seem so dastardly if we didn't know about the NSA's long history of spying on antiwar activists and dissenters in the United States, including Joan Baez and Martin Luther King, Jr.
 
The NSA decryption program is named after the first major land battle in the United States Civil War. Why would the NSA name its decryption program after a Civil War battle if it wasn't mainly focused on decrypting United States communications? And why should we trust this organization at all? When is too much power too much?
 
Read more: 
See also:
Documents:

© 2021 ACLU of Massachusetts.