The NSA has been able to unscramble much of the encoding that keeps people's personal data safe online, reports say.
The NSA has been able to unscramble much of the encoding that keeps people's personal data safe online, reports say.
PAUL J. RICHARDS/AFP/Getty Images/File

Story highlights

NEW: This is the most important leak to date from Edward Snowden, an analyst says

Reports: NSA and GCHQ have cracked much of the encryption protecting online data

The agencies have secret partnerships with technology companies, the reports say

The encryption safeguards data including e-mails, banking systems and medical records

CNN  — 

The U.S. National Security Agency has secretly succeeded in breaking much of the encryption that keeps people’s personal data safe online, according to reports by The New York Times, The Guardian and ProPublica.

The reports, produced in partnership and published Thursday, are the latest to emerge based on documents leaked by former NSA contractor Edward Snowden to Britain’s Guardian newspaper.

According to the reports, the NSA, alongside its UK equivalent, Government Communications Headquarters, better known as GCHQ, has been able to unscramble much of the encoding that protects everything from personal e-mails to banking systems, medical records and Internet chats.

The agencies’ methods include the use of supercomputers to crack codes, covert measures to introduce weaknesses into encryption standards and behind-doors collaboration with technology companies and Internet service providers themselves.

“Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software,” The Guardian says.

John Walker supplied information to the Soviet Union while serving in the Navy for 20 years.
John Walker supplied information to the Soviet Union while serving in the Navy for 20 years.
USNI.ORG
gallery

Related gallery Sharing secrets: U.S. intelligence leaks

lok darlington brazil mexico us spying_00000719.jpg
lok darlington brazil mexico us spying_00000719.jpg
video

Related video Why are Brazil, Mexico angry with NSA?

Fort Meade, UNITED STATES: (FILES): This 25 January 2006 file photo shows the National Security Agency (NSA) in the Washington suburb of Fort Meade, Maryland, where US President George W. Bush delivered a speech behind closed doors and met with employees in advance of Senate hearings on the much-criticized domestic surveillance. The US National Security Agency has assembled the world's largest database of telephone records tracking the phone calls of tens of millions of AT and T, Verizon and BellSouth customers, sources familiar with the program told USA Today. In an article published 11 May 2006, the daily said the NSA launched the secret program in 2001, shortly after the 11 September 2001 attacks, to analyze calling patterns in a bid to detect terrorist activity. AFP PHOTO/FILES/Paul J. RICHARDS (Photo credit should read PAUL J. RICHARDS/AFP/Getty Images
Fort Meade, UNITED STATES: (FILES): This 25 January 2006 file photo shows the National Security Agency (NSA) in the Washington suburb of Fort Meade, Maryland, where US President George W. Bush delivered a speech behind closed doors and met with employees in advance of Senate hearings on the much-criticized domestic surveillance. The US National Security Agency has assembled the world's largest database of telephone records tracking the phone calls of tens of millions of AT and T, Verizon and BellSouth customers, sources familiar with the program told USA Today. In an article published 11 May 2006, the daily said the NSA launched the secret program in 2001, shortly after the 11 September 2001 attacks, to analyze calling patterns in a bid to detect terrorist activity. AFP PHOTO/FILES/Paul J. RICHARDS (Photo credit should read PAUL J. RICHARDS/AFP/Getty Images
PAUL J. RICHARDS/AFP/Getty Images/File
video

Related video NSA surveillance revelations

early lawrence nsa new info_00002408.jpg
early lawrence nsa new info_00002408.jpg
video

Related video NSA accused of illegal surveillance

The Guardian cites a 2010 GCHQ memo that it says describes a briefing on NSA accomplishments given to GCHQ employees.

“For the past decade, NSA has lead (sic) an aggressive, multi-pronged effort to break widely used Internet encryption technologies,” the memo reportedly says. “Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

A second memo is quoted as saying that when the British analysts, who often work alongside NSA officers, were first told about the program, “those not already briefed were gobsmacked.”

Another document states that GCHQ has been working to find ways into the encrypted data sent via four big Internet firms, Google, Yahoo, Facebook and Microsoft’s Hotmail, the reports claim.

GCHQ told CNN it had no comment on The Guardian report.

The reports claim that the NSA worked to develop more covert ways of unscrambling online data after losing a public battle in the 1990s to insert a government “back door” into all programming.

‘Foundation of web security’

Computer security expert Mikko Hypponen believes the revelation is the most important leak to date from Snowden.

“It may not have gained as many headlines as some of his other stories, because most people don’t understand how crypto systems work. If indeed U.S intelligence does indeed have such a wide range of systems, then I’m surprised,” he told CNN.

Crypto encryption is relevant to everyday applications that everyone uses, for example in communications and transactions, he said. “Now we learn that the foundation of web security has been compromised.”

Hypponen, the chief research officer for F-Secure, said he believes the NSA and GCHQ had probably cracked the encryption by placing moles in key companies at key locations. “Any major service provider must have sizable amounts of moles from intelligence agencies. Remember that the NSA has 35,000 people working for it,” he said.

“The ordinary user should not be worried by these revelations – it’s obvious that intelligence agencies are not interested in hacking financial transactions – but they should be outraged.”

He suggested those outside the United States should be the most concerned.

“How many U.S. politicians use French cloud-services? Almost none. But how many French politicians use U.S. cloud services? All of them,” he said. “Remember that 96% of the planet’s inhabitants are foreigners to the United States, so it’s wrong that the U.S. has a legal right to access foreign communications.”

Public concern

The scope of hidden U.S. surveillance programs has been brought to public light through leaks to media outlets by Snowden, who fled the United States and is now in Russia under temporary asylum. He faces espionage charges.

The revelations have led many Americans, according to polls, to harbor skepticism about the NSA programs. They’ve also generated concern in Congress as well as from privacy groups and libertarians.

Last month, President Barack Obama sought to allay people’s unease over the work of the intelligence agency in an interview with CNN “New Day” anchor Chris Cuomo.

Obama said he was confident no one at the NSA is “trying to abuse this program or listen in on people’s e-mail.” The president chalked much of the concern with domestic snooping on changes in technology.

“I think there are legitimate concerns that people have that technology is moving so quick,” Obama said. “What I recognize is that we’re going to have to continue to improve the safeguards and as technology moves forward, that means that we may be able to build technologies that give people more assurance.”

CNN’s Bharati Naik contributed to this report.