In a joint report, based on documents obtained by The Guardian, three publications, the New York Times (NYT), The Guardian, and ProPublica, are reporting the following "news:"
The NSA has secretly and successfully worked to break many types of encryption, the widely used technology that is supposed to make it impossible to read intercepted communications.
Referring to the NSA's efforts, a 2010 British document stated: "Vast amounts of encrypted Internet data are now exploitable." Another related British memo said: "Those not already briefed were gobsmacked!"
The NSA has worked with American and foreign tech companies to introduce weaknesses into commercial encryption products, allowing backdoor access to data that users believe is secure.
The NSA has deliberately weakened the international encryption standards adopted by developers around the globe.
Before I dive into the details, let me point out that much of this “news” isn't really news. Since it was founded in 1952, the NSA's job has been to intercept communications and break encryption. It's the organization's job. Only the most naïve would be surprised that the NSA has successfully broken "many kinds of encryption" and that this government agency has used any means it could to do so.
As for the technical specifics, the reports are don't give us enough detail to spell out what security standards and products were actually broken. One major breakthrough seems to have occurred in 2010 when the United Kingdom's Government Communications Headquarters, (GCHQ) reported that the NSA “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
Does that mean SSL, which is used by almost every "secure" Web site on the planet, itself has been broken? Maybe. Maybe not.
The groups report that the NSA has been working hard on breaking the encryption in universal use in the US, including SSL, virtual private networks (VPNs), and 4G smartphones. What these have in common is their use of 256-bit AES for encryption.
The other "news" is that the NSA and GCHQ have been looking for ways to access the protected traffic of the most popular Internet companies: Google, Yahoo, Facebook, and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems. What these may be is still unknown.
And it's not just Google. The story also re-reported that Microsoft had "handed the NSA access to encrypted messages." Microsoft, according to the report, provided more than simply access to encrypted messages. The company is said to have also given the NSA access to "Outlook e-mail, Skype Internet phone calls and chats, and to SkyDrive, the company’s cloud storage service."
Eventually--and it may take years--we'll find out what's really going on with our Internet security standards, privacy, and government surveillance. For now, we keep getting more hints that the NSA does indeed have high level access to both security technologies and to the companies that sell and operate them.