Friday, September 06, 2013

NSA has developed ways to get around almost any corporate or user encryption systems

The New York Times is reporting Friday morning that the NSA, working in conjunction with the British counterpart the GCHQ, has undermined “basic safeguards of privacy on (the) Web”, in a story by Nicole Periroth, Jeff Larson, and Scott Shane.  The print subheadline is “Supercomputers and guile subvert much encryption, documents reveal”, link here (paywall applies).  
The New York Times also says that it (along with ProPublica) was asked not to publish this story.  I’ve tweeted this fact, and I’m surprised I don’t see more about this from parties whom I follow yet, but I think I soon will. ProPublica gives its rationale for publishing here, and mentions "Minority Report" rationale where it imagines some day that the government could read people's minds or dreams or telepathic communications ("Dreamscape" or "Inception").  
The articles give long detailed technical discussions with illustrations of how the NSA “methods” (a java pun) work. 
Could the NSA (or FBI, etc) have read the “diary” on my own PC, where I log my dreams and fantasies, which I never post anywhere?  Probably.  I don’t think they would find it particularly interesting.  But there’s a hidden danger.  If someone ever tried to frame me for a crime, then the government’s ability to see such data could complicate matters.  More likely, it could spy on backup copies of the diary in the cloud (Carbonite).  No, I don’t think this has happened.  But you can see how it just might.

I see a more subtle danger with this.  If the NSA can ultimately undermine the security of the most restricted communications, such as those that run a nuclear power plant, then enemies of the US and the West or of specific entities in the West might be able to figure out how to do so.  That makes a scenario of a novel like Byron Dorgan’s “Gridlock” (reviewed on my Books blog yesterday) more plausible than I would normally think it could be.  It could also mean that it could be very difficult for a small business or person or organization to protect itself against a very determined attacker.  

No comments: