In one of the more remarkable and alarming revelations to come from the documents leaked to the press by Edward Snowden, a joint report from The New York Times, ProPublica, and The Guardian suggests that the NSA works with internet companies to add vulnerabilities to secure network traffic — and may be able to broadly decrypt online communications.
A less technical summary: the government has apparently introduced and/or pried open the online security systems that ensure privacy online. For privacy advocates, this is the worst-case scenario, which may be in part why The Times reports that the government asked they not publish the report. (The partner organizations "removed some specific facts.")
The topline, via The Times:
The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.
There appear to be two ways in which the agency (and its British corollary, GCHQ) have been able to do this. The first is by partnering with internet companies. The Guardian indicates that the GCHQ has "been working to develop ways into encrypted traffic on the 'big four' service providers, named as Hotmail, Google, Yahoo and Facebook." The Times picks up on that: "the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which 'actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs' to make them 'exploitable.'"
The second — and more alarming way — is by ensuring that international standards for encryption allow the intelligence agencies some (undescribed) pathway allowing decryption of traffic. From ProPublica:
Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.
Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”
“Eventually, N.S.A. became the sole editor,” the memo says.
When we note that the manner in which the decryption works is "undescribed," that prohibition extends beyond just the reporters on these stories. According to The Guardian, agency analysts "were instructed: 'Do not ask about or speculate on sources or methods underpinning Bullrun.'" "Bullrun" refers to that decryption tool — and is apparently a reference to the site of two battles during the American Civil War.
Section of a slide from the GCHQ.
Only a "limited group of top analysts" knows how the decryption works, but when British analysts were told about the NSA's systems, they were "gobsmacked" — in the NSA's words. That followed some undescribed 2010 breakthrough, referred to in the slide at left, which allowed greatly expanded monitoring of "secure" traffic.
Purposely introducing flaws into encryption technologies, if that's what has been done, does not mean that only the NSA and GCHQ would be able to take advantage of those loopholes. It allows the agencies to access secure socket layered communications (SSL) and virtual private networks (VPNs) — but it could conceivably allow any other person sufficiently adept at hacking into that encryption as well.
The NSA, tasked with protecting the American people, does mention the effect of these security gateways on the citizenry, according to a document quoted by The Guardian. Referring to its commercial partnerships, the NSA writes: "These design changes make the systems in question exploitable through Sigint collection … with foreknowledge of the modification. To the consumer and other adversaries, however, the systems' security remains intact."