April 24, 2014

avatar

Is the NSA keeping your encrypted traffic forever?

Much has been written recently about the NSA’s program to systematically defeat the encryption methods used on the internet and in other communications technologies – Project Bullrun, in the parlance of our times. We’ve learned that the NSA can read significant quantities of encrypted traffic on the web, from mobile phone networks, and on virtual private networks, which companies use to connect remote employees or offices to their corporate networks over the public Internet. Knowing this leaves me with a question: if the NSA captures and decrypts an enciphered message, how are the spoils to be handled? Does an encrypted e-mail or web session between people within the United States enjoy the same protections as an unencrypted e-mail between the same people?

The surprising answer appears to be that encrypted messages get less protection!

Consider the NSA’s procedures for “minimizing” (that is, deleting or redacting) information that the NSA obtains about U.S. persons when targeting non-U.S. persons. In this document, which leaked earlier in the summer, we learn about all sorts of ways the NSA can hold onto domestic communications without a warrant or court order, if they’re found in the course of targeting foreign communications. The NSA is supposed to delete all domestic communications immediately, with some specific exceptions. In particular, in the NSA’s minimization procedures, we find that “In the context of a cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis” (Page 5, Bullet 3(a); emphasis added).

So the NSA can keep information, even about Americans, if it is “subject to … cryptanalysis.” What does this mean? A close read of the document suggests two possible interpretations.

In the first interpretation, this authority might exist to support the human process of learning how to break a cryptosystem. That is, if a researcher at the NSA wants to keep some encrypted material to learn how to decipher it, then that’s allowed, even if the decrypted message turns out to be from an American. That’s the narrowest possible interpretation of the language, anyway.

The second interpretation, which the EFF, among others, argued is the more natural one, reads it as allowing the NSA to keep arbitrary domestic encrypted communications. As it’s written, it appears to allow (and even to require) the NSA to keep encrypted data for a very long time.

This is remarkable—if the NSA can keep encrypted messages without a warrant even if they’re purely domestic, and if the NSA can really decrypt a substantial fraction of encrypted messages, then encryption actually improves the NSA’s ability to retain and read your traffic! Indeed, it would appear that encrypting your e-mail, browsing over SSL, and doing lots of other “privacy conscious” things might well make Americans’ data more available for NSA analysis, not less!

So can the NSA keep your online banking session for longer than they can keep your call records? Or can they keep the fact that you read this blog post (over HTTPS, if you read it on the original site) longer than they can keep the fact that you read a silly listicle on BuzzFeed (over HTTP)? It appears they can.

Does that mean you should despair and uninstall HTTPS Everywhere? Probably not — after all, an ounce of prevention is worth a pound of FISA warrants (er, that’s the proverb, right?). We don’t yet know exactly which crypto the NSA can defeat and what leaves them stymied. But what we do know is that what initially appeared to be a small loophole in the NSA’s minimization procedures might turn out to be the legal authority to spy on almost any (encrypted) domestic communication.

Comments

  1. Rob says:

    I read that slightly differently, even less charitably.

    reasonably believed to contain secret meaning,

    In the name of “public safety”, you have to assume that there’s steganographic techniques that we don’t know yet. Therefore, all the mail has to be retained to look for it. That fits in with all the ways they’ve been using reasonable.

    • paul says:

      Yep. Probably not all the mail though. Just the mail of anyone who has a connection who has a connection who has a connection who might be related to something the NSA wants to look at.

  2. BanFrenchRoast says:

    Encryption does not increase the ability of the NSA to read stored traffic just because it retains it longer. There are a few Enigma codes for WW II that still haven’t been broken. There are no shortage of ones from the Cold War.

    Before everyone freaks out, the scary people doing this are not the NSA. Generally the NSA doesn’t give a rats behind about you. But the same technology enables hundreds and thousands of corporations to store and “data mine” everything you do. Google does automatic content and sentiment analysis on each and every piece of gmail. Believe me if you try unionize Google or seriously advocate taxation on their tax evading international operations, they will know. Don’t expected they won’t retaliate or mess with every credit and other deputation rating you have. If not them, then your “at will employer” or your school or your insurance company. Your church can buy this stuff if they want. Might just be good for increasing contributions. Don’t ever think of running for office against these people – they have it all. None of us are perfect and they know it.

  3. Zane says:

    I found out about the NSA’s secret programs at the beginning of Summer 2013, this raises lots of interesting questions. My questions are:

    1. Is the NSA contributing to the rise of a Big Brother police state because the NSA has all of your information, and can seize your information without a warrant?
    2. Is the NSA a necessary evil to protect the American people from terrorism or is it a continuation of the federal government’s efforts to control the internet?
    3. What is the best way to abolish the NSA’s surveillance programs? Should abolishing the NSA’s surveillance programs happen through legislation or through direct action?
    4. How should encrypted messages get more protection?
    5. To avoid NSA surveillance, what is the best way to avoid being spied on? Should citizens stop using the Internet as a means to protest the NSA?

  4. Smoke4423 says:

    I am Josh Williams and I am a junior at Guilford College. From just reading the blog post, I was a little confused. “BanFrenchRoast” put things in prospective for me. In recent classes here, we have discussed privacy and it limitations. From listening to you guys’ conversation back and forth, I don’t see any hostility in the words of these comments. In other words, I may be wrong, but I see that you guys accept that people have the access to view internet activity and the only thing stoping them is a loosely interpreted term of “Encryption”.

    I will speak for my classmates when saying, as I find out the things people in high places have access to do, I feel less independent as a thinker. The way we think can be controlled or persuaded with things we use everyday. For example television.

    I guess what I’m getting at is that the idea of privacy has changed for me personally when I start to learn more about the life that I actually live. How do you guys’, as adults, feel about your privacy? Do you feel that your privacy is limited as well?