NSA Foils Internet Encryption ⇥ nytimes.com
Remember how you were going to work around the nastiness of the NSA spying programs by encrypting the stuff you put online? Tough shit, as reported by the New York Times:
Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.
HTTPS? SSH? VPN? VoIP? SSL? All cracked wide open. Doesn’t that make you feel more secure, and help you sleep at night?
As I’ve said before, I understand the perceived need to try to get out ahead of those who are trying to do grave danger to a country. By investing so heavily into intercepting and decrypting the communications of average Americans and all internet traffic that passes through the United States, the NSA has stepped into the contemporary signal cracking arena. But is a wartime agency built to crack enemy signals still necessary in 2013? Terrorists don’t use Skype, and the signal-to-noise ratio of capturing this much data can’t be great.
If you’re extremely concerned and/or paranoid, security analyst extraordinaire Bruce Schneier has put together a short list of countermeasures against NSA tapping. Perhaps most important is his third bullet-point:
Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn’t. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it’s pretty good.
You’re probably not a target. That’s not to say that you shouldn’t be at all concerned, but it would take a great deal of work for the NSA to start targeting anyone who has ever used Limewire or BitTorrent. The paradox of them collecting so much data and being as invasive as they are is that they have to be extremely particular in how they comb through all that they have collected.