October 15, 2015 | By Andrew Crocker

Research Shows How NSA Exploits Flaws to Decrypt Huge Amounts of Communications Instead of Securing the Internet

According to an award-winning paper presented at a security conference earlier this week by a group of prominent cryptographers, the NSA has likely used its access to vast computing power as well as weaknesses in the commonly used TLS security protocol in order to spy on encrypted communications, including VPNs, HTTPS and SSH. As two of the researchers, Alex Halderman and Nadia Heninger explained, it was previously known that the NSA had reached a “breakthrough” allowing these capabilities. The paper represents a major contribution to public understanding by drawing a link between the NSA’s computing resources and previously known cryptographic weaknesses.

For readers interested in more detail, EFF published a two-part explainer when the paper was first published in May: Part I and Part II. As we said then, the vulnerabilities described in the paper demonstrate an example of why it is a terrible idea to intentionally weaken cryptography. In this case, weaker “export grade” encryption standards mandated in the 90’s permit attackers to man-in-the-middle many “secure” connections. And in an even more concerning revelation, it appears that when the NSA encountered stronger ciphersuites, it used its nearly blank check budget to bring vast amounts of computing power to bear on passively decrypting intercepted communications. According to reports, the NSA brought this decryption capability online sometime before 2012. In both cases, the government has chosen to sit on and potentially exploit weaknesses in communications tools used by the whole world rather than fix the vulnerabilities, according to a policy that the government still claims is partially classified.

Weaknesses like those described in the paper demonstrate why it’s not enough for the U.S. government to give up on laws introducing backdoors into encrypted communications. We need a statement from President Obama endorsing uncompromised, strongest-available encryption to protect all users. You can take action by asking him to do that at SaveCrypto.org

Take Action


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Fair use would be a boon for Australia, but big content industries are doing their best to block it. https://www.eff.org/deeplinks... #fairuseweek

Feb 21 @ 9:06am

This Wed 2/22 join EFF's @sheeyahshee at @PrototypePrime outside Atlanta to discuss surveillance and resistance https://www.eff.org/event/eff...

Feb 21 @ 6:19am

In Xilinx ruling, Federal Circuit suggests trolls still able to drag you to their distant lairs. https://www.eff.org/deeplinks...

Feb 17 @ 3:14pm
JavaScript license information