NSA’s espionage can aid dictatorships

At one point it looked like a number of totalitarian states and systems would succeed in closing the door that the internet had opened for freedom of speech. This was met by a new wave of “hacktivism” and software for activists. And with Edward Snowden's disclosures, attention is now turned to the surveillance activities of the NSA. IT journalist Linus Larsson clarifies the definition of terms such as Tor, NSA and PGP.

May 6 2014 Text: Linus Larsson Translation from Swedish: Christina Cullhed Photo: Gordon Andersson

Thanks to Edward Snowden’s revelations attention has been drawn to NSA’s espionage. Alongside this monitoring the intelligence services also direct attacks on Internet security itself. These attacks jeopardize the security of dissident activists and the diverse tools they use in order to protect their identities.

During these past nine months we have learnt more about what goes on behind the doors of the NSA than we have learnt during the agency’s previous sixty years of existence. One by one the creatively named programmes have been pulled into the light: PRISM, XKeyscore, and Muscular. Most of the attention has been shown pure surveillance—information as to how NSA can snoop around amongst our e-mail, or tap in on Angela Merkel’s cell phone.

The NSA seems to be governed by two main policies. The one is the very possibility to probe its digital tentacles far into the Internet companies’ and telephone operators’ systems and there to pluck out information at will. This is possible since the NSA has access to important computer centres and hubs on the Web, but also as a result of direct and active hacking procedures. NSA technicians or their allied technicians attack the systems using the same methods as used by criminal gangs in search of Internet banks or company secrets. Last autumn one such example of direct hacking was the revelation by Der Spiegel that NSA’s British counterpart, GCHQ, had hacked the partly Government-owned Belgium telecom operator Belgacom.

To phrase it drastically, the other NSA policy seems to be to sabotage Internet security. Amazingly, the NSA covertly collaborates with software companies in order to make it easier to circumvent the companies’ security systems. This may sound absurd but the leaked documents published by the Guardian inform us that the intelligence agency “actively engages US and foreign IT industries to covertly influence … their commercial products’ designs,” partly by managing to “insert vulnerabilities into commercial encryption systems.”

This information confirms that the NSA imports security vulnerabilities into systems that are used to protect sensitive communication. These are called back doors and function as such: they are short cuts into computers and systems for those who know where to look for them. If your ordinary work computer has a back door the person who has placed it there can login and read your files. If the back door has been placed with a big Internet operator the consequences can be hazardous—then it becomes possible to tap in on Internet traffic.

A scenario emerges of an omnipresent and pre-installed destruction of all kinds of security. The NSA must as far as possible secure that encryption and security measures are of sufficient bad quality so that intelligence officers can decode and circumvent them when they feel the need to.

The idea is of course that only the NSA should be able to use these back doors. The problem is that no such guarantees can be given. No one can promise that Chinese or Iranian intelligence agencies will not find the same security lapses. Or that criminal gangs, political groups, or anyone interested in eavesdropping on their adversaries will use them. The NSA is playing with high stakes indeed.

The project is huge to say the least with a budget of more than 250 million dollars annually, which has been revealed in leaked documents. However, very little is known as to which companies are involved in the secret collaboration.

The methods of undermining Internet security can risk having even more hazardous consequences than the actual eavesdropping that the government is doing. Of course, the NSA is known as the most knowledgeable intelligence service with the best resources for digital interception, but other countries are escalating their own capacity. China, for example, according to Amnesty International’s estimation, is believed to have 30,000-50,000 policemen employed just to work with Internet censorship.

It all becomes even more worrying the more oppositional groups within dictatorships set their trust in technical barriers and encryption in order to protect their own communication. There are many such examples.

Tor is a network that helps people to use the web anonymously. By encrypting digital traffic and allowing it to bounce around on the Internet in a complex structure before it reaches its recipient it becomes impossible to find out who the sender is. A film clip can be downloaded via Tor from one country to another without the possibility of the government in the sending country being able to determine where it came from. On top of this, Tor helps people in countries with harsh censorship practices to circumvent hindrances; for example, China’s massive blocking called the “Great Fire Wall of China.”

During the protests in Iran 2009, the so-called Green Revolution, the use of Tor escalated ten times during the first weeks of the protests. By connecting anonymously it became possible to send pictures, films, and text from the country, but also to read foreign reports about what was going on in the streets of Tehran. Still today Tor is perhaps the best example of how technology can be used to enhance the freedom of speech and to create possible avenues of communication in repressive states.

However, Tor finds itself in the NSA’s viewfinder. The fact that the agency has created several reports and has extensively studied this anonymizing network can in itself be seen as evidence that it actually works. “We will never be able to de-anonymize all Tor users all the time,” writes NSA in a leaked document, “but with manual analysis we can de-anonymize a very small fraction.”[1]

The NSA’s focus on Tor includes research on how the system can be attacked.[2] Several strategies are forwarded ranging from ways in which to outsmart the anonymity function to ways to make the Internet slower and thereby less attractive. Since the basic anonymization function has not been understood, the NSA is instead working to find ways of identifying particular Tor users and to target their computers. This is a dream scenario for an intelligence agency whose target (with this method) is covering up its traces on the web—either the agency is in Washington DC or in Beijing. Even during the Arabian Spring activists used Tor to communicate with one another and with the world.

The attempts to destroy Tor show the American government’s ambivalent attitude to the technology. In actual fact Tor is to a great extent developed by means of governmental funding. The American Department of Foreign Affairs has both contributed money to development work (even Swedish SIDA has given financial support), and contributed to the education of Syrian rebels in order to teach them digital communication that circumvents the control of the Assad regime.[3] A few years ago the US set aside 57 million dollars for anonymization aid for people in conflict areas and living under dictatorships. Ironically, this happens while another section of the government works hard at trying to crack the very same network.

As far as is known, Tor’s creators, among them many volunteers that contribute on a non-profit basis, have—on NSA’s request—not contributed to having deliberately weakened security. But private companies have. Which companies that have bedded with the NSA is not apparent from the leaked documents—the information is protected by a stricter security grade than the one Edward Snowden had. But a few cases have been drawn into the light. RSA is one of the world’s most important companies dealing with encryption and security. It has recently been revealed that RSA accepted ten million dollars from the NSA, and in exchange the company agreed to in their software use encryption with known drawbacks that in practice made it easier to crack the encryption systems.

In an historical perspective this is not surprising. For decades the USA has appreciated the power of encryption and the problems that would arise if the country’s enemies could lay hands on their methods. The NSA’s mission has always been partly to protect USA’s own secrets and partly to reveal the secrets of others. Previously this was achieved by way of trade barriers, so, encryption methods were classed as weapons and export was therefore prohibited. As late as in the 1990s Phil Zimmerman, programmer and activist, was charged for having exported forbidden encryption devices. The programme that he created is called PGP and it is today the most popular method used to encrypt e-mail. (Five years later the charge was withdrawn, and the story is known as The Crypto Wars).

However, the Internet undermined all control of encryption export. It was simply not possible to regulate the spread of technology and who was gaining access to it. It is in this perspective that one should see the effort of the NSA to more generally weaken security—if everyone has access to the same mechanisms then these ought to have big enough lapses to enable the NSA to tune in.

Thanks to its central role in the world of international security the NSA can reach even further than merely effecting specific security products. The agency has (or at least ‘had’—before the Snowden leaks) a great deal of influence over encryption standards (a kind of basic sets of rules that commercial companies abide by when they develop digital security devices). Leaked documents reveal that the NSA are engaged in influencing these standards in a direction that benefits them and this entails bad security that is easier to circumvent. These revelations affect almost all who use the Web. Standards like these are used to encrypt bank transactions as well as hard discs and sensitive correspondence. Consequently, in the wake of this revelation some standards have been withdrawn, and the work needed to scrutinize more standards in the pursuit of back doors is in full progress.

The movement working to advance free information exchange takes on many forms. In connection with the Green Revolution in Iran, Western activists worked to supply Iranians with tools to enable free communication. Adherents to Falun Gong in the West have developed the programme Ultrasurf to enable Chinese followers to find information beyond the country’s national Fire Wall. In January 2011 when Egypt closed down the whole country’s Internet connection in order to stave the opposition, activists shared telephone numbers that made it possible to send pictures and text via old-fashioned modems.

Every attempt to protect dissidents’ communication basically rests on technology; it rests on encryption that makes it impossible to trace the sender or to read the content of correspondence. The fact that the NSA spends hundreds of millions of dollars in order to weaken the scope of the encryption devices is just as disturbing as the espionage we have heard about in these past few months.