Share on Google Plus Share on Twitter 1 Share on Facebook 2 Share on LinkedIn Share on PInterest Share on Fark! Share on Reddit Share on StumbleUpon Tell A Friend 5 (8 Shares)  
Printer Friendly Page Save As Favorite View Favorites View Stats   2 comments

OpEdNews Op Eds

Snowden's Latest: The NSA Has Effectively Destroyed Internet Privacy

By       Message Alfredo Lopez     Permalink
      (Page 1 of 2 pages)
Related Topic(s): ; ; ; ; ; ; ; ; ; ; (more...) ; ; ; ; ; , Add Tags  (less...) Add to My Group(s)

View Ratings | Rate It

opednews.com Headlined to H2 9/7/13

Author 86187
Become a Fan
  (3 fans)
- Advertisement -
The revelations this week by whistle-blower Edward Snowden (through documents provided to the Guardian, the New York Times, and ProPublica) prove that the NSA, working with its British counterpart the Government Communications Headquarters(or GCHQ), has conducted an intentional and largely successful campaign to destroy all privacy on the Internet.

These are the most damning indictments of the federal government's spying, demonstrating that its efforts are not only unconstitutional and destructive but criminal and fraudulent.

According to the ProPublica article, referring to the NSA: "The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, web searches, Internet chats and phone calls of Americans and others around the world, the documents show."


NSA Headquarters: Fort Meade MD by National Security Agency


The three publications' reportage outlines a huge, expensive, and multi-faceted program designed to break all "encryption" in on-line communications (the Guardian's package of coverage is superb). The information gleaned is then stored and, using search and analysis methods previously reported on, it's sorted and some of it read.

Two of the most egregious and frightening aspects of the policies demand particular attention and explanation because they directly attack protections most Internet users take for granted.

With a conscious attempt to defeat Secure Socket Layers and encryption protocols, the government has attacked the very foundations of Internet communications. We have come to trust the privacy and security of the Internet when those features are offered, in part because they're offered. Now we find that they don't exist.

What it all means is that the forms you use for credit-card purchases, bank information, membership applications, website email -- the forms you use all the time believing your information is protected -- may well be carrying code that will allow the NSA to get your information. What's more, the encryption programs many Internet users employ to keep their communications, including email, private may carry "back door" code that will allow anyone with the proper program to decrypt and read them.
- Advertisement -


The government programs not only attack the functionality of privacy but completely destroy any rational confidence people can have in the privacy of their day-to-day communications. They also smash confidence in the government and the corporations that offer these protections because the certainty of privacy has been offered with the apparent full knowledge by these companies that there is no such certainty.

These latest revelations were delivered in about 50,000 documents Snowden released to news outlets this week. While they broaden the information he has delivered to the world about government spying, these revelations add a darker stroke to the drawing. Up to now, Snowden's information has demonstrated how governments and compliant corporations have facilitated the capture, storage, and analysis of Internet communications and our government has answered those charges with a PR-choreography designed to divert attention from the real issue at stake: privacy and the Constitution. It has said, all along, that its intent isn't to assault our privacy but to catch people who would do us harm.

These revelations demonstrate that the intent of government spying has been not only to assault privacy but to make it impossible to achieve. They rip the locked doors off all Internet privacy and make the application of Constitutional rights impossible.

Nowhere is this clearer than with the attack on Secure Socket-Layer protocol.

When you go to a website to purchase something or fill out a form with your personal information, you'll notice a different kind of website address. Rather than the "http:" that urls usually start with, you'll see "https:". This means the page is secure and that, if it's complying with Internet standards, the website has installed a certificate that proves it is the site it says it is owned by the people who claim to own it. Any encryption of data between site and browser is now "trusted". So, you are implicitly told, you can enter a credit-card number and nobody else can read it. It was encrypted the moment it was entered and you pushed "submit" and the information you exchange with the site is totally protect in a "secure tunnel" (which means that nobody can even see it in any form); the people who own the site are vouching for that.
- Advertisement -


The Internet offers this assurance by maintaining "standards" for this transaction. About 40 companies world-wide offer certificates (idioscyncratic pieces of code that are to be installed on a server) and, as a default, browsers recognize certificates for those companies. That's the standard. When you visit such a webpage, your browser and the server conduct a complicated series of communications -- called a "handshake" -- that verifies the certificate, the identity of its owner, and the company that wrote the certificate being used. This is among the most sacred trusts in Internet technology. If the certificate isn't authentic or up-to-date, the "server" will return an error.

For several years now, the NSA has been working with some of those certificate companies to allow it to "pose" as a trusted authority and answer your handshake. When your computer asks for an SSL certificate, the NSA's code offers proof that the site is actually secure and owned by the certificate holder. At that point, it can capture all data you enter into that page as it goes through a secure tunnel to which the NSA now has access. This is called a "man in the middle" attack. That data is stored -- for a few days, according to these documents -- and then de-crypted with one of the programs the NSA has spent hundreds of millions of dollars to develop. The agency can then search through the data (probably all the data on the Internet) for "suspicious" terms and phrases to choose which files it will investigate more carefully.

SSL (or TLS as it is now known) protection is also provided to many forms of email and other on-line protocols such as SSH:  a protocol that gives users, most often technologists and server administrators, the ability to conduct secure direct communications with a server via "command line" programs. That kind of security is essential to the operations, by administrators, of the entire Internet. No decent administrator will enter a command-line program without it because, if someone can eavesdrop on what the administrator is writing, they can get the administrator's passwords, log into the server, and do what they want with everything stored there.

Next Page  1  |  2

 

- Advertisement -

View Ratings | Rate It

Alfredo Lopez is a member of the This Can't Be Happening on-line publication collective where he covers technology and Co-Chair of the Leadership Committee of May First/People Link.

Share on Google Plus Submit to Twitter Add this Page to Facebook! Share on LinkedIn Pin It! Add this Page to Fark! Submit to Reddit Submit to Stumble Upon


Go To Commenting

The views expressed in this article are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.

Writers Guidelines

Contact AuthorContact Author Contact EditorContact Editor Author PageView Authors' Articles
- Advertisement -

Most Popular Articles by this Author:     (View All Most Popular Articles by this Author)

Attacking Net Neutrality Once Again

When Posting a Website Link is a Crime

NSA Intercepted Data from Google and Yahoo Servers; Monitors Nearly Everyone's Internet Use

Snowden's Latest: The NSA Has Effectively Destroyed Internet Privacy

The Federal Court Trashes Net Neutrality... and the Internet

The Day Adria Richards Said 'Not This Time!'