Wednesday, May 14, 2014

No Safe Place - NSA Cracks All Codes

Glenn Greenwald on Secret NSA Program to Crack Online Encryption

(Image: <a href=" http://www.shutterstock.com/cat.mhtml?page_number=1&position=10&safesearch=1&search_language=en&search_source=pic_recommended&search_type=keyword_search&searchterm=encryption&sort_method=popular&sort_version=4_0&source=search&timestamp=1378734320&tracking_id=9D3BshDrOjA919LJUDHttg&page=1#id=128620799&src=9D3BshDrOjA919LJUDHttg-1-10 "> via Shutterstock </a>)(Image: via Shutterstock).A new exposé based on the leaks of Edward Snowden has revealed the National Security Agency has developed methods to crack online encryption used to protect emails, banking and medical records. "Encryption is really the system that lets the Internet function as an important commercial instrument all around the world," says Glenn Greenwald of The Guardian, which collaborated with The New York Times and ProPublica on the reporting. "It’s what lets you enter your credit card number, check your banking records, buy and sell things online, get your medical tests online, engage in private communications. It’s what protects the sanctity of the Internet." Documents leaked by Snowden reveal the NSA spends $250 million a year on a program which, among other goals, works with technology companies to "covertly influence" their product designs. "The entire system is now being compromised by the NSA and their British counterpart, the GCHQ," Greenwald says. "Systematic efforts to ensure that there is no form of human commerce, human electronic communication, that is ever invulnerable to their prying eyes."

TRANSCRIPT:
This is a rush transcript. Copy may not be in its final form.
Juan González: The Guardian, The New York Times and ProPublica have jointly revealed the National Security Agency is successfully waging a long-running secret war on encryption, jeopardizing hundreds of millions of people’s ability to protect their privacyThe New York Times writes, quote, "The NSAhas circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world." Security experts say the NSA program "undermine[s] the fabric of the internet." The revelations are based on documents from the NSA and its British counterpart, GCHQ, leaked by former NSA contractor Edward Snowden.

Amy Goodman: The documents also showNSA spends $250 million a year on a program which, among other goals, works with technology companies to covertly influence their product designs. The NSA has also been deliberately weakening the international encryption standards adopted by developers. And according to the documents, a GCHQ team has reportedly been working to develop ways into encrypted traffic on the "big four" service providers, named as Hotmail, Google, Yahoo and Facebook. The spy agencies insist that the ability to defeat encryption is vital to their core missions of counterterrorism and foreign intelligence gathering.

Well, for more, we’re joined by Democracy Now! video stream by Glenn Greenwald of The Guardian, co-author of the new article, "US and UK Spy Agencies Defeat Privacy and Security on the Internet." Glenn Greenwald first published Edward Snowden’s revelations about the NSAsurveillance programs and continues to write extensively on the topic.

Glenn, welcome back to Democracy Now! We haven’t spoken to you since your partner, David Miranda, was held at Heathrow for nine hours, the airport in Britain, and we want to get to that. But first, talk about the significance of this latest exposé that both The Guardian, The New York Timesand ProPublica have published today.

Glenn Greenwald: First of all, I think there’s significance just in the partnership itself. It’s very unusual for three media organizations to work so closely on a story of this magnitude. And that happened because the U.K. government tried forcibly toThe Guardian from reporting on these documents by pressuring The Guardian editor-in-chief in London, Alan Rusbridger, to destroy the hard drives of The Guardian which contained these materials, which is why they ended up making their way to The New York Times and ProPublica. So I think it clearly backfired, now that there are other media organizations, including probably the most influential in the world, The New York Times, now vested in reporting on the story.

The significance of the story itself, I think, is easy to see. When people hear encryption, they often think about what certain people who are very interested in maintaining the confidentiality of their communications use, whether it be lawyers talking to their clients, human rights activists dealing with sensitive matters, people working against oppressive governments. And those people do use encryption, and it’s extremely important that it be safeguarded. And the fact that the NSA is trying to not only break it for themselves, but to make it weaker and put backdoors into all these programs makes all of those very sensitive communications vulnerable to all sorts of people around the world, not just the NSA, endangering human rights activists and democracy activists and lawyers and their clients and a whole variety of other people engaged in sensitive work.

But encryption is much more than that. Encryption is really the system that lets the Internet function as an important commercial instrument all around the world. It’s what lets you enter your credit card number, check your banking records, buy and sell things online, get your medical tests online, engage in private communications. It’s what protects the sanctity of the Internet. And what these documents show is not just that the NSA is trying to break the codes of encryption to let them get access to everything, but they’re forcing the companies that provide the encryption services to put backdoors into their programs, which means, again, that not only the NSA, but all sorts of hackers and other governments and all kinds of ill-motivated people, can have a weakness to exploit, a vulnerability to exploit, in these systems, which makes the entire Internet insecure for everybody. And the fact that it’s all being done as usual with no transparency or accountability makes this very newsworthy.

Juan González: But, Glenn, going back to the mid-1990s in the Clinton administration, when the government tried to establish these backdoors into communications on the Internet, there was a public debate and a rejection of this. What has happened since then now in terms of howNSAoperates?

Glenn Greenwald: Right, it’s interesting. If you go back to the mid-'90s, that debate was really spawned by the attack on Oklahoma City, which the Clinton administration—on the Oklahoma City courthouse by Timothy McVeigh, which the Clinton administration immediately exploited to try and demand that every single form of computer security or human communication on the Internet be vulnerable to government intrusion, that it all—that there be no encryption to which the governments didn't have the key. And as you said, a combination of public backlash and industry pressure led to a rejection of that proposal, and the industries were particularly incensed by it, because they said if you put backdoors into this technology, it will make it completely vulnerable. If anyone gets that key, if anybody figures out how to crack it, it will mean that there’s no security anymore on the Internet.
And so, since the NSA and the U.S. government couldn’t get its way that way, what they’ve done instead is they resorted to covert means to infiltrate these companies, to pressure and coerce them, to provide the very backdoors that they failed to compel through legislation and through public debate and accountability. And that is what this story essentially reveals, is that the entire system is now being compromised by the NSA and their British counterpart, the GCHQ, systematic efforts to ensure that there is no form of human commerce, human electronic communication, that is ever invulnerable to their prying eyes. And again, the danger is not just that they get into all of our transactions and human communications, but that they are making it much easier for all kinds of other entities to do the same thing.

Amy Goodman: Glenn Greenwald,The Guardian piece, you write, "The NSA spends $250m a year on a program which, among other goals, works with technology companies to 'covertly influence' their product designs." How does the NSA do this?

Glenn Greenwald: So, one of the things that happens here is that a lot of these large technology companies sell products, expensive products, to their users based on the claim that these products will safeguard the privacy of people’s activities online or online communication through encryption. At the same time, these companies are working directly with the U.S. government andNSA, either cooperatively or because they’re getting benefits from it or through coercion, to make these products vulnerable and insecure, exactly undermining the commitments that they’re making to their users that they will enable and safeguard the privacy of their communications. So it’s really a form of fraud that the—that the technology industry is perpetrating on its users, pretending that they’re offering security while at the same time working with the U.S. government to make sure that these products are being designed in a way that makes them actually vulnerable to invasion. And again, sometimes it’s the fault of the technology companies. They do it because they want good relationships with the U.S. government. They’re profit-motivated. They get benefits from it. But a lot of times there’s just pressure and coercion on the part of a very powerful, sprawling U.S. government that induces these companies to do it against their wishes.

Juan González: And these revelations have some specifics in terms of those who are cooperating. Could you talk about Microsoft and its Outlook email?

Glenn Greenwald: Sure. We actually reported about a month ago an article that focused almost exclusively on Microsoft and the extraordinary collaboration that company engages in withNSA to provide backdoor access to its very programs that they tout to the world as offering safe encryption. If you look at what—if you just go look at Outlook.com, what Microsoft says about its Outlook email server, which is now basically the program where, if you use Hotmail or any other Microsoft service, your email is routed through, they tout Outlook as this really great service that protects people’s communications through this strong encryption. And at the very same time, Microsoft is working in private with the NSA to ensure access by the NSA across all of their platforms, not just Outlook email, but Skype and a whole variety of other services that Microsoft offers to their users to basically ensure that it’s all completely vulnerable to NSA snooping. And again, one of the big problems with it is that when you allow—when you make these programs vulnerable to the NSA, you’re also making them vulnerable to other intelligence agencies around the world or to hackers or to corporate spies or to people who just wish you ill will for any number of reasons. It’s making the entire Internet insecure.

Amy Goodman: After—The Guardian revealed last month that it smashed several computers in its London office after the British government threatened legal action, editor Alan Rusbridger said he agreed to their demand in order to avoid the newspaper’s potential closure. This is what he said.
Alan Rusbridger: We were faced, effectively, with an ultimatum from the British government that if we didn’t hand back the material or destroy it, they would move to law. That would mean prior restraint, a concept that is anathema in America and other parts of the world, in which the state can effectively prevent a news publisher from publishing, and I didn’t want to get into that position. And I also explained to the U.K. officials we were dealing with that there were other copies already in America and Brazil, so they wouldn’t be achieving anything. But once it was obvious that they would be going to law, I would rather destroy the copy than hand it back to them or allow the courts to freeze our reporting.
Amy Goodman: Last month at a White House news briefing, the deputy spokesperson, Josh Earnest, was asked if the U.S. government would ever take similar actions against a media outlet. He said, quote, "It’s very difficult to imagine a scenario in which that would be appropriate." Glenn Greenwald, can you talk about what happened at your paper?

Glenn Greenwald: It should be a major scandal. I mean, the United States and the U.K. run around the world constantly denouncing other countries that aren’t friendly with it for abusing press freedoms or failing to protect them, and yet at the same time both of these countries are engaged in a major assault on journalism when it comes to those who are trying to report on what it is they’re doing. The idea that the U.K. government, at the behest of the highest levels of that government, the prime minister and their top—it’s his top security officials—wentThe Guardian and threatenedThe Guardian's top editor repeatedly and ultimately forced him to destroy hard drives that contained the byproduct of our journalism is the stuff that, you know, the U.K. and the U.S. governments would like you to think happen only in Russia or China or other governments that they love to depict as tyrannical, and yet it's happening in the closest ally of the United States.

And, of course, in the United States itself, there is a major war on the news-gathering process with the prosecution of whistleblowers, the people who serve as sources for journalists, the theories they flirted with to criminalize the process of journalism, with the criminal and grand jury investigation of WikiLeaks or the filing of an affidavit accusing a Fox News journalist of being a co-conspirator in felonies because he worked with his source.

You really see these two governments working hand in hand to create this climate of fear in which even the largest media organizations, like The New York Times, whose celebrated reporter Jim Risen is being threatened with jail, or The Guardian, a 220-year-old newspaper, one of the most influential in the world, being threatened in the most thuggish and abusive ways to stop their reporting. And The Guardian had to take very extreme measures to evade those threats, including providing substantial numbers of documents to The New York Times and ProPublica to make sure that if they were ordered to destroy all of their sets, that there would be copies existing elsewhere in the world so that this material could continue to be reported.

Juan González: Glenn, what do you think needs to happen, given these continuing revelations aboutNSA especially, but our government in general, being virtually out of control in terms of its surveillance of communications of—not only of Americans, but around the world? Do you think that the impact of all of these revelations is going to move, hopefully, Congress to act in a stronger way to control these activities?

Glenn Greenwald: I do. I think the impact of all of this reporting is often underappreciated, in part because the changes in public opinion are often imperceptible. They happen somewhat incrementally, and we don’t immediately notice the shifts. But certain polls that have been released since we began our reporting show some very radical changes in how Americans think about threats to their privacy. They now fear government assault on their civil liberties more than they fear the threat of terrorism, something that has never happened, at least since the 9/11 attacks.

But I also think it’s important to appreciate just how global this story has resonated. There are countless countries around the world in which there are very intense debates taking place over the nature of U.S. surveillance, the value of Internet freedom and privacy. There are all kinds of pressure movements to demand that those people’s governments take serious action against the United States to protect the Internet from these kind of intrusions. You see an incredibly unprecedented, really, coalition of people across the spectrum in Congress banding together against NSA spying, insisting that they will continue to engage in reform movements, something that transcends partisan divisions or ideological divisions. It’s causing serious diplomatic tensions between the United States and allies in Germany, here in Brazil and other countries around the world, that will continue, as more reporting happens, on a country-by-country basis, as we partner with more and more media organizations around the world. So I think absolutely this has had a huge impact not just on the way that people think about surveillance and the NSA surveillance program, but, as importantly, the way they think about President Obama, the credibility of the United States government in terms of the claims it makes, one after the next of which have proven to be false, and, more generally, the role of the United States and its closest allies, including the U.K., in the world, and how much defiance and challenge they actually need.

Amy Goodman: You know, you could, in an odd way, talk about how Syria is linked to these revelations. President Obama is pursuing a pro-strike strategy with Syria right now in Russia, as opposed to talking about, you know, using this moment at the G-20 summit to push for diplomacy. He was already isolated from Putin, angry at Putin because Putin gave temporary asylum to Ed Snowden, so he cancels his bilateral meeting with Putin, which could have been used to make a deal around Syria, since he’s the major sponsor of Syria. You also have, with the G-20, President Obama trying to get these countries to support a strike, but he’s up against—you could say, against a wall BRICS, meaning BRICS, you know, the BRICS nations—Brazil, Russia, India, China and South Africa—who, it’s been revealed, that the NSA has been spying on, so there’s not a lot of friendliness there. Can you talk about your more recent—the piece you did before this one, around Brazil, which has caused a furor in your country, the country where you live right now, where we’re speaking to you?

Glenn Greenwald: Sure. We’ve been doing a lot of reporting in Brazil, in the same way that Laura Poitras, who lives in Germany because she’s afraid to edit her own film on U.S. soil because she thinks it will be seized, the footage will be, because it’s aboutNSA, the way that she’s been teaming with Der Spiegel to report on U.S. spying on Germans. I’ve been teaming with British media outlets—Brazilian media outlets to report on what’s being done in Brazil and, more generally, to Latin America.

And the stories that we started off with were about indiscriminate mass collection of the communications, data and voice and Internet emails, of literally tens of millions of Brazilians, literally stealing from the Brazilian telecommunications system all of this data on the part of the NSA, on behalf of a government over which Brazilians exercise no accountability, for which they don’t vote, to which they—and which owes them no obligation. That already created a huge scandal in Brazil. And the reporting talked about how that’s being done more broadly in Latin America, which made that scandal spread.

And then, with the report that we did last week that Dilma herself, the president of Brazil, Dilma Rousseff, had been a very personal, specific target, along with the Mexican president, where her personal communications had been analyzed and intercepted and listened to, created an enormous furor here. It caused the Brazilian government to threaten to cancel a state dinner, which is a huge matter between the U.S. and Brazil, the only state dinner that I believe the White House is having this year, to threaten to cancel large contracts. And now, this Sunday, on the same program, which is the largest, most-watched program in Brazil, we’re going to have another report that I think is even bigger, about what the NSA is doing in terms of spying on Brazilian citizens.

And so, you know, I think that one of the things that’s happening here is that, at the very least, if theNSA wants to construct a massive spying system that literally has as its goal the complete elimination of privacy around the world, that people around the world ought to at least be aware that that’s taking place, so that they can have democratic and informed debates about what they want to do about it, about how they want to safeguard their privacy, just like Americans are entitled to know that the U.S. government is collecting all of their personal communications data, as well.

Juan González: And, Glenn, I want to ask you about something closer to home, ask you about what happened to your partner, David Miranda, when he was detained last month by the British government at London’s Heathrow Airport for nine hours under a British anti-terrorism law. He faced repeated interrogation and had his belongings seized, including thumb drives carrying information you used in your reporting NSA surveillance. Speaking on his return to Brazil, Miranda said he was subjected to psychological violence.
David Miranda: [translated] A Brazilian that travels to a country like this and is detained for nine hours in this way, it, I think, breaks a person, you understand? You break down completely and get very scared. They didn’t use any physical violence against me, but you can see that it was a fantastic use of psychological violence.
Juan González: Glenn, could you talk about—about this incident?

Glenn Greenwald: Sure. I mean, first of all, what David was talking about there was the fact that they didn’t just detain him the way you sometimes get regularly detained at an airport when you visit another country for a few minutes or for even an hour to get secondarily screened. He was told right from the beginning that he was being detained under the Terrorism Act of 2000, which means that he was being detained under a law the purpose of which is to investigate people for ties to terrorism. And although it might be a little bit difficult for American citizens or for British citizens to understand, for people around the world who have seen what the U.S. and the U.K. governments do in the name of terrorism—they disappear people, they kidnap them, they torture them, they put them into cages for years at a time without so much as charges or even a lawyer—it’s an—not to mention the bombs they drop and the children they kill with drones—it’s an incredibly intimidating thing to be told that you’re being detained by a government with the behavioral record of the U.K. under a terrorism law.

The fact that hour after hour after hour went by, when they refused to allow him to speak to me or anybody in the outside world other than a list that they gave him of what they said were their approved lawyers, who they said that he was free to talk to on the phone, and when he told them that he didn’t trust their lawyers, their list or their phones, that he wanted to speak in person with a lawyer sent by me or by The Guardian, and was told that he had no right to a lawyer, no right to outside contact, that’s what he meant by the psychological violence, that he was kept in this small room, repeatedly interrogated hour after hour under a terrorism law, denied the right to his independent lawyers, ones that he trusted, not ones provided by them, and had no idea what was going to be done to him.

The entire day, I was being told by Guardian lawyers in Britain that it was likely that after the nine hours he would be arrested. That’s typically what they do. They barely ever hold anybody for more than an hour, and almost always when they do, it ends with an arrest. Sometimes they arrest them on terrorism charges, sometimes because there’s an obligation under this law to be fully cooperative, meaning answering all their questions fully, not refusing to answer anything, giving them passwords that they ask. If you even remotely refuse any of that, if they perceive that you’re not being cooperative, they will then charge you separately for a violation of that law, then will arrest you and put them in—put the person into the criminal justice system.

All of this, combined with the fact that high-level Brazilian diplomats were unable to find out any information about where he was or what was being done to him, was absolutely designed to send a message—as Reuters reported, by quoting a U.S. official, a message of intimidation to those of us who have been reporting on the GCHQ and the NSA, that if we continue to do so, this is the sort of thing that we can expect. The idea that all they wanted to do was to take his USB drives is ludicrous, for a lot of reasons, including the fact that all kinds of Guardian reporters have flown in and out of Heathrow. Laura Poitras herself flew to London and back out again without incident. They had no idea what he would be carrying. How would they possibly know? But more to the point, if all they wanted to do was take his things, that would have taken nine minutes, not nine hours. They purposely kept him for nine hours, the full amount allowed under that law, because they wanted to be as thuggish and intimidating as possible.

And the fact that he was helping Laura for a week in Berlin with our journalism, that he was carrying material back to me that Laura and I were working on journalistically, doesn’t make what they did better, it makes it worse. It shows how what the U.K. government is doing is specifically targeting the journalism process and trying to be intimidating and to force it to stop. And it’s clear it had no effect. If anything, it backfired, as I said from the beginning that it would. But I think their intent is completely clear to the world.

Amy Goodman: Are you suing? And did David get his equipment back?

Glenn Greenwald: David is absolutely suing. He is pursuing a judgment in the British courts that, as even the author of that law in the U.K. said, it was a completely illegal detention because it was obvious they had no interest in investigating him about terrorism. They never asked him a single question about terrorism. There was obviously no—nobody thought he was connected to a terrorist organization. He was repeatedly questioned about everything but terrorism, including, primarily, our journalism.

He hasn’t gotten any of his belongings back. And one of the things that happened is that the U.K. government just outright lied about what took place that day. They claimed he was carrying a password that allowed them access to 58,000 classified documents. He was not carrying any password that allowed them access to any documents. They actually filed an affidavit the same day they made that claim, saying—asking the court to let them continue to keep his belongings on the ground that all of the material he was carrying was heavily encrypted, that they couldn’t break the encryption, and they only got access to 75 of the documents that he was carrying, most of which are probably ones related to his school work and personal use. But, of course, media outlet has just uncritically repeated what the U.K. government had said, as though it were true. It wasn’t true; it was a pack of lies. But even if it were true, the idea that you’re going to detain somebody under a terrorism law who you think is working with journalists is incredibly menacing, as menacing as anything the U.K. government denounces when other countries do it.

Amy Goodman: Glenn, we want to thank you for being with us. We know you have to leave. Glenn Greenwald is a columnist on civil liberties and U.S. national security issues The Guardian. He’s also a former constitutional lawyer, first published Edward Snowden’s revelations about the NSA surveillance program and continues to write extensively on the topic. His most recent piece, co-authored in The Guardian, "US and UK Spy Agencies Defeat Privacy and Security on the Internet." We will link to that at Democracy Now.org.

Don’t go away. After break, Bruce Schneier, one of the leading experts on security on the Internet, is coming up, and then we’ll speak with Adam Entous of The Wall Street Journal about the Saudi-Syrian rebel connection and what the U.S. has to do with it. Stay with us.