Although the cops and Feds wont stop banging on and on about encryption – the spies have a different take on the use of crypto.
To be brutally blunt, they love it. Why? Because using detectable encryption technology like PGP, Tor, VPNs and so on, lights you up on the intelligence agencies’ dashboards. Agents and analysts don’t even have to see the contents of the communications – the metadata is enough for g-men to start making your life difficult.
“To be honest, the spooks love PGP,” Nicholas Weaver, a researcher at the International Computer Science Institute, told the Usenix Enigma conference in San Francisco on Wednesdy. “It’s really chatty and it gives them a lot of metadata and communication records. PGP is the NSA’s friend.”
Weaver, who has spent much of the last decade investigating NSA techniques, said that all PGP traffic, including who sent it and to whom, is automatically stored and backed up onto tape. This can then be searched as needed when matched with other surveillance data.
Given that the NSA has taps on almost all of the internet’s major trunk routes, the PGP records can be incredibly useful. It’s a simple matter to build a script that can identify one PGP user and then track all their contacts to build a journal of their activities.
Even better is the Mujahedeen Secrets encryption system, which was released by the Global Islamic Media Front to allow Al Qaeda supporters to communicate in private. Weaver said that not only was it even harder to use than PGP, but it was a boon for metadata – since almost anyone using it identified themselves as a potential terrorist.
“It’s brilliant!” enthused Weaver. “Whoever it was at the NSA or GCHQ who invented it give them a big Christmas bonus.”
Given all the tools available to the intelligence agencies there’s really no need for an encryption backdoor, he explained. With the NSA’s toolkit of zero-day exploits, and old-day exploits, it’s much easier to root a target’s computer after identifying them from metadata traffic.