Tech companies try to assure users about encryption
LOS ANGELES—Amid reports this summer of the National Security Agency accessing troves of private communications, technology companies have sought to distance themselves from allegations of cooperation with government authorities, while reassuring users that their information is safe.
The latest chapter in the face-off between the government intelligence apparatus and technology companies emerged last week with reports that the NSA was working, often successfully, to undermine encryption technology. Encryption is a security feature that muddles digital information to the point that it is unintelligible.
News surfaced Friday that when NSA surveillance activity made waves in June, Google accelerated plans to encrypt information flowing among its various data centers, covering up a hole in its security strategy, according to a report by The Washington Post.
Also Friday, Yahoo Inc. released its first “transparency report,” summarizing the number of government requests for user data during the last six months, while breaking down which requests the company fulfilled and denied. Google has posted similar transparency reports for years.
Earlier this summer, tech companies had taken other steps in response to revelations about the NSA’s activities.
In June, Google co-founder Larry Page and the company’s top lawyer denied that the company gave the U.S. government access to its servers. Days later, the general counsel for Yahoo denied that the company voluntarily disclosed user information. Microsoft’s legal brass followed suit.
Facebook announced in late July that it had made secure browsing the norm and was gradually rolling out “perfect forward secrecy,” which better protects encrypted data, the company said in a statement.
The latest revelations about the NSA concern a top-secret project named Bullrun.
Through this program, the NSA has decoded a trove of Internet traffic, including banking information and private communication that users believe to be otherwise secure, according to reports by ProPublica, The New York Times and the Guardian newspaper in England using documents leaked by former intelligence contractor Edward Snowden.
According to the reports, the multibillion-dollar project essentially encouraged the development of cryptographic technology with built-in weak points that the agency could exploit later. The government agency can automatically decipher information transmitted on a variety of commercial products using its Key Provisioning Service, an active database of encryption keys, according to the reports.
“These reports, if true, show that the NSA, in its zeal to spy, may be leaving Americans less secure,” Rep. Rush D. Holt, D-N.J., said in a statement. Holt, a physicist, has proposed the Surveillance State Repeal Act, which would ban the type of monitoring disclosed in the leaked documents.
“It’s as though the NSA had secretly copied the keys to your home. Worse, it’s as though the NSA had prohibited manufacturers from even making secure locks — all while assuring the public that of course their belongings were safe,” Holt said.
Tech companies have previously collaborated in government surveillance practices, according to leaked documents. Although the companies remain unidentified, it hasn’t stopped some Silicon Valley giants from trying to absolve themselves of involvement.
Companies have sought to be more transparent by disclosing the number of requests for information made by the government under the Foreign Intelligence Surveillance Act, or FISA. The problem is, federal law prohibits such disclosures.
Google and Microsoft launched a legal battle with the government in June on 1st Amendment grounds, arguing that revealing the number of FISA-related requests was a matter of free speech. Negotiations broke down in late August, according to a blog post by Microsoft’s chief legal officer.
In a separate matter, Yahoo has asked the Foreign Intelligence Surveillance Court to declassify documents from a 2008 case, when the tech giant opposed alleged government efforts to gain user information.