WASHINGTON — The National Security Agency, working with the British government, has secretly been unraveling encryption technology that billions of Internet users rely upon to keep their electronic messages and confidential data safe from prying eyes, according to published reports Thursday based on internal U.S. government documents.
The NSA has bypassed or altogether cracked much of the digital encryption used by businesses and everyday Web users, according to reports in The New York Times, Britain’s Guardian newspaper and the nonprofit news website ProPublica.
The reports describe how the NSA invested billions of dollars since 2000 to infiltrate nearly everyone’s secrets.
The NSA built powerful supercomputers to break encryption codes and partnered with unnamed technology companies to insert “back doors” into their software, the reports said. Such a practice would give the government access to users’ information before it was encrypted and sent over the Internet.
“For the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” according to a 2010 briefing document about the NSA’s accomplishments meant for its UK counterpart, Government Communications Headquarters, or GCHQ.
Security experts told news organizations such a code-breaking practice would ultimately undermine Internet security and leave everyday Web users vulnerable to hackers.
The revelations stem from documents leaked by former NSA contractor Edward Snowden. His leaks have revealed a massive effort by the U.S. government to collect and analyze all sorts of digital data that Americans send at home and around the world.
Thursday’s reports described how some of the NSA’s “most intensive efforts” focused on Secure Sockets Layer, a type of encryption widely used on the Web by online retailers and corporate networks. One document said GCHQ had been trying for years to exploit traffic from popular companies like Google, Yahoo, Microsoft and Facebook.
GCHQ, they said, developed “new access opportunities” into Google’s computers by 2012 but said the documents didn’t elaborate on how extensive the project was.
