The NSA Wants a Skeleton Key to Everyone’s Encrypted Data

By Gavin Hanson

Like it or not, you are your data. In this day and age, your receipts, social media activity, public records, GPS data, and Internet search history are the proof of who you are. And while you may have thought you had secrets, the Federal Government would like the rest of them.

The seemingly innocuous pieces of information we trade away every day create a detailed mosaic of our lives used to target advertising and create personality profiles that are exploited by the FBI, political operatives like Cambridge Analytica, and Russian propagandists.

And those are just the legal shenanigans! Instances of malicious hacking that jeopardize social security numbers and other important data are on the rise as well.

But all hope is not lost! There is but one meaningful defense against such intrusions, one used by whistleblowers, banks, the government (often poorly), and college students: encryption.

Encryption Is Powerful, so Naturally the Government Wants to Control It

Encryption, to oversimplify, is the process of putting your data in a combination locked safe, and it’s becoming more popular. Like all passcodes, these combinations are best stored non-electronically.

Automatically encrypted search engines and Internet services simplify the process for users. They protect individuals’ data from hacking, theft, and even the government, but they also retain a repository for all the combinations they use to lock data up.

But that may soon change.

If the executive agencies have their way, the NSA will have a record of every lock combination in use by every company—a skeleton key, if you will, to gain access to your digital home, papers, effects, and aspects of your person without warrant or probable cause—effectively mandating that companies hand over skeleton keys to the locks that they provide to their users, at any time: what they call “exceptional access.”

This is this Trojan horse that the NSA means to use to gain access to your private data even when it is encrypted.

Inherently, these central repositories for lock combinations are far more susceptible to brute force hacking than a distributed system wherein every individual secures their own lock combinations. Skeleton keys can be handy or, if they fall into the wrong hands, devastating.

This is this Trojan horse that the NSA means to use to gain access to your private data even when it is encrypted.

The NAS Proposal

In February, the prestigious National Academy of the Sciences (NAS) prepared “A Framework for Decision Makers” addressing encryption. Their solution? You guessed it: exceptional access. Even though their report has slipped under the radar, NAS reports often carry a lot of weight in Congress and within executive agencies, and it seems this one has.

But, importantly, a key source for the NAS report has cried foul.

The Electronic Frontier Foundation (or EFF) is the foremost mainstream defender of the First Amendment online. They are concerned that they were dismissed by the NAS proposal, calling it, “At best, unhelpful.”

The NAS proposal practically accepts that the federal government should have “backdoor” access, in some way, to all encrypted information. They suggest that the proliferation of strong encryption technology at the individual level would only help the bad guys. Exceptional access, however, would entrust the world’s most often hacked government entity with the guardianship of the entire nation’s data, and put companies like Facebook in charge of keeping it otherwise secure.

Even if you do undertake the process of encrypting your own data, something the CIA would consider in and of itself a “red flag,” any executive agency with exceptional access could demand a copy of your combination up-front.

A Government Skeleton Key Won’t Make Us Safer

Personal, strong encryption isn’t only the tool of criminals, spies, and whistleblowers. It is the surest defense against all forms of data theft, be it by state or non-state actors. If we forfeit this freedom in the name of security, we will surely lose the power of both.

It is vital to our individual and national security that our people, not just our service providers, have the robust means to protect their data and themselves without the risk that the supposed guardians of security ultimately turn out to be the very source of our insecurity, either by malice or malpractice. That is the purpose of the Fourth Amendment, after all.

Under the combination of The Patriot Act and FISA (“Federal Intelligence Surveillance Act”), any unusual metadata is grounds for full collection. Strange travel patterns, irregular spending, even sketchy Google searches, if they create “reasonable suspicion” of anything the secret FISA court deems worthy of further collection, more will be obtained.

Which leaves us with these crucial questions: are we really in as much danger as we believed we were immediately following the attacks of September 11th, 2001? Is the security we are actually gaining through the Patriot Act and the attack on private encryption worth the cost of freedom lost? Moreover, is centralized security really the only way to achieve security? As more of our lives are lived in the form of electronic data, that is a debate worth having.

Gavin Hanson studies communications and history at the University of Iowa. He is a Media Ambassador for Young Americans for Liberty.

This article first appeared at FEE.org.


Activist Post Daily Newsletter

Subscription is FREE and CONFIDENTIAL
Free Report: How To Survive The Job Automation Apocalypse with subscription

9 Comments on "The NSA Wants a Skeleton Key to Everyone’s Encrypted Data"

  1. I use a severely modified Diffie-Hellman encryption algorithm with a 2048-bit key. My data and proxy resides on a Relcom server in Moscow. I estimate that using brute-force it would take the NSA somewhere around 7 years to crack it. I seriously doubt any legitimate federal court would grant a warrant. FISA would (they’re not a legitimate court and rubber-stamp everything the FBI and NSA ask for), but I don’t consider them a real court and totally ignore anything that comes out of there. Any person who sends just about anything in clear text might as well lay down now because you have surrendered your total life to a criminal government.

    • Recent revelations about FACEBOOK indicates that Mark Zuckerberg has functioned as a major deceptive agent for the criminal government. If he were awarded five years in prison and a five hundred million fine, his religious associates would be slowed down a bit.

  2. There is no law in this country. Criminals run this thing called ‘government’. The constitution is a fraud upon the public, used to deceive you into thinking you have rights. War is being waged against you under color-of-law. It is a war of deception. Anyone who is a taxpayer is enslaved by this system of deception. They print up all the counterfeit that they want and deceive you into believing it is money. They get everything for nothing. Taxes are just part of their war against you. Brainwashing through the government schools and controlled media have turned Americans, and most of the world, into unthinking, braindead zombies.

    • It isn’t that there’s no law. Schemers couldn’t thrive without laws. The problem is that the world is full of schemers. Too many people, in and out of government, are unprincipled. They are self-modified. Instead of following the common sense, wise ‘golden rule’ of ‘Do to others as you would have them do to you’, they now follow the rule, or paradigm of ‘riches for the strongest’. They now possess twisted values and seek glory, not the betterment of their country. Therefore, They ‘need’ to take from others (the means of survival), for in that way, they can persuade themselves, and any who they think might believe it, that they are strong. And they need others to see that it is they who rob them, for glory that is unseen isn’t glory.

      It’s simple: You huddle with others – who can’t, without taking a good look, know that your intentions are bad – to decide on the rules that everyone will follow in order to make society function smoothly and keep everyone happy and safe. Then you strategically break those rules (tax havens are a good example, as is a United Nations that is God’s Kingdom on earth – until it doesn’t do what you want it to) in order to get ahead of and on top of others, namely the ‘sucker sheep’ who actually fall for the law and order line. So many, today and since Adam and Eve, have chosen that path that we are now faced with a world (and a wild beast called Corporatocracy) that is owned and run by bloodthirsty, unthinking (but not un-scheming) beasts. There’s no innovation or thinking or problem-solving (where ‘problem’ is one that normal, un-modified, people would call a problem) coming from those in authority in government (includes governments’ informal components), but only reaction to those who have ideas, who think independently and question the status quo. It’s counterrevolution and counterinsurgency vs still alive, and thinking, humanity and light and God.

  3. Up yours, NSA. There will always be programmers who will defy laws that attempt to weaken encryption. If push comes to shove, steganography (which conceals that information is being embedded in a larger music or image file) will prevent the government from peering into everything.

  4. Step one: don’t trust the Cloud. I find it hard to believe that otherwise smart people would trust their most sensitive personal and business data to an entity over which they have no physical control. It’s stupid beyond the pale.

    • “don’t trust the Cloud” I certainly don’t. Box deleted a file I uploaded to it. It was a Bible scripture. That’s all. The back and forth I had with them about it was interesting. I blogged about it. (“Box Mystery” on “A Yappy Trade Barrier”) They also deleted a comment I made about their publicly announced decision to partner with Google, as though that was a good thing. They can talk at us. Dialog, especially ‘negative’ dialog, isn’t welcome. They called my comment, using polite language (I hate foul language), a rant and pointed at their rules about rants. Right. (I had Box’s paid service for a while, but changed my mind when I wasn’t happy with it.)

      But, as a blogger, I just find it impossible to not use a cloud service. Also, it’s redundancy, a good thing. I’m not tech savvy, so I have to use others’ tools to do what I do. I know that Edward Snowden recommends SpiderOak, but it’s not for me. I can’t decipher it. If it isn’t simple or for regular people, I’m outta there.

      • Can you use a computer? (Of COURSE you can! Your BLOG is on a computer.)

        Then you can set up your own cloud server without paying an outsider.

        The only reason it’s complicated is because they made it sound that way so you would give up and pull out your wallet to pay them.

Leave a comment