TheÂ Washington PostÂ has the latest storyÂ about domestic surveillance by the National Security Agency based onÂ information from former NSA contractor Edward Snowden. This time, the revelations concern mobile phone encryption technology and individuals’ privacy. The Post reports:
The cellphone encryption technology used most widely across the world can be easily defeated by the National Security Agency, an internal document shows, giving the agency the means toÂ decode most of the billions of calls and texts that travel over public airwaves every day.
While the military and law enforcement agencies long have been able to hack into individual cellphones, theÂ NSAâ€™s capabilityÂ appears to be far more sweeping because of the agencyâ€™s global signals collection operation. The agencyâ€™s ability to crack encryption used by the majority of cellphones in the world offers it wide-ranging powers to listen in on private conversations.
U.S. law prohibits the NSA from collecting the content of conversations between Americans without a court order. But experts say that if the NSA has developed the capacity to easily decode encrypted cellphone conversations, then other nations likely can do the same through their own intelligence services, potentially to Americansâ€™ calls, as well. […]
The extent of the NSAâ€™s collection of cellphone signals and its use of tools to decode encryption are not clear from a top-secret document provided by former contractor Edward Snowden. But it states that the agency â€œcan process encrypted A5/1â€ even when the agency has not acquired an encryption key, which unscrambles communications so that they are readable.
Experts say the agency may also be able to decode newer forms of encryption, but only with a much heavier investment in time and computing power, making mass surveillance of cellphone conversations less practical. […]
The vulnerability outlined in the NSA document concerns encryption developed in the 1980s but still used widely by cellphones that rely on technology called second-generation (2G) GSM. […]
The document does not make clear if the encryption in another major cellphone technology â€” called CDMA and used by Verizon, Sprint and a small number of foreign companies â€” has been broken by the NSA as well. The document also does not specify whether the NSA can decode data flows from cellular devices, which typically are encrypted using different technology.