Most of us—at least the cynical ones—assume that the NSA has probably beaten most of the encryption technologies out there. But a new report from Der Spiegel that draws on documents from Edward Snowden's archive shows that this simply isn't true. There are some tools that the NSA, as recently as two years ago, couldn't crack.
"[Some users] think the intelligence agency experts are already so many steps ahead of them that they can crack any encryption program," explains the report. "This isn't true." In fact, there are several encryption technologies that gave the NSA trouble. First of all, the documents show that the NSA had "major" issues trying to break the encryption on both Tor and Zoho, the email service. Truecrypt, the now-defunct freeware service for encrypting files on your computer, was another thorn in the NSA's side, along with Off-the-Record, which encrypts instant messages.
Another good tool mentioned is Pretty Good Privacy, which is shocking given that the protocol is two decades old, originally written in 1991. But there are also combinations of tools that the NSA describes as "catastrophic" when attempting to crack. Here's how Der Spiegel describes the special sauce:
Things become "catastrophic" for the NSA at level five - when, for example, a subject uses a combination of Tor, another anonymisation service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states.
There are also plenty of seemingly secure services that the report shows are easy for the NSA to monitor, just as you might already assume—including VPNs and the HTTPS connections that many of us see on a daily basis when logging into banking sites and other supposedly "secure" websites. According to the report, the NSA intercepted 10 million of those https connections every day in 2012.
All in all, it's a harrowing new look at the NSA's encryption-breaking prowess, but at the same time, a heartening glimpse of the freely available tools that still provide a modicum of privacy. The entire report is well worth a read. [Der Spiegel]