The NSA Can Decode Private, Encrypted Cellphone Conversations

By Ashley Feinberg on at

The Washington Post is reporting that, according to a newly released internal document, the National Security Agency isn't just swiping location data from mobile phones; they actually have the ability to decode private, encrypted data, putting all texts and calls right at their disposal.

Though US Law may prohibit the NSA from collecting phone data (or demanding encryption keys) without a court order, the ability to decode these encrypted conversations own their own means they can cut out the courts entirely. More specifically, it's the encryption technology known as A5/1, which has been noted for its vulnerabilities for years, that the NSA can crack, and most global carriers haven't upgraded to more complex software yet.

But that's globally, in the United States, most manufacturers have already upgraded. According to The Washington Post's report:

The vulnerability outlined in the NSA document concerns encryption developed in the 1980s but still used widely by mobile phones that rely on technology called second generation (2G) GSM. It is dominant in most of the world but less so in the wealthiest nations, including the United States, where newer networks such as 3G and 4G increasingly provide faster speeds and better encryption, industry officials say.

Though just because this older form (30 years older, to be exact) of encryption is the one most commonly cracked, don't think that puts anyone toting a smartphone off limits. According to The Washington Post, experts have said that it is indeed possible for the NSA to decode more sophisticated means of encryption, although doing so is far more difficult and, at least at this point in time, can't be applied on a larger scale.

What's more, even though the majority of phones in the US may have gotten an upgrade in security, it's still pretty disconcerting that a 30 year old technology that's been proven time and time again to be insufficient is even still being used. Hopefully this will be the kick networks need to finally upgrade all their phones to encryption software that actually, well, works. [The Washington Post]