FBI, NSA Want Master Encryption Keys from Internet Companies
July 25, 2013 7:06 PM
comment(s) - last by
The question of whether it's legal for them to ask for these SSL keys or not is unclear
The feds are trying to creep further into the personal lives of Web users by requesting master encryption keys from Internet companies.
According to a new report from
, the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) have both tried to obtain master encryption keys as part of their
digital surveillance efforts
, but there's a huge question as to whether they have the legal authority to do so.
Master encryption keys are crucial to Web encryption. They put contents of Web communications into code that is tough to crack using Secure Sockets Layer (SSL). If government agencies were to get their hands on these SSL keys, they could decode the content and peek into the lives of Internet users.
The NSA is also looking to get these SSL keys because it would allow for surveillance through its fiber taps, which are now heavily guarded by SSL.
SSL was originally put in place because of insecure and open Wi-Fi networks. Google adopted HTTPS (which appears in the browser to show that SSL is enabled -- back in 2010 for Gmail, and Microsoft did the same for Hotmail. Later in 2012, Facebook followed suit for its popular social network.
Now, these large Internet companies face the fear of government agencies trying to obtain the SSL keys and expose information on their users. Microsoft, Google and Facebook all said that they haven't given any SSL keys to the government, and agreed that they would fight against doing so.
Other larger companies like Apple, Verizon, AT&T, Yahoo, Comcast and AOL haven't said if they've been asked for or have given SSL keys to the feds.
But the larger companies fear that smaller Web establishments without deep pockets or a hefty legal department will give in to the government's requests for keys.
SSL has certainly hindered the government's spying abilities, which is why they're coming directly to the source for the keys. But if all else fails, the feds have other avenues of
getting what they need
. For instance, companies like Packet Forensics help government agencies import "legitimate" copies of SSL keys -- which could possibly be obtained through a court order -- for spying on users.
Speaking of a court order, it's not clear whether federal surveillance laws allow the government to ask for SSL keys -- even with subpoenas. Subpoenas call for gathering evidence related to an investigation, where SSL keys would seem to open up a treasure trove of data that may contain pieces of information relevant to an investigation, but likely most that are not.
This article is over a month old, voting and posting comments is disabled
7/25/2013 10:56:23 PM
"Congress shall make no law abridging the right of the people to engage in communication, via any communication methods presently known or currently unknown, that is subject to surreptitious monitoring without a publicly-accessible court warrant authorizing said monitoring."
Pretty please? I think it's time to just quit being disgusted with my government and ranting and raving about it in online echo chambers with like-minded individuals and actually... write my House rep and Senator. I suggest all Americans take the time to do the same. It's better than doing nothing at all.
"You can bet that Sony built a long-term business plan about being successful in Japan and that business plan is crumbling." -- Peter Moore, 24 hours before his Microsoft resignation
NSA Spying Fallout Hits Defcon, Hackers Tell Feds to Stay Away
July 12, 2013, 9:00 AM
Source: Don't Worry, NSA Spies on "99 Percent" of Americans' Locations, Call Records
June 14, 2013, 3:57 PM
Hackers Nab 2 Million Login Credentials from Facebook, Gmail, Twitter
December 5, 2013, 1:00 PM
Dutch Gov. to Google: Don't Spy on Us
December 2, 2013, 1:21 PM
Quick Note: Amazon to Use Unmanned Drones for 30 Minute Package Deliveries
December 2, 2013, 11:51 AM
Quick Note: Wi-Fi Hack Prompts European Parliament to Eliminate Access
November 29, 2013, 11:05 AM
NYT: NSA May Have Spied on Google, Yahoo Data Centers Via Fiber-Optic Cables
November 26, 2013, 3:35 PM
Quick Note: Intel Wants to Sell OnCue Internet TV Service for $500M
November 26, 2013, 12:40 PM
Most Popular Articles
NSA Snares Americans' Porn Viewing Histories in Effort to Target Muslims
December 1, 2013, 9:00 PM
Coalition of 20+ Tech Firms Backs MRAM as Potential DRAM, NAND Replacement
November 29, 2013, 11:59 PM
Dow Chemical to NYC City Council: You Don't Even Know What Styrofoam is!
December 2, 2013, 8:30 PM
Fed Up With Cheating OEMs, Microsoft Trolls Chromebooks in New Ad
November 27, 2013, 4:09 PM
OCZ Goes Bankrupt, SSD Assets are Targeted by Toshiba
December 1, 2013, 9:58 PM
Latest Blog Posts
Global Cyber Espionage Concerns Reveal Growing Cyber Armies
Nov 29, 2013, 11:04 AM
Is The Period Becoming an Expression of Anger?
Nov 26, 2013, 2:02 PM
NSA and Congress -- You Will Never Kill the Constitution, It's an Idea
Nov 10, 2013, 2:00 PM
AT&T Explores $100B+ USD Deal to Acquire Vodafone's European Operations
Nov 4, 2013, 7:34 AM
U.S. Army Developing Cyber, Electronic War Arsenal
Oct 31, 2013, 4:49 PM
More Blog Posts
Copyright 2013 DailyTech LLC. -
Terms, Conditions & Privacy Information