FBI, NSA Want Master Encryption Keys from Internet Companies
July 25, 2013 7:06 PM
comment(s) - last by
The question of whether it's legal for them to ask for these SSL keys or not is unclear
The feds are trying to creep further into the personal lives of Web users by requesting master encryption keys from Internet companies.
According to a new report from
, the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) have both tried to obtain master encryption keys as part of their
digital surveillance efforts
, but there's a huge question as to whether they have the legal authority to do so.
Master encryption keys are crucial to Web encryption. They put contents of Web communications into code that is tough to crack using Secure Sockets Layer (SSL). If government agencies were to get their hands on these SSL keys, they could decode the content and peek into the lives of Internet users.
The NSA is also looking to get these SSL keys because it would allow for surveillance through its fiber taps, which are now heavily guarded by SSL.
SSL was originally put in place because of insecure and open Wi-Fi networks. Google adopted HTTPS (which appears in the browser to show that SSL is enabled -- back in 2010 for Gmail, and Microsoft did the same for Hotmail. Later in 2012, Facebook followed suit for its popular social network.
Now, these large Internet companies face the fear of government agencies trying to obtain the SSL keys and expose information on their users. Microsoft, Google and Facebook all said that they haven't given any SSL keys to the government, and agreed that they would fight against doing so.
Other larger companies like Apple, Verizon, AT&T, Yahoo, Comcast and AOL haven't said if they've been asked for or have given SSL keys to the feds.
But the larger companies fear that smaller Web establishments without deep pockets or a hefty legal department will give in to the government's requests for keys.
SSL has certainly hindered the government's spying abilities, which is why they're coming directly to the source for the keys. But if all else fails, the feds have other avenues of
getting what they need
. For instance, companies like Packet Forensics help government agencies import "legitimate" copies of SSL keys -- which could possibly be obtained through a court order -- for spying on users.
Speaking of a court order, it's not clear whether federal surveillance laws allow the government to ask for SSL keys -- even with subpoenas. Subpoenas call for gathering evidence related to an investigation, where SSL keys would seem to open up a treasure trove of data that may contain pieces of information relevant to an investigation, but likely most that are not.
This article is over a month old, voting and posting comments is disabled
RE: Too little too late
7/30/2013 12:00:33 PM
Which part of it specifically is a lie?
The Prism signed up Microsoft, Yahoo, and Google during Bush administration. That's a fact.
Mark Klein blew the whistle on AT&T diverting all of its call traffic to NSA as early as 2003. That's a fact.
In the final days of its administration Bush granted retroactive immunity to any ISPs (including AT&T) that might have passed information to the government without proper warrant. That's a fact.
And on the most recent vote on funding the NSA surveillance program only 94 republicans out of 234 voted to defund the program. Also a fact.
As I said before, I'm not defending Obama's record on this matter. While he may not have started any of these programs, he did nothing to stop them either. Instead he greatly expanded them.
However, if your argument is to vote republican, then it's nothing but a folly for you cannot be seriously suggesting voting Republicans as more than half of them voted to keep the NSA system in place. Republicans want to keep the program in place even more so than Democrats.
In the big picture both parties are complicit on this issue, democrats and your beloved republicans alike.
Here, go educate yourself:
The only way you can show your disapproval is to keep voting third party of "none of the above". Yes, in the former case you would be throwing your vote away, and in the latter case it would be just a symbolic gesture that would accomplish nothing. However, voting for either of the two main parties will ensure that the program will keep running.
"So, I think the same thing of the music industry. They can't say that they're losing money, you know what I'm saying. They just probably don't have the same surplus that they had." -- Wu-Tang Clan founder RZA
NSA Spying Fallout Hits Defcon, Hackers Tell Feds to Stay Away
July 12, 2013, 9:00 AM
Source: Don't Worry, NSA Spies on "99 Percent" of Americans' Locations, Call Records
June 14, 2013, 3:57 PM
Twitter Senior VP: "Diversity is Important, But We Can’t Lower the Bar"
November 9, 2015, 9:59 AM
CNN Resorts to Internet Censorship to Promote Clinton Over Senator Sanders
October 15, 2015, 2:47 PM
Breaking Bad: How to Crash Google's Chrome Browser With Just 8 Characters
September 23, 2015, 11:08 AM
Quick Note: Amazon UK Offers £10 Back on Any Order £50 or Over
August 3, 2015, 12:05 PM
Editorial: Reddit Allows Itself to be Hijacked as a Hate Platform For Racist Bigots
July 21, 2015, 6:32 PM
Mozilla and Facebook to Adobe: It's Time to Kill Flash
July 20, 2015, 6:30 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information