NSA requests encrypted keys to directly access companies’ data

Government surveillance requests have reportedly gone as far demanding master encryption keys, from technology companies, Declan McCullagh of CNET reports.

Encryption keys are so important to government agencies as they would allow agents to decrypt intercepted communications internally, rather than request bits and pieces of decrypted information from private tech companies.

"The government is definitely demanding SSL keys from providers," a source who has responded to government attempts told McCullagh, adding that acquiescing would be illegal.

Anonymous sources also tell McCullagh that government entities have also made requests for passwords, yet companies have resisted those requests by saying the government would be effectively "acting" as a particular individual.

Those same companies — Apple, Microsoft, Yahoo, AOL, Verizon, AT&T, Time Warner Cable, and Comcast — "declined to respond to queries about whether they would divulge encryption keys to government agencies," writes McCullagh.

A series of revelations from NSA leaker Edward Snowden about overarching government surveillance programs — both foreign and domestically targeted — eventually led to a Glenn Greenwald article in the Guardian about so-called "pre-encryption" access to emails. Greenwald writes that companies like Microsoft aided intelligence analysts in "circumventing" encryption, though Greenwald offered no clear definition of what "pre-encryption" or "circumvent" mean in this context.

The reason McCullagh's distinction of government requests for actual "encryption keys" (algorithms that create encrypted messages) changes the entire NSA surveillance ball game.

As noted in our previous reporting, AT&T and Verizon have both been implicated in allowing the NSA to tap into their communications traffic.

In a report about the NSA's mission for the 21st Century, the agency notes: "The volumes of routing of data make indexing and processing nuggets of intelligence information more difficult. To perform both its offensive and defensive mission, NSA must 'live on the network.'"

This is not the same as collecting metadata. Directly tapping into the two companies that provide 90 percent of America's communications is literally like collecting all communications data — content, location, contacts, pictures, words, etc.

That's scary enough, but as McCullagh notes, many companies, big and small, use something called SSL to encrypt their (and your) communications.

Encryption keys could be used to decrypt vast swaths of domestic communications — including all the past encrypted communications which leaked document show they save in massive data centers. 

Though at least some of these companies admit they've resisted encryption key requests. In the same breath, they've begged the government to allow them more leeway in disclosing how much they give to America's intelligence apparatus.

"I believe the government is beating up on the little guys," an encryption source told McCullagh. "The government's view is that anything we can think of, we can compel you to do."

The view isn't so concrete though, and so far some of these companies seem to have balked at the requests. Still, agencies like the NSA can keep up the pressure, and the question of the legality of these requests will invariably come into play.

"That's an unanswered question," Jennifer Granick, director of civil liberties at Stanford University's Center for Internet and Society, told McCullagh. "We don't know whether you can be compelled to do that or not."

More from our partner, Business Insider: The Most Expensive Business Schools In America

The World's Love Affair With Google's Chromecast Dongle Appears To Be Over

A Mysterious Hum Is Driving People Around The World Crazy

REPORT: San Diego Mayor Wants "Time Off" For Therapy After Sex Harassment Allegations

Regulators Propose $2.75 Million Penalty Against Boeing For Quality Control Violations