The latest publication of Edward Snowden’s documents is quite disturbing, as security of online communication becomes more serious. The National Security Agency (NSA), in fact, monitors almost all communications widely spread online.
Regarding Skype, the NSA training document from Snowden’s archive very clear reads: “Sustained Skype collection began in Feb 2011”.
According to documents supplied by Snowden, the NSA has a five-point scale to determine the degree of difficulty of accessing online communication, ranging from “trivial” to “catastrophic.”
Thus, reading private messages on Facebook is considered a normal, everyday task, “while the level of difficulty involved in decrypting emails sent through Moscow-based Internet service provider ‘mail.ru’ is considered ‘moderate’.”
Also troublesome is the Off-the-Record Messaging (OTR) cryptographic protocol and programs that use it. The NSA is unable to crack OTR. Such encryption is used by, for example, the apps TextSecure and Signal.
For the secret service, things becomes “catastrophic” when a person begins to use a combination of tools; for example, using an encrypted messaging service through Tor. It’s impossible to crack also those systems that use ZRTP encrypted voice over IP protocol (such as RedPhone, an app which ensures a secure connection on mobile phones ).
Also remaining secure is the now over-20-year-old encryption program PGP (Pretty Good Privacy).
However, according to the document, there are still a number of online communication transactions that aren’t secure and are easily accessible to secret service agencies. Journalists, as bearers of exclusive information, are one of the main targets.
It’s clear that Snowden’s documents refer to the US secret service, but the US works with Britain, Canada, Australia, and New Zealand. Furthermore, agencies share their information with other countries: for instance, there are have been cases of cooperation with several European countries.
But most importantly, the programs’ vulnerability hints at systematic problems, which means they can be decrypted by not only the aforementioned secret service agencies, but also smaller countries, major private companies, and organized crime groups.
And as the data shows, today the security of open source programs is trusted more, since it’s more likely that independent experts can detect any vulnerability.
The views expressed in the column are those of the author's and do not necessarily reflect the views of Media.am.