Report: NSA Has Broken Most Internet Encryption Technologies
According to a report Thursday from The Guardian, documents obtained by former NSA contractor Edward Snowden reveal both the NSA and its U.K. counterpart the GCHQ have comprised virtually all security measures used by Internet companies to protect communications, financial and health data.
The report also states that the NSA has spent roughly $250 million to "covertly influence" product designs of private security technology vendors, which includes such tactics as inserting secret vulnerabilities and backdoor access points into commercial security software.
[Related: Facebook Gave Data On 38,000 Users To Government Authorities ]
Thursday's report is the latest in a string of revelations about the NSA's domestic surveillance program through leaked documents provided to the press by Snowden. Previous reports include revelations about the U.S. government's ability to obtain telephone records without a warrant as well as Prism, a secret program that gives the NSA direct access to internal systems of Internet companies like Microsoft, Google, Facebook and Apple.
Bryan Myers, director of business development at Skyline Technology Solutions in Glen Burnie, Md., said he isn't worried about the government gaining access to customer data -- but he is concerned about the implications of the NSA's ability to crack encryption technology.
"The security risk is huge," Myers said. "You have to mitigate risk because if the NSA can do this, then who else can do it?"
Peter Brannigan, president of Ardmore Consulting in Wyckoff, N.J., said he isn't shocked by the latest revelation. "I assumed the government was already doing this," he said. "Quite honestly, it doesn't surprise me at all, and I'm actually surprised other people are surprised. There's just no privacy on the Web anymore."
Brannigan said his clients haven't expressed concern over the NSA's domestic surveillance capabilities and Prism. Furthermore, he said the news hasn't changed his approach when it comes to security.
"Right now I tell clients they're much more at risk of an internal breach than an external attack," Brannigan said. "The savvy customers know it's all about minimizing your risk and that someone can always gain access to your network. If anyone ever tells you that they can make you 100 percent secure, well, then they're lying."
PUBLISHED SEPT. 6, 2013