<![CDATA[NYT: NSA eavesdropping wider than W.House admitted – Yahoo! News:
Several officials said senior government officials went to the nation’s big telecommunications companies to get access to switches that act as gateways between U.S. and international communications.
Many calls going from one foreign country to another are routed through U.S. switches and a communications expert who once worked at the NSA said in recent years government officials have been encouraging the telecommunications industry to bring more international traffic through U.S.-based switches.
Throughout the 90s, the U.S. government sought this kind of access through legislation. The industry fought it, because it is very bad business to spy on one’s customers. Regardless of what you think about this activity, the last sentence there is going to destroy U.S. carriers in the international calling market. Anyone concerned about U.S. monitoring of their calls—such as businesses that are concerned about economic espionage—is going to opt for a carrier that will not put their traffic onto the U.S. backbone.
Having a wonderful time in Germany; you can read my email at the NSA!
Technorati Tags: Bush, NSA, telecommunications
]]>
2 replies on “Destroying the U.S. telecommunications industry, one fearful misstep at a time”
Does this suddenly make Skype (encrypted) the only choice, or are there hooks in Skype as well? Or do we know?
It’s actually two different issues. The program is mainly about conducting traffic analysis, which the most simplistic example would be “finding traffic in- or outbound from an IP address known to be used by Al Qaeda.” Of course, that would also capture traffic of Americans who simply decided to view an Web site, whether they knew it was Al Qaeda-related or not.
Skype traffic is routed, even if peers do the routing, so it can be tracked for purposes of traffic analysis. P2P doesn’t offer any significant advantages, since the traffic travels over backbones known to be monitored by the NSA.
Then, the NSA selects traffic of interest for more analysis, which may include decryption, if it is encrypted.
The second part of the question is whether the Skype encryption is secure. The answer to that question is a matter of conjecture, but I’d say “no.” Skype uses a U.S. government-used standard, AES, which has a 256-bit key size, but we have to assume that: a.) The NSA has massive amounts of computational power to crack messsages they select (traffic analysis, per above, lets them apply that computational power more efficiently), and; b.) As a U.S. government-approved code, AES is suspect, because there is always the hubris in government that they can put backdoors in code because “only we will know how to use them” and, otherwise, the message is secure. That’s the old “only the guilty need to worry argument.” This has repeatedly proved to be the case with public encryption standards offered by the U.S. government.