nsa ssl keys espionage

Espionage Germany / NSA
Espionage Germany / NSA

The use of SSL-encrypted connections does not guarantee that the transmitted content is not easily to read by the NSA and other U.S. intelligence agencies – because the NSA and other U.S. intelligence agencies try to get those SSL-keys. It is to assume that other intelligence of further states are trying the same as the NSA since a long time.

The U.S. technical magazine CNet cites an anonymous source in a recent report and this source has said, for example, the following allegation:

“The (U.S.) government is definitely demanding SSL keys from providers.”

The U.S. government, as well as the NSA and other intelligence agencies, is probably mainly interested in the root certificates (SSL), which will serve ultimately as a so-called master key for the entire protected communication of an Internet company and with their hands on such a master key (root certificate), they are able to easily observe and listen to any communication on the relevant platform.

The so-called big companies, which have an adequately equipped legal department available, would have been able to defend themselves against the delivery of the keys due to the lack of legal basis in this topic (so far).

However, it is certainly to expect that smaller companies had not much ways to oppose the urge by the U.S. government or the NSA. According to the informant of the U.S. magazine CNet, the U.S. government is mainly trying to get their hands on the master keys from little companies because it is probably not a very hard task for them or the NSA. In addition, according to the source of CNet, it can be assumed that the U.S. authorities, at least, try to get as much SSL-keys as they can.

A spokesperson of Microsoft told the U.S. magazine CNet that he doesn`t want to comment on whether such requests from U.S. authorities arrived at Microsoft in recent years. He assured, however, that no master keys / SSL keys have been issued into the hands of U.S. authorities or the NSA. The spokesperson of Microsoft said that they have not done this and that there is no situation in which they would do this. You virtually receive the same statement about this by Google.

However, Sarah Feinberg, spokeswoman of the social network Facebook, said that they had not received any inquiries regarding the SSL keys and that Facebook would aggressively defend themselves against such requests about this. Other large companies have in general declined to comment on this topic.

However, it is likely that several intelligence agencies are very keen to get the appropriate (SSL) keys into their hands due to the situation that more and more web services, social networks and companies protect their online communications by the use of SSL certificates, but also the content of the backbones are coded and therefore, they are no more easily to be monitored by intelligence agencies or / and the U.S. authorities.

Share this:

Related