Thought my connection to Google was almost always under the HTTPS protocol... can someone explain to me how the NSA has broken SSL encryption to possibly THE largest internet company in the world?
I'll probably get shot for this but in the shared source license there are a number of huge holes around the signing key code. NSAKEY doesn't exist any more but its more suspicious when there is just no code there.
I wouldn't trust Microsoft - the world's largest Trojan.
Not sure how this relates. Article/interviewee is stipulating that the NSA intercepts all communications at the telecom level (as far as I understand). It doesn't say how this device also magically breaks encryption on encrypted data.
I guess you are saying that Google willingly allows the NSA to decrypt the data? What would Google have to gain there? Because they certainly have a lot to lose.
They don't need to break encryption for telecom interception to be worthwhile. Most email is not encrypted.
Knowing what web sites you go to, if you are otherwise interesting, is worth knowing even if they can't read the bits. Pen registers do that with phones, and that's valuable enough that there are legal protocols about it. https://en.wikipedia.org/wiki/Pen_register
Just because you can't eat the whole enchilada doesn't mean the beans aren't worthwhile.
The email may not be encrypted, but as long as the data transfer was made under a secure protocol, there's not much of a difference. Only difference is that Google themselves can view your email in plaintext. But in terms of a man in the middle attack, I'm failing to see the difference.
A good argument can then also be that you should never trust emails outside your own provider? If you are sending to an @gmail to @gmail, you should be covered a bit better?
How? By hiring all the mathematicians in the world. I don't see how the size of the company would matter. Also, they are US-based, and have to comply with US cryptography laws. But even if their SSL was unbreakable, the NSA/FBI/etc must have a free pass to Google/Facebook/etc data.
Where does it say that the NSA has open access to Google's data? It says that the NSA most likely collaborated with Google as part of an investigation of the hacking of their Chinese servers.
The burden of proof being so low here on HN on matters like this is alarming.
Well, a little bit. The NSA is the largest employer of Mathematicians in the world, and excluding Universities, they own that title by a very large margin.
What are all of those elite nerds researching? Cryptography.
Only 3-6% of mathematics PhDs produced in the US are hired to government positions each year, with some large portion of that going to the NSA. While that is a lot (and doesn't include the mathematicians hired straight out of bachelors and masters programs), it's minuscule compared to the total number of mathematicians produced each year world-wide ("not even a little bit"), includes many that don't work on cryptography, and is dwarfed by the external security and cryptography community, both in academia (why on earth would you exclude them?) and in business.