The NSA is capable of breaking the encryption used on most phone calls and text messages worldwide, the latest Edward Snowden leak shows, though it's not certain how often the agency actually does it. Under US law, the NSA can't eavesdrop on citizens' conversations without a court order. But "if the NSA knows how to do this, presumably other intelligence agencies, which may be more hostile to the United States, have discovered how to do this, too," an expert tells the Washington Post. Central to the issue is the fact that most telecommunications companies use encryption technology known as A5/1, despite experts' advice that it's easy to hack.
A5/1 is used extensively in 2G GSM networks, which most of the world uses. Though 3G and 4G networks have taken off in the US, a lot of phones stick with 2G when it comes to calls. In fact, 80% of the planet's phones have weak encryption, or none at all, a Berlin-based security expert tells the Post. The NSA doesn't need an encryption key to get past A5/1, which, a Berkely computer scientist notes, "was designed 30 years ago, and you wouldn’t expect a 30-year-old car to have the latest safety mechanisms." NBC News' take: "If you're vulnerable, blame your carrier":
- Verizon and Sprint use an even older system, CDMA; the Post isn't sure whether the NSA can easily break it.
- AT&T customers may use 2G in particularly busy or remote areas. The firm says it's boosting encryption on sections of its network.
- T-Mobile hasn't said whether it's using tougher A5/3 encryption, but the company says it's "continuously implementing advanced security technologies in accordance with worldwide recognized and trusted standards."
(More
NSA stories.)