The National Security Agency is developing an encrypted search technology to prevent third parties from spying on the agency’s queries made via third-party servers. Oh, the irony!
Privacy has become one of the biggest concerns in the recent months, with the ubiquity of mobile devices (which can all be used to spy on users), plus the disclosures of whistleblower Edward Snowden regarding the National Security Agency’s activities that target both US citizens and foreign individuals. With these disclosures have come the clamor for government to ensure that the privacy of innocent people is kept intact.
Eavesdropping and espionage do have their place in the world. The ideal is for authorities to use intelligence to spot potential trouble ahead of time. This can even prevent any untoward incidents in which innocent lives might be lost or adversely affected. But the concern here is how to find a balance between freedom and security. With our dependence on online services like communication and social networking applications, these service providers have grown to become Big Brother-esque.
The NSA — along with spy agencies like the British GCHQ — has become the target of criticism of late, with exposés left and right about how these government agencies are taking advantage of mobile networks, mobile applications and even device assets like the microphone and camera, in executing their espionage work. There is also concern that government agents’ activities might be vulnerable to eavesdropping or leakages, too.
To address this, government has funded research into how spy agencies can, themselves, avoid being spied upon. The Office of the Director of National Intelligence has employed at least five research teams to develop a system that can enable a third-party to store records that are accessible to government on demand, but will evade discovery and access by third parties, even by the owners of the data centers themselves.
One such project is the Security and Privacy Assurance Research project. While the project does not specifically cite NSA use, the DNI has confirmed that the research is relevant to the agency’s phone records program.
Such records can include communication records, content and other information that the NSA can use in keeping track of target individuals. At present, such data is stored on the agency’s datacenters. In government’s aim to resolve legal and privacy concerns, President Obama has ordered the agency to offload storage of this data onto third-party datacenters. Information can then be accessed through encrypted searches.
Other parallel projects are being undertaken at other university-based teams: one from UC Irvine, a team from University of Wisconsin-Madison and the University of Texas at Austin, another team from MIT, Yale and Rensselaer Polytechnic Institute, and LA-based firm Stealth Software Technologies.
Some officials are concerned that storing data offsite might make it vulnerable to attacks. Meanwhile, an encrypted search would require more resources than an un-encrypted one. However, this would make it possible for government to simply let telephone companies hold the call, messaging and IP-based data within their own datacenters. Intelligence agenies can then conduct its own searches, without the telcos knowing which records are being searched.
In short, the NSA wants a way to avoid having to store data in its own turf, but wants technology that can sift through data stored elsewhere without being snooped upon. Still, there is no assurance that the concerned agencies will be able to access only the records that they intend to access, and that there will be adequate oversight on the actual use of data.