Judges Poised to Hand U.S. Spies the Keys to the Internet
BY KEVIN POULSEN
How does the NSA get the private crypto keys that allow it to bulk eavesdrop on some email providers and social networking sites? It’s one of the mysteries yet unanswered by the Edward Snowden leaks. But we know that so-called SSL keys are prized by the NSA – understandably, since one tiny 256 byte key can expose millions of people to intelligence collection. And we know that the agency has a specialized group that collects such keys by hook or by crook. That’s about it.
Which is why the appellate court challenge pitting encrypted email provider Lavabit against the Justice Department is so important: It’s the only publicly documented case where a district judge has ordered an internet company to hand over its SSL key to the U.S. government — in this case, the FBI.
If the practice — which may well have happened in secret before — is given the imprimatur of the U.S. 4th Circuit Court of Appeals, it opens a new avenue for U.S. spies to expand their surveillance against users of U.S. internet services like Gmail and Dropbox. Since the FBI is known to work hand in hand with intelligence agencies, it potentially turns the judiciary into an arm of the NSA’s Key Recovery Service. Call it COURTINT.