Editing National Security Agency (section)

==== Bypassing encryption ====
In 2013, reporters uncovered a secret memo that claims the NSA created and pushed for the adoption of the [[Dual EC DRBG]] encryption standard that contained built-in vulnerabilities in 2006 to the United States [[National Institute of Standards and Technology]] (NIST), and the [[International Organization for Standardization]] (aka ISO).<ref>{{cite news |first=Nicole |last=Perlroth |url=http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore-confidence-on-encryption-standards/ |title=Government Announces Steps to Restore Confidence on Encryption Standards |website=The New York Times |type=Bits blog |date=September 10, 2013 |access-date=June 7, 2024 |archive-date=July 12, 2014 |archive-url=https://web.archive.org/web/20140712084931/http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore-confidence-on-encryption-standards/ |url-status=live }}</ref><ref name=pp20130905 /> This memo appears to give credence to previous speculation by cryptographers at [[Microsoft Research]].<ref>{{cite web |url=https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html |title=Schneier on Security: The Strange Story of Dual_EC_DRBG |publisher=Schneier.com |date=November 15, 2007 |access-date=October 9, 2013 |archive-date=April 23, 2019 |archive-url=https://web.archive.org/web/20190423212823/https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html |url-status=live }}</ref> [[Edward Snowden]] claims that the NSA often bypasses the encryption process altogether by lifting information before encryption or after decryption.<ref name=pp20130905>{{cite news|url=https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption|title=The NSA's Secret Campaign to Crack, Undermine Internet Security|date=September 5, 2013|publisher=[[ProPublica]]|author=Perlroth, Nicole, Larson, Jeff, and Shane, Scott|quote=This story has been reported in partnership between The New York Times, the Guardian and ProPublica based on documents obtained by The Guardian. For the Guardian: [[James Ball (journalist)|James Ball]], Julian Borger, Glenn Greenwald; For the New York Times: Nicole Perlroth, Scott Shane; For ProPublica: Jeff Larson|access-date=June 7, 2024|archive-date=February 21, 2020|archive-url=https://web.archive.org/web/20200221043243/https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption|url-status=live}}</ref>

[[XKeyscore]] rules (as specified in a file xkeyscorerules100.txt, sourced by German TV stations [[Norddeutscher Rundfunk|NDR]] and [[Westdeutscher Rundfunk|WDR]], who claim to have excerpts from its source code) reveal that the NSA tracks users of privacy-enhancing software tools, including [[Tor (network)|Tor]]; an anonymous email service provided by the [[MIT Computer Science and Artificial Intelligence Laboratory]] (CSAIL) in Cambridge, Massachusetts; and readers of the ''[[Linux Journal]]''.<ref name=NDR>{{cite news |author1=J. Appelbaum |author2=A. Gibson |author3=J. Goetz |author4=V. Kabisch |author5=L. Kampf |author6=L. Ryge |title=NSA targets the privacy-conscious |url=http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html |access-date=July 4, 2014 |work=Panorama |publisher=Norddeutscher Rundfunk |date=July 3, 2014 |archive-date=July 3, 2014 |archive-url=https://web.archive.org/web/20140703215350/http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html |url-status=live }}</ref><ref>{{cite news |author1=Lena Kampf, Jacob Appelbaum |author2=John Goetz, Norddeutscher Rundfunk |name-list-style=amp |url=https://www.tagesschau.de/inland/nsa-xkeyscore-100.html |title=Deutsche im Visier des US-Geheimdienstes: Von der NSA als Extremist brandmark |date=July 3, 2014 |publisher=[[ARD (broadcaster)|ARD]] |language=de |access-date=June 7, 2024 |archive-date=July 3, 2014 |archive-url=https://web.archive.org/web/20140703074652/http://www.tagesschau.de/inland/nsa-xkeyscore-100.html |url-status=live }}</ref>