News that the US government’s National Security Agency (NSA) has been snooping into the phone records of Verizon customers quickly escalated into reports that it also had backdoor access to the major technology companies, including Apple, Google and Facebook.
The leaked documents- supplied by a discontented spy, claim that the project gives the NSA access to email, chat logs, any stored data, voice traffic, file transfers and social networking data.
While it was primarily aimed at counter-terrorism, the scale of it meant huge swathes of citizen data were also sucked up, according to the two newspapers.
They claimed that the NSA can even conduct live surveillance of someone doing a Google search.
The companies were very quick to deny that they offered “direct access” to their servers, leading many commentators to ask whether that actually meant that they offered indirect access or whether the NSA was perhaps filtering traffic independently.
For digital forensics expert Prof Peter Sommer, the seeming clash between what the leaked documents suggest and the denials of the firms indicate the access was limited in scale.
The idea that the authorities acted independently is unlikely as Facebook and Google claim to encrypt data transfers, so the spooks would also need to spent time decryppting the data.
Governments around the world are keen to increase the access that the police, as well as the intelligence services, have to internet communications.
New laws are needed as internet communication changes, they argue.
But getting the wording of such legislation right can be a minefield.
In the UK, the draft Communications Data Bill aka Snoopers Charter was recently dropped because the Liberal Democrats considered it far too wide in scope, and similar legislation in the US is facing controversy.
The problem is that it is not possible to build a communications system that allows the FBI and others surreptitious access but doesn’t allow similar access by others. When it comes to security, we have two options: We can build our systems to be as secure as possible from eavesdropping, or we can deliberately weaken their security. We have to choose one or the other.
Equally military-grade encryption is now routinely available rendering emails unreadable. And steganography, the method of hiding information within other information, is also giving the authorities a real headache.