Tech Companies' Outdated Crypto Eases NSA Snooping

Get with the times, folks


Secret documents describing the National Security Agency's surveillance apparatus have highlighted vulnerabilities in outdated Web encryption used by Facebook and a handful of other U.S. companies.

Documents leaked by former NSA contractor Edward Snowden confirm that the NSA taps into fiber optic cables "upstream" from Internet companies and vacuums up e-mail and other data that "flows past"—a security vulnerability that "https" Web encryption is intended to guard against.

But Facebook and a few other companies still rely on an encryption technique viewed as many years out of date, which cryptographers say the NSA could penetrate reasonably quickly after intercepting the communications. Facebook uses encryption keys with a length of only 1024 bits, while Web companies including Apple, Microsoft, Twitter, Dropbox, and even MySpace have switched to exponentially more secure 2048-bit keys.