Is the NSA keeping your encrypted traffic forever?

Much has been written recently about the NSA’s program to systematically defeat the encryption methods used on the internet and in other communications technologies – Project Bullrun, in the parlance of our times. We’ve learned that the NSA can read significant quantities of encrypted traffic on the web, from mobile phone networks, and on virtual private networks, which companies use to connect remote employees or offices to their corporate networks over the public Internet. Knowing this leaves me with a question: if the NSA captures and decrypts an enciphered message, how are the spoils to be handled? Does an encrypted e-mail or web session between people within the United States enjoy the same protections as an unencrypted e-mail between the same people?

The surprising answer appears to be that encrypted messages get less protection!

Consider the NSA’s procedures for “minimizing” (that is, deleting or redacting) information that the NSA obtains about U.S. persons when targeting non-U.S. persons. In this document, which leaked earlier in the summer, we learn about all sorts of ways the NSA can hold onto domestic communications without a warrant or court order, if they’re found in the course of targeting foreign communications. The NSA is supposed to delete all domestic communications immediately, with some specific exceptions. In particular, in the NSA’s minimization procedures, we find that “In the context of a cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis” (Page 5, Bullet 3(a); emphasis added).

So the NSA can keep information, even about Americans, if it is “subject to … cryptanalysis.” What does this mean? A close read of the document suggests two possible interpretations.

In the first interpretation, this authority might exist to support the human process of learning how to break a cryptosystem. That is, if a researcher at the NSA wants to keep some encrypted material to learn how to decipher it, then that’s allowed, even if the decrypted message turns out to be from an American. That’s the narrowest possible interpretation of the language, anyway.

The second interpretation, which the EFF, among others, argued is the more natural one, reads it as allowing the NSA to keep arbitrary domestic encrypted communications. As it’s written, it appears to allow (and even to require) the NSA to keep encrypted data for a very long time.

This is remarkable—if the NSA can keep encrypted messages without a warrant even if they’re purely domestic, and if the NSA can really decrypt a substantial fraction of encrypted messages, then encryption actually improves the NSA’s ability to retain and read your traffic! Indeed, it would appear that encrypting your e-mail, browsing over SSL, and doing lots of other “privacy conscious” things might well make Americans’ data more available for NSA analysis, not less!

So can the NSA keep your online banking session for longer than they can keep your call records? Or can they keep the fact that you read this blog post (over HTTPS, if you read it on the original site) longer than they can keep the fact that you read a silly listicle on BuzzFeed (over HTTP)? It appears they can.

Does that mean you should despair and uninstall HTTPS Everywhere? Probably not — after all, an ounce of prevention is worth a pound of FISA warrants (er, that’s the proverb, right?). We don’t yet know exactly which crypto the NSA can defeat and what leaves them stymied. But what we do know is that what initially appeared to be a small loophole in the NSA’s minimization procedures might turn out to be the legal authority to spy on almost any (encrypted) domestic communication.