has been waging a war against encryption using a battery of methods that include working with industry to weaken encryption standards, making design changes to cryptographic software, and pushing international encryption standards it knows it can break. The Sigint Enabling Project involves industry relationships, clandestine changes to commercial software to weaken encryption, and lobbying for encryption standards it can crack. This excerpt from a 2013 budget proposal outlines some methods the agency uses to undermine encryption used by the public. has long been considered the world's top authority on encryption, it has dual, sometimes competing, roles.
A.’s 2013 budget request outlines the ways in which the agency circumvents the encryption protection of everyday Internet communications. A.'s Sigint Enabling Project is a 0 million-a-year program that works with Internet companies to weaken privacy by inserting back doors into encryption products.
These include support from other organisations, both internal and external to GCHQ.
Access to BULLRUN does NOT imply any “need-to-know” the details of sources and methods used to achieve exploitation and, in general, there will be NO “need-to-know”.
The fact that GCHQ or a 2nd Party partner has a capability against a specific encrypted network security technology – see Annexe for details.The specific instances of these technologies that can be exploited will be published in a separate Annexe (available to BULLRUN indoctrinated staff).The agency has circumvented or cracked much of the encryption that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures basic Internet communications, including the e-mails, Web searches, Internet chats and phone calls of millions of Americans and others around the world. In addition to the specific technologies that GCHQ or its Sigint partners are able to exploit, the methods used to achieve the exploitation must also be protected.The various types of security covered by BULLRUN include, but are not limited to, TLS/SSL, https (e.g.webmail), SSH, encrypted chat, VPNs and encrypted VOIP.