The U.S. intelligence community is reportedly using a fifth of its US$52.6 billion annual budget to fund cryptography-related programs and operations.
Some of those funds are invested in finding weaknesses in cryptographic systems that would allow breaking encrypted communications collected from the Internet and elsewhere, according to a portion of a top-secret document published Thursday by The Washington Post and obtained from former National Security Agency contractor Edward Snowden.
The document is the fiscal year 2013 budget proposal summary for the National Intelligence Program, which spans 16 agencies with over 107,000 employees. The entire report called "FY 2013 Congressional Budget Justification" has 178 pages, according to the Post, but the newspaper only published 17, including a 5-page statement signed by U.S. Director of National Intelligence James Clapper.
In his statement, Clapper listed the primary areas of investment for the intelligence community which included Signals Intelligence (SIGINT). In respect to SIGINT he wrote: "We are bolstering our support for clandestine SIGINT capabilities to collect against high priority targets, including foreign leadership targets. Also, we are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic."
Cryptanalysis is the science of analyzing cryptographic systems in order to find weaknesses that would allow obtaining the contents of encrypted messages without advance knowledge of the encryption key.
Previous documents leaked by Snowden revealed that the NSA is collecting Internet communications en-masse with the help of telecommunication and technology companies. U.S. companies that operate the backbone telecommunications and Internet infrastructure are paid millions of dollars every year by the government to allow the NSA to collect data as it moves through their fiber-optic cables and networks, the Post reported Thursday.
The newly leaked budget reveals that this money is paid through a project called the "Corporate Partner Access" that was expected to cost $278 million during fiscal year 2013, the newspaper said. There are some other payments for "Foreign Partner Access" totalling $56.6 million, although it's not clear if these are for foreign companies, foreign governments or other entities.
The NSA's mass upstream interception of Internet traffic has prompted many people in the security community to wonder what the agency's crypto-cracking capabilities might be in relation to encryption schemes and protocols that are in widespread use on the Internet today. Some crypto experts believe that there is not reason to believe the NSA can crack strong encryption algorithms vetted by scientists, but others said that the feasibility of breaking widely used encryption protocols like SSL/TLS depends on various factors, like key size and other configurations.
While the leaked budget document does not provide details about the NSA's ability to crack encrypted communication, it does confirm that cryptography and cryptanalysis are one of the U.S. intelligence community's key areas of interest.
Twenty-one percent, or roughly $11 billion, of the 2013 budget was intended for the Consolidated Cryptologic Program (CCP), which includes NSA programs and is staffed by around 35,000 employees. This makes it the second most expensive program of the intelligence community after the Central Intelligence Agency program, which was supposed to receive 28 percent of the funds.
Of the $11 billion used to fund the CPP, around $2.5 billion, or 23 percent, were intended for "collection and operations" and $1.6 billion, or 15 percent, for "processing and exploitation." The program's biggest expenses were estimated in the "enterprise management and support" category which was set to receive 26 percent of the funds.