Bullrun (decryption program)
National Security Agency surveillance
Map of global NSA data collection
Bullrun or BULLRUN is a clandestine, highly classified decryption program run by the United States National Security Agency (NSA). The British signals intelligence agency Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill.
According to the NSA's BULLRUN Classification Guide, which was published by The Guardian, BULLRUN is not a Sensitive Compartmented Information (SCI) control system or compartment, but the codeword has to be shown in the classification line, after all other classification and dissemination markings. Information about the program's existence was leaked in 2013 by Edward Snowden.
Access to the program is limited to a group of top personnel at the Five Eyes (FVEY), NSA and the signals intelligence agencies of Britain, Canada, Australia, and New Zealand. Signals that cannot be decrypted with current technology may be retained indefinitely while the agencies continue to attempt to decrypt them.
Through the NSA-designed Clipper chip and the Skipjack algorithm it implemented, CALEA, the Cyberspace Electronic Security Act and restrictions on the export of encryption software, the U.S. government had publicly attempted in the 1990s to ensure its access to communications and ability to decrypt. The government's promotion of key escrow, a euphemism for a backdoor, had met with criticism and little success. Beginning in 2000, as encryption tools were gradually blanketing the Web, the NSA invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. It set out to stealthily influence and weaken encryption standards and obtain master keys—either by agreement, by force of law, or by computer network exploitation (hacking). The NSA also relies on hardware-accelerated decryption for brute-force attacks.
As part of Bullrun, NSA has also been actively working to "Insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets". The New York Times has reported that the random number generator Dual_EC_DRBG contains a back door from the NSA, which would allow the NSA to break encryption keys generated by the random number generator. Even though Dual_EC_DRBG was known to be an insecure and slow random number generator soon after the standard was published, and the potential NSA backdoor was found in 2007, and alternative random number generators without these flaws were certified and widely available, RSA Security continued using Dual_EC_DRBG in the company's BSAFE toolkit and Data Protection Manager until September 2013. While RSA Security has denied knowingly inserting a backdoor into Dual_EC_DRBG, it has not yet given an explanation for the continued usage of Dual_EC_DRBG after its flaws became apparent in 2006 and 2007.
The name "BULLRUN" was taken from the First Battle of Bull Run, the first major battle of the American Civil War. Its predecessor "Manassas", is both an alternate name for the battle and where the battle took place. "EDGEHILL" is from the Battle of Edgehill, the first battle of the English Civil War.
- Ball, James, Borger, Julian, and Greenwald, Glenn (September 5, 2013). "US and UK spy agencies defeat privacy and security on the internet". The Guardian.
- Perlroth, Nicole, Larson, Jeff, and Shane, Scott (September 5, 2013). "The NSA’s Secret Campaign to Crack, Undermine Internet Security". ProPublica. "This story has been reported in partnership between The New York Times, the Guardian and ProPublica based on documents obtained by The Guardian. For the Guardian: James Ball, Julian Borger, Glenn Greenwald; For the New York Times: Nicole Perlroth, Scott Shane; For ProPublica: Jeff Larson"
- Mike Godwin (May 2000). "Rendering Unto CESA: Clinton's contradictory encryption policy.". Reason. Retrieved 2013-09-09. "[...] there was an effort to regulate the use and sale of encryption tools, domestically and abroad. [...] By 1996, the administration had abandoned the Clipper Chip as such, but it continued to lobby both at home and abroad for software-based "key escrow" encryption standards."
- "Administration Statement on Commercial Encryption Policy". July 12, 1996. Retrieved 2013-09-09. "Although we do not control the use of encryption within the US, we do, with some exceptions, limit the export of non-escrowed mass market encryption to products using a key length of 40 bits."
- "Secret Documents Reveal N.S.A. Campaign Against Encryption". New York Times.
- "New York Times provides new details about NSA backdoor in crypto spec". Ars Technica.
- Matthew Green. "RSA warns developers not to use RSA products".
- Ward, Mark (6 September 2013). "Snowden leaks: US and UK 'crack online encryption'". BBC News. Retrieved 6 September 2013.