BULLRUN, EFF document archive, slide #2.

BULLRUN, EFF document archive, slide #2.


BULLRUN is an NSA programme aimed at decrypting encrypted network traffic [GUA01]. Decryption capabilities include inserting vulnerabilities into commercial encryption tools and IT systems, collaboration with other intelligence agencies, and “advanced mathematical techniques” [NYT01, GUA02]. The programme has the ability to decrypt data flowing through major communications provides and peer-to-peer tools such as Skype [NYT02].

Encryption keys are harvested from servers and held in a Key Provisioning Service, which can automatically decrypt traffic if a key is available, or otherwise ask a Key Recovery Service to obtain the key [NYT02].

The programme also seeks to “influence policies, standards and specifications for commercial public key technologies” [NYT02]. The NSA is believed to have inserted a cryptographic backdoor into a standard published by the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO), and to have paid a U.S. software company to implement the flawed standard [REU01].

GCHQ has a similar programme named EDGEHILL [GUA01]. GCHQ has been working to develop methods to decrypt the traffic of Hotmail, Google, Yahoo and Facebook, and proposed a system to decrypt data from fibre-optic cable tapping programmes such as TEMPORA in “near-real time” [GUA01].


  • Decryption of:
    • Transport Layer Security/Secure Sockets Layer (TLS/SSL)
    • Encrypted web traffic (HTTPS)
    • Secure Shell (SSH)
    • Virtual Private Networks (VPNs)
    • Voice over Internet Protocol (VoIP)
    • 4G mobile networks

Exploitation of:

  • Service provider internal networks and cloud storage
  • Commercial encryption software
  • Standards for encryption systems

Data extraction sources:

  • Fibre-optic cables
  • Commercial encryption software
  • Web services (e.g. Hotmail)

Combined with other state surveillance tools:

TEMPORAfibre-optic cable tapping

Layers of operation:


The BULLRUN programme partners with technology companies to insert vulnerabilities, and also uses covert activities to manipulate the development of international encryption standards [GUA01]. However, some companies state that they were coerced into handing over their master encryption keys or creating security holes [NYT01].

The programme can be compared with the Clipper Chip proposal of the 1990s, which aimed to mandate weakened encryption in order to facilitate surveillance [NYT02]. The EFF, U.S. congress and others thwarted that earlier proposal, arguing that it was against the 4th amendment of the U.S. constitution.

Company partners:

  • Unnamed commercial software companies
  • RSA encryption [REU01]
  • Standards organisations


Electronic Frontier Foundation (EFF)
1) https://www.eff.org/document/20141228-spiegel-gchq-presentation-bullrun-programs-decryption-capabilities

Electrospaces (ELE)
1) http://electrospaces.blogspot.co.uk/search?q=bullrun

Guardian (GUA)
1)     http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
2)     http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide

New York Times (NYT)
1) http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html
2) http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html

Reuters (REU)
1) http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220