The National Security Agency can easily defeat the world's most widely used cellphone encryption, a capability that means the agency can decode most of the billions of calls and texts that travel over public airwaves each day, according to published report citing documents leaked by Edward Snowden.

The NSA "can process encrypted A5/1" calls even when agents don't have the underlying cryptographic key, The Washington Post reported Friday , citing this top-secret document provided by former NSA contractor Snowden. A5/1 is an encryption cipher developed in the 1980s that researchers have repeatedly cracked for more than a decade. It remains widely used to encrypt older, 2G cellphone calls. Newer phones can still use A5/1, even when showing they're connected to 3G or 4G networks.

In the past five years, cracking A5/1 has grown increasingly easier and less costly. In 2010 researchers unveiled a technique that cost about $650 and relied on open-source software and off-the-shelf hardware. Next-generation spy devices sold to militaries and law-enforcement groups have long marketed the ability to eavesdrop on A5/1-protected calls, too. Despite the growing susceptibility of A5/1, it remains widely used, Karsten Nohl, chief scientist at Security Research Labs in Berlin, told The Washington Post. Reporters Craig Timberg and Ashkan Soltani explained:

But even where such updated networks are available, they are not always used, because many phones often still rely on 2G networks to make or receive calls. More than 80 percent of cellphones worldwide use weak or no encryption for at least some of their calls, Nohl said. Hackers also can trick phones into using these less-secure networks, even when better ones are available. When a phone indicates a 3G or 4G network, a voice call might actually be carried over an older frequency and susceptible to decoding by the NSA.

On Monday, USA Today reported that at least 25 police departments in the US own devices that can mimic cell towers in a way that tricks targeted phones into directing communications to interception devices that can automatically defeat encryption.

In recent years critics have repeatedly called on carriers to retire A5/1 in place of A5/3, a newer encryption scheme that Nohl has estimated requires about 100,000 times more computing power to break. The increased burden means the NSA can probably still listen to calls that are protected by A5/3, but because the agency doesn't have the resources to do it to all calls, it must narrowly target which ones are targeted. It remains unclear what capabilities the NSA has for cracking encryption in cellphone calls carried by Verizon, Sprint, and other networks that use CDMA technology.