Friday, September 20, 2013
In League With the Devil. How the NSA is Giving Organized Crime a Cyber-Leg Up
It was all done in the name of national security and who can argue with that? Certainly not organized crime. From The Economist:
Many cryptographic systems in use on the internet, it seems, are not "properly implemented", but have been weakened by flaws deliberately introduced by the NSA as part of a decade-long programme to ensure it can read encrypted traffic.
The extent and nature of the programme is still unclear, but it appears to involve getting software companies and internet service providers to insert secret vulnerabilities, or backdoors, into apparently secure systems. This can be done by introducing deliberate errors into software or hardware designs, many of which are developed in collaboration with the NSA; or by recommending the use of security protocols that the NSA knows to be insecure, in its dual role as cryptographic standards-setter and codebreaker.
...the latest allegations are worrying for three reasons.
First, the NSA's actions may have weakened overall internet security, on which billions of people rely for banking and payments, with backdoors that can be exploited by criminals, not just intelligence agencies. Second, this undermines confidence in American technology companies, none of which can now be trusted when they say their products are secure, and makes it very difficult for America to criticise authoritarian regimes for interfering with the internet, or to claim (as it does) that it is the best guardian of the internet's addressing system. Third, the NSA seems to have done by stealth what it could not do openly. During the 1990s the agency unsuccessfully lobbied for backdoors to be added to all communications systems. Having lost the argument, it has apparently gone ahead and implemented them on the sly.
All this adds to the impression that oversight of the NSA has not kept pace with the rapid expansion of its activities. Having once spied on a small number of specific targets, it now conducts online surveillance on a vast scale. It has spied on drug dealers, tax evaders and foreign firms, none of which pose a threat to national security. NSA employees have used its systems to spy on their former lovers. Snowden's ability to walk off with a stash of NSA documents is grave evidence of a woeful lack of internal controls. He has gone public, but could just as easily have put his stolen documents to criminal use – as others in his position may already have done.