Showing posts with label encryption. Show all posts
Showing posts with label encryption. Show all posts

Thursday, September 5, 2013

The NSA Is Destroying Trust Required For Use of Cyberspace

It was widely reported today by the AP and others that the NSA and the British GCHQ is undermining the efficacy of internet encryption.  The end result of their efforts will harm the world economy, as the trust needed for commerce in cyberspace is eroded.   Details are on the Guardian and ProPublica.  Even these reports are not complete, news agencies have admitted that they omitted details at the request of intelligence agencies.  ProPublica has the most detailed report; I recommend that every citizen read it all. Key issues and consequences are summarized here.

The NSA has deliberately weakened encryption standards.  This has introduced back doors that could be exploited by criminals and foreign intelligence services.  This undermines trust in America to lead standards making.

The NSA can decrypt SSL and VPN technologies, widely used to secure internet communications and conduct business on the internet.  How long before other countries who use criminal activity for their own benefit (China) take the same path to steal commercial information and money.

Firms that provide encryption technology to the NSA for evaluation are actually opening themselves to be influenced by the NSA into introducing back doors into their products.  How long will companies continue to use NSA resources to improve encryption, if it just results in new back doors.  How long will the world trust American technology companies.
A more general NSA classification guide reveals more detail on the agency's deep partnerships with industry, and its ability to modify products. It cautions analysts that two facts must remain top secret: that NSA makes modifications to commercial encryption software and devices "to make them exploitable", and that NSA "obtains cryptographic details of commercial cryptographic information security systems through industry relationships".

Ladar Levison may have summed up the damage to America's commercial interests best:
“Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”