The NSA has deliberately weakened encryption standards. This has introduced back doors that could be exploited by criminals and foreign intelligence services. This undermines trust in America to lead standards making.
The NSA can decrypt SSL and VPN technologies, widely used to secure internet communications and conduct business on the internet. How long before other countries who use criminal activity for their own benefit (China) take the same path to steal commercial information and money.
Firms that provide encryption technology to the NSA for evaluation are actually opening themselves to be influenced by the NSA into introducing back doors into their products. How long will companies continue to use NSA resources to improve encryption, if it just results in new back doors. How long will the world trust American technology companies.
A more general NSA classification guide reveals more detail on the agency's deep partnerships with industry, and its ability to modify products. It cautions analysts that two facts must remain top secret: that NSA makes modifications to commercial encryption software and devices "to make them exploitable", and that NSA "obtains cryptographic details of commercial cryptographic information security systems through industry relationships".
Ladar Levison may have summed up the damage to America's commercial interests best:
“Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
Posts
