The NSA Is Making Us All Less Safe
An open letter today from a large group of professors – top US computer security and cryptography researchers – slams the damage to ecurity caused by NSA spying:
Inserting backdoors, sabotaging standards, and tapping commercial data-center links provide bad actors, foreign and domestic, opportunities to exploit the resulting vulnerabilities.
The value of society-wide surveillance in preventing terrorism is unclear, but the threat that such surveillance poses to privacy, democracy, and the US technology sector is readily apparent. Because transparency and public consent are at the core of our democracy, we call upon the US government to subject all mass-surveillance activities to public scrutiny and to resist the deployment of mass-surveillance programs in advance of sound technical and social controls. In finding a way forward, the five principles promulgated at http://reformgovernmentsurveillance.com/ [a site launched by Google, Apple, Microsoft, Twitter, Facebook, AOL, Yahoo and LinkedIn] provide a good starting point.
The choice is not whether to allow the NSA to spy. The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life. We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.
The Washington Post notes that these are some of the top names in computer cryptography and security, including heavyweights in the government.
Many other top security experts agree:
- IT and security professionals say spying could mess up the safety of our internet and computer systems
- The Electronic Frontier Foundation notes:
“By weakening encryption, the NSA allows others to more easily break it. By installing backdoors and other vulnerabilities in systems, the NSA exposes them to other malicious hackers—whether they are foreign governments or criminals. As security expert Bruce Schneier explained, ‘It’s sheer folly to believe that only the NSA can exploit the vulnerabilities they create.’”
- Schneier provides details:
“[NSA spying] breaks our technical systems, as the very protocols of the Internet become untrusted.
The more we choose to eavesdrop on the Internet and other communications technologies, the less we are secure from eavesdropping by others. Our choice isn’t between a digital world where the NSA can eavesdrop and one where the NSA is prevented from eavesdropping; it’s between a digital world that is vulnerable to all attackers, and one that is secure for all users.
We need to recognize that security is more important than surveillance, and work towards that goal.”
- Another expert on surveillance and cybersecurity – Jon Peha, former chief technology officer of the FCC and assistant director of the White House’s Office of Science and Technology – says that the NSA’s spying program “inevitably makes it easier for criminals, terrorists and foreign powers to infiltrate these systems for their own purposes”
- “The risk is that when you build a back door into systems, you’re not the only one to exploit it,” said Matthew D. Green, a cryptography researcher at Johns Hopkins University. “Those back doors could work against U.S. communications, too.”
- The inventor of the World Wide Web agrees
- The stakes are high:
“A team of  UK academics specialising in cryptography has warned … that ‘by weakening all our security so that they can listen in to the communications of our enemies, [the agencies] also weaken our security against our potential enemies‘….
The biggest risk, they imply, is that civilian systems and infrastructure – perhaps including physical systems such as the power grid – could become vulnerable to attack by state-sponsored hackers who are capable of exploiting the same ‘backdoors’ in software that have been planted there by the western agencies.”
- And the NSA’s big data collection itself creates an easy mark for hackers. Remember, the Pentagon itself sees the collection of “big data” as a “national security threat” … but the NSA is the biggest data collector on the planet, and thus provides a tempting mother lode of information for foreign hackers
And see this.