'The NSA has worked to make widely used technology less secure'

Summary:Disclosures about the U.S. intelligence agency's encryption-busting activities are making many people question everything about digital security.

In cyber security, there are white hats and black hats.

Can hats be gray, too?

That's the question in my mind as new reports from The Guardian, The New York Times and ProPublica reveal that the National Security Agency of the United States "has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world."

To say this news is troubling is a massive understatement, regardless of one's personal politics. (If there is any coffee left in your morning pot, now's the time to have another pour.)

This weekend, The New Yorker's Matt Buchanan brought it home:

The most damning aspect of the new disclosures is that the N.S.A. has worked to make widely used technology less secure. The Times reports that in 2006, the N.S.A. intentionally introduced a vulnerability into an encryption standard adopted by both the National Institute of Standards and Technology and the International Organization for Standardization. This is deeply problematic, [researcher Matthew] Green writes, because the cryptographic industry is "highly dependent on NIST standards." The N.S.A. also uses its Commercial Solutions Center, which invites companies, including start-ups, to show their technology to the agency under the guise of improving security, in order to "leverage sensitive, cooperative relationships with specific industry partners" and covertly make those products more susceptible to N.S.A.'s surveillance.

If you've ever traveled in the U.S. and used Transportation Security Administration-approved luggage locks while reading a newspaper detailing how TSA agents sometimes rifle through personal items for things to steal, you know the feeling brought on by the disclosures above. Private companies comply with a government's demands in the name of security, then watch as that government becomes their worst enemy under the guise of good intentions.

How far can a white hat hacker go before it gets too much dirt on its hands? That's the sizeable gray area in these latest revelations.

Topics: Security, Government : US

About

Andrew Nusca is a former writer-editor for ZDNet and contributor to CNET. He is also the former editor of SmartPlanet, ZDNet's sister site about innovation. He writes about business, technology and design now but used to cover finance, fashion and culture. He was an intern at Money, Men's Vogue, Popular Mechanics and the New York Daily Ne... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.