'The NSA has worked to make widely used technology less secure'

'The NSA has worked to make widely used technology less secure'

Summary: Disclosures about the U.S. intelligence agency's encryption-busting activities are making many people question everything about digital security.

SHARE:
6

In cyber security, there are white hats and black hats.

Can hats be gray, too?

That's the question in my mind as new reports from The Guardian, The New York Times and ProPublica reveal that the National Security Agency of the United States "has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world."

To say this news is troubling is a massive understatement, regardless of one's personal politics. (If there is any coffee left in your morning pot, now's the time to have another pour.)

This weekend, The New Yorker's Matt Buchanan brought it home:

The most damning aspect of the new disclosures is that the N.S.A. has worked to make widely used technology less secure. The Times reports that in 2006, the N.S.A. intentionally introduced a vulnerability into an encryption standard adopted by both the National Institute of Standards and Technology and the International Organization for Standardization. This is deeply problematic, [researcher Matthew] Green writes, because the cryptographic industry is "highly dependent on NIST standards." The N.S.A. also uses its Commercial Solutions Center, which invites companies, including start-ups, to show their technology to the agency under the guise of improving security, in order to "leverage sensitive, cooperative relationships with specific industry partners" and covertly make those products more susceptible to N.S.A.'s surveillance.

If you've ever traveled in the U.S. and used Transportation Security Administration-approved luggage locks while reading a newspaper detailing how TSA agents sometimes rifle through personal items for things to steal, you know the feeling brought on by the disclosures above. Private companies comply with a government's demands in the name of security, then watch as that government becomes their worst enemy under the guise of good intentions.

How far can a white hat hacker go before it gets too much dirt on its hands? That's the sizeable gray area in these latest revelations.

Topics: Security, Government US

Andrew Nusca

About Andrew Nusca

Andrew Nusca is a former writer-editor for ZDNet and contributor to CNET. During his tenure, he was the editor of SmartPlanet, ZDNet's sister site about innovation.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Never mind interfering in Syria ...

    ... can we have the people responsible serving life sentences and can we have reparations from the US to the world by way of apology?
    jacksonjohn
  • Just another day at the KGB...

    "We have seen the enemy and he is us."
    But at least the details are finally coming out into the light.
    LetsGoDiving
  • This is going to go on for a while yet

    Most people don't give a toss. There are going to have to be a few disasters, e.g. people incorrectly thrown in jail or punnished based on thier meta data for there to be change.

    Most people think this is chicken little stuff, its just like when the climate change debate first started.
    NZO893
    • People incorrectly thrown in jail?

      Has happened countless times, even with death row inmates, and possibly even with some who were executed. Has anybody cared?
      hydroxide
  • Trust

    Next they'll tell us we're $17 Trillion in debt and facing an unfunded, massive healthcare overhaul that even Warren Buffet describes as a "huge problem".
    danmckimmDaniel
  • um, decrypting communication and gathering intelligence is their job

    What do you think you have been paying for all these years?

    Its not like they are using the IRS to target those who disagree with them politically or selling guns to Mexican drug lords and blaming US vendors or dropping bombs on suspected terrorists, blowing up women and children in foreign lands in misguided efforts that aid those that would do us harm or taking over what used to be the worlds largest car company or the home loan industry or the school loan industry or the health care industry or selling us out to the banking industry or enshrining corporate malfeasance with "too big to fail" policy making - while pretending its someone else's fault and suggesting they could do so much better if only we would vote them more power and more money and get rid of pesky people who don't agree with them.
    jeyost@...