NSA whistleblower: No software is 'safe from surveillance'

A former NSA official said the agency has "more resources" for surveillance than the average user can ever hope to defend against.
Written by Zack Whittaker, Contributor
NSA whistleblower William Binney in 2013.
(Image: file photo via Wikimedia Commons)

William Binney doesn't have a membership card to the small group of which he's a part -- people who have spoken out against the National Security Agency, and been left relatively unscathed -- but at least he has the next best thing, a valid passport.

The former National Security Agency official, who spent three decades of his life in espionage -- and is said to have been one of the reasons why Edward Snowden took and handed thousands of classified documents to journalists two years ago -- still talks about his time in the intelligence community.

"The biggest threat to US citizens is the US government," said Binney in a Reddit "ask me anything" session on Wednesday.

Which in itself would be a bold claim if it weren't for the most recent revelations, which we can thank his whistleblowing "successor" for.

The NSA, once called the "No Such Agency" for its clandestine and secretive operations, has been embroiled in a string of intelligence-gathering and law-bending practices that have not only ensnared much of the world's communications, but also the data belonging to Americans -- the same people the agency is tasked with protecting.

One of those operations included developing cyberweapons based on hardware and software security vulnerabilities.

"I don't think any software is safe from surveillance," said Binney, in response to a question about free and open-source operating systems and software, such as Linux.

A few days earlier, the NSA, known for exploiting vulnerabilities in software, said in more than 90 percent of cases it would disclose flaws, with the exception of when "national security reasons" outweigh the public good. The NSA did not say when it would disclose those flaws, however, leaving open the possibility that they are used before they are turned over to be fixed.

Binney's comments run contrary to how many see, in particular, open-source software, which many regard as more secure than closed-off systems, like Windows.

Ladar Levison, founder of Lavabit, the encrypted email service said to have been used by Snowden prior to his departure from the US, said in phone conversation earlier this year that although he distrusts some US software, "you don't have to distrust everything."

"The true problem is that you don't know what can be trusted and what can't. I personally find myself seeking open platforms, systems, and tools, where I can go in and look -- or at least if not myself, one of my peers," he said.

Other open-source developers, like Cryptocat developer Nadim Kobeissi, have also said that open-source code makes it near-impossible to include backdoors.

Asked what can be done to counter the government's mass surveillance operations, Binney jokingly said, "use smoke signals."

"With NSA's budget of over $10 [billion] a year, they have more resources to acquire your data than you can ever hope to defend against," said Binney.

Indeed, in speaking to ZDNet earlier this year, Binney said the NSA's scope and reach are drawing in so much data that it's no longer effective. He added that the agency's "collect it all" mentality is more than it can handle, which he called it a "bulk data failure."

Binney remains critical of the NSA's activities, more than a decade after he departed the agency.

The whistleblower ended his three-decade career at the agency a month after the September 11 attacks in 2001, and days after controversial counter-terrorism legislation was enacted -- the Patriot Act -- in the wake of the attacks. His departure came after a program he helped develop was scrapped three weeks prior to the attacks in New York City, replaced by a system he said was more expensive and more intrusive.

Little has changed in the past two years since the Snowden surveillance bombshells, except for a minor shift in the law, which later this month will end the agency's bulk phone records collection program.

Binney, who previously criticized "secret" laws, such as executive orders that are used when all other legal powers are exhausted, said that the only way to rein in the agency's activities are with greater changes to the law.

"If you sit and do nothing, you are f**ked," he said.

Editorial standards