{"id":24799,"date":"2014-07-14T15:55:44","date_gmt":"2014-07-14T19:55:44","guid":{"rendered":"http:\/\/www.opensource.im\/?p=24799"},"modified":"2017-04-10T09:46:18","modified_gmt":"2017-04-10T13:46:18","slug":"nsa-spying-hurts-cybersecurity-us-say-privacy-advocates","status":"publish","type":"post","link":"https:\/\/euvolution.com\/open-source-convergence\/encryption\/nsa-spying-hurts-cybersecurity-us-say-privacy-advocates.php","title":{"rendered":"NSA Spying Hurts Cybersecurity for All of Us Say Privacy Advocates"},"content":{"rendered":"<p><em>Some commentary from security advocates, including cryptography writer Bruce Schneier.<\/em><\/p>\n<p><a href=\"http:\/\/time.com\/2966463\/nsa-spying-surveillance-cybersecurity-privacy-advocates-schneier\/\">http:\/\/time.com\/2966463\/nsa-spying-surveillance-cybersecurity-privacy-advocates-schneier\/<\/a><\/p>\n<p><strong>NSA Spying Hurts Cybersecurity for All of Us Say Privacy Advocates<\/strong><\/p>\n<p><em><strong>The surveillance debate has focused on the legality of spying on Americans but some say the biggest danger is in the methods the NSA uses<\/strong> <\/em><\/p>\n<p>Privacy advocates Monday slammed the National Security Agency for conducting surveillance in a way they say undermines cybersecurity for everyone and harms U.S. tech companies.<\/p>\n<p><!--more--><\/p>\n<p>\u201cWe have examples of the NSA going in and deliberately weakening security of things that we use so they can eavesdrop on particular targets,\u201d said Bruce Schneier, a prominent cryptography writer and technologist. Schneier referenced a Reuters report that the NSA paid the computer security firm <a href=\"http:\/\/swampland.time.com\/2014\/01\/21\/privacy-activists-sour-on-rsa\/\" target=\"_blank\">RSA<\/a> $10 million to use a deliberately flawed encryption standard to facilitate easier eavesdropping, a charge RSA has denied. \u201cThis very act of undermining not only undermines our security. It undermines our fundamental trust in the things we use to achieve security. It\u2019s very toxic,\u201d Schneier said.<\/p>\n<p>In the year since former NSA contractor Edward Snowden\u2019s first leaks, attention has focused on the Agency\u2019s surveillance itself, fueling debates over whether it is legal and ethical to spy on American citizens or to eavesdrop on the leaders of allied countries. NSA policies that intentionally undermine cybersecurity too often get left out of the debate, said panelists Monday at a New American Foundation event titled \u201cNational Insecurity Agency: How the NSA\u2019s Surveillance Programs Undermine Internet Security.\u201d<\/p>\n<p>\u201cIf the Chinese government had proposed to put in a backdoor into our computers and then paid a company $10 million to make that the standard we would be furious,\u201d said Joe Hall, chief technologist at the Center for Democracy and Technology. \u201cThat\u2019s exactly what the NSA has become: the best hacker in the entire world.\u201d<\/p>\n<p>In a statement to TIME, the NSA denied it had made the Internet less secure.<\/p>\n<p>\u201cWhile we cannot comment on specific, alleged intelligence-gathering activities, NSA\u2019s interest in any given technology is driven by the use of that technology by foreign intelligence targets. The United States pursues its intelligence mission with care to ensure that innocent users of those same technologies are not affected,\u201d spokesperson Vanee\u2019 Vines said. \u201cOur participation in standards development has strengthened the core encryption technology that underpins the Internet. NSA cannot crack much of the encryption that guards global commerce \u2013 and we don\u2019t want to.\u201d<\/p>\n<p>The tension arises due to the two competing missions of the National Security Agency: electronic surveillance and protecting U.S. systems from cyberattacks.<\/p>\n<p>Nearly all of our online communications are encrypted in some way against <a href=\"http:\/\/time.com\/110210\/ebay-data-breach\/\">cyberattack<\/a>, to protect our bank accounts from thieves and our intimate lives from nosy neighbors. This poses a challenge for the NSA as the agency, since September 11, 2001, has focused less on agents of foreign governments and more on ferreting out terrorist threats. Inevitably the data of innocent people gets caught its dragnet. A <a href=\"http:\/\/time.com\/2959592\/nsa-snowden-normal-internet-users\/\">Washington Post report<\/a> Sunday estimated that 90 percent of those caught in the agency\u2019s data surveillance net\u2014including intimate communications like family photographs and emails between lovers\u2014are everyday Internet users not suspected of wrongdoing, many of them American citizens.<\/p>\n<p>The agency has sought to install \u201cbackdoors,\u201d hardware and software systems with deliberately weakened security, into some of the most commonly used tech products, as it did in the program codenamed <a href=\"http:\/\/newsfeed.time.com\/2013\/06\/06\/prism-by-the-numbers-a-guide-to-the-governments-secret-internet-data-mining-program\/\" target=\"_blank\">PRISM<\/a>. American tech companies say this hurts their business in the international marketplace, where users aren\u2019t keen to use software that comes bugged by an American intelligence agency. Major tech firms, including Google, supported an <a href=\"http:\/\/time.com\/2903953\/nsa-surveillance-fiscal-year-2015-department-of-defense-appropriations-act\/\" target=\"_blank\">amendment<\/a> to the defense budget in May to prohibit the NSA from using funds for this kind of backdoor surveillance.<\/p>\n<p>\u201cMaybe a year ago this sort of language might have seemed unnecessary,\u201d Google Privacy Policy Counsel David Lieber said, \u201cbut now its actually really important to restore trust that these sorts of things are not being requested and\/or required of companies.\u201d<\/p>\n<p>Critics, like panelist Amie Stepanovich, senior policy counsel for the web freedom group Access, say NSA has also worked to crack and undermine encryption standards set by the National Institute of Standards and Technology (the body that establishes the security standards that help protect our email accounts, banking websites, etc.), and hoarded indexes of computer bugs the agency uses to hack into machines rather than reveal the vulnerabilities so they can be fixed.<\/p>\n<p>In the wake of apparently unfounded accusations that the NSA knew about the <a href=\"http:\/\/time.com\/57402\/heartbleed-bug-here-are-the-passwords-you-should-change\/\" target=\"_blank\">Heartbleed<\/a> bug and didn\u2019t help fix it, the administration announced this spring it has \u201cre-invigorated\u201d existing policy on how it decides whether or not to disclose or exploit security vulnerabilities it finds. \u201cBuilding up a huge stockpile of undisclosed vulnerabilities while leaving the Internet vulnerable and the American people unprotected would not be in our national security interest. But that is not the same as arguing that we should completely forgo this tool as a way to conduct intelligence collection,\u201d White House Cybersecurity Coordinator Michael Daniel <a href=\"http:\/\/www.whitehouse.gov\/blog\/2014\/04\/28\/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities\" target=\"_blank\">wrote<\/a> in April.<\/p>\n<p>At its core the question comes down to a cost benefit analysis. \u201cThe fundamental issue,\u201d Schneier said, \u201cis should we compromise the security of everybody in order to access the data of the few.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Some commentary from security advocates, including cryptography writer Bruce Schneier. <a href=\"http:\/\/time.com\/2966463\/nsa-spying-surveillance-cybersecurity-privacy-advocates-schneier\/\" rel=\"nofollow\">http:\/\/time.com\/2966463\/nsa-spying-surveillance-cybersecurity-privacy-advocates-schneier\/<\/a> NSA Spying Hurts Cybersecurity for All of Us Say Privacy Advocates The surveillance debate has focused on the legality of spying on Americans but some say the biggest danger is in the methods the NSA uses Privacy advocates Monday slammed the National Security Agency [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1600,45,46,14099],"tags":[],"class_list":["post-24799","post","type-post","status-publish","format-standard","hentry","category-cryptography","category-encryption","category-nsa-spying","category-privacy-2"],"_links":{"self":[{"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/posts\/24799"}],"collection":[{"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/comments?post=24799"}],"version-history":[{"count":0,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/posts\/24799\/revisions"}],"wp:attachment":[{"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/media?parent=24799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/categories?post=24799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/tags?post=24799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}