As Tech Companies Create Alibis, Experts Warn NSA Has Compromised Entirety of Internet
Latest NSA revelations 'the most frightening'
While several major tech companies scrambled this weekend to save face following implications in the latest NSA revelations reported Thursday, several experts sounded the alarm over what they see as the greatest threat to internet privacy in all of the NSA revelations so far.
According to Thursday's reports, based on documents leaked by NSA whistleblower Edward Snowden, the NSA (as well as the GCHQ) have used "covert measures" to control and manipulate international encryption standards, largely through building "industry relationships" with many technology companies and internet service providers, which in turn deploy 'backdoor' entry points into their email, online banking, and other such online databases and introduce weaknesses into their encryption standards to the benefit of NSA surveillance.
One document shows the GCHQ has been working to undermine encrypted traffic on the "big four" service providers, named as Hotmail, Google, Yahoo and Facebook.
Microsoft and Yahoo both released statements on Friday expressing "deep concern" about the revelations, and denied any "relationship building" with the NSA.
Google also said it was not aware of any covert attempts to compromise its systems and, in turn, has now accelerated its encryption services in order to prevent snooping by the NSA, according to the Washington Post.
However, for many experts, journalists, and technology analysts on the ground, whether or not the tech giants were complicit, the irreparable damage has already been done.
John Healey for the Lost Angeles Times explained Friday that the NSA is "planting weaknesses in the security technology that protects legitimate online communications for the sake of decrypting illegitimate ones," meaning the entirety of online security is compromised due to the NSA's actions.
"I'm looking forward to hearing the NSA's defenders explain why we should feel safer now," Healey writes. And also: "The latest Edward Snowden-powered exposé published by the New York Times, ProPublica and the Guardian is, to me, the most frightening."
"These revelations demonstrate a fundamental attack on the way the Internet works," senior staff technologist at the Center on Democracy and Technology Joseph Lorenzo Hall wrote in a statement.
In an era in which businesses, as well as the average consumer, trust secure networks and technologies for sensitive transactions and private communications online, it’s incredibly destructive for the NSA to add flaws to such critical infrastructure. The NSA seems to be operating on the fantastically naïve assumption that any vulnerabilities it builds into core Internet technologies can only be exploited by itself and its global partners.
And in a "letter" to the NSA published in Bloomberg, tech specialist David Meyer writes:
Here’s where the stupidity creeps in: You actively work to influence policies, standards, and specifications for commercial public key technologies and shape the worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by yourself.
In other words, instead of just building a better lock pick, you are trying to make sure that all locks are faulty by design.
Likewise, security technologist Bruce Schneier told the Guardian, "Cryptography forms the basis for trust online. By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet."
He later wrote in an op-ed for the Guardian that the NSA and the implicated tech companies that work with them have "undermined a fundamental social contract." He continues:
The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards.
"The entire system is now being compromised by the NSA and their British counterpart, the GCHQ," Guardian journalist Glenn Greenwald told Democracy Now! on Friday. "Systematic efforts to ensure that there is no form of human commerce, human electronic communication, that is ever invulnerable to their prying eyes."
Schneier goes on his Guardian piece to list several things the engineering community "can – and should – do" to take back and rebuild internet safeguards.