Last week’s revelation that the National Security Agency (NSA) is building vulnerabilities and backdoors into the Internet’s core infrastructure is beyond alarming. Ultimately, the NSA has made our country’s critical infrastructure less secure in the name of security, while showing blatant disregard for the democratic process. While the fact that the NSA decrypts encrypted data should not itself be cause for outrage by the American public - cracking codes is the core job of the NSA – its approach is what’s outrageous.
Back in the 1990s there was a very public debate over the best way to secure our country’s communications networks. The debate focused on an executive branch effort to promote a standard and then propose legislation mandating the use of the “clipper chip” – a standard cryptographic chip that would allow the U.S. Government to decrypt communications. This would have essentially required companies to allow access to their communications network by the government. The NSA argued that this access was essential to the security of the nation and they contended that technology was so advanced that only NSA could exploit the built-in access feature of the chip.
Digital rights advocates and academics rallied together to stop the clipper chip dead in its tracks. They showed that it would introduce greater vulnerabilities into the country’s communications network and that it would open the door to potential surveillance abuses against citizens. When balancing a secure network against the benefit to security of obtaining information through embedded weakness in the network, Congress decided that a more secure network would far better serve the security interests of the U.S., promote broad adoption of the Internet, and spur online commerce and innovation. This rationale has proven to be fundamentally sound.
This was a resounding defeat of the clipper chip in a highly democratic manner – helped along by advances in cryptography products. Most of us thought that the case was closed, however it appears as though the NSA decided it would go ahead with its plans to build backdoors into communications networks anyway. While it’s unclear how the NSA justified its undermining of secure technologies or whether its efforts were even fully legal, what is clear is that they made a unilateral decision to actively make secure technologies much less secure.
All this points to what has become an unworkable balancing act that the NSA tries to undertake – being the country’s code breaker, but also trying to serve as the country’s code creator. The agency is tasked with surveillance, but also with cyber security, which often don’t go hand-in-hand. In working closely with Internet companies, the NSA purports to help them provide more secure, better encrypted services, however it now appears that the NSA was also building backdoors into the solutions it offered, while holding back knowledge of critical vulnerabilities that it could later use for surveillance purposes. Would you feel comfortable going to the NSA for security support now?
Beyond this core contradiction, we also must remember that this is not the 1990s, and that the Internet is no longer primarily American-dominated infrastructure. As the world has embraced Internet technologies, and American companies have flourished as a result of global commerce, the Internet has become a network of networks that is shared by everyone around the world. It empowers people, breaks down barriers and leads to incredible global collaboration. The NSA’s attack on the core structure of the Internet threatens to thwart its unprecedented growth and create a bunch of Internets, as opposed to the unified one we enjoy today.
Perhaps we need to have the public debate again about the balance between a secure network and surveillance capacities in light of 9-11 and the new Internet landscape, however the NSA’s actions show they have very little respect for an open, transparent democratic discussion. Congress and President Obama have much work to do to restore the trust of its citizens and the world.