The NSA used to target only foreign signals, and according to its own legal interpretations, that's what it still does. But communications are now global: the Internet is so interconnected that everything and everyone on the network becomes a potential target, even the network itself. That's not to say that the NSA has "broken" all cryptography: "the math works," says Schneier, and while anonymizing tools like Tor are targeted by NSA, they seem to remain secure. Instead, the NSA appears to have manipulated encryption tools and tapped into data center links and fiber backbones—in essence, silently removing the hinges from their doors.
"We do know they made a systematic effort to place back doors in the products we use to get our security, and that makes us all less safe," he said. Schneier, like others in the cryptography community, regularly trades hunches and suspicions about NSA encryption exploits, and the National Institute for Standards and Technology, the federal group that sets encryption standards, is reviewing its past work in light of the NSA scandal. But few know for sure just how widespread the NSA's targeting of encryption standards is. And, Schneier worries, those who do know might not necessarily be well-intentioned.
"It's folly to believe they are the only ones that are taking advantage of it," he said. "So [the NSA is] saying in effect, we want to listen in on the Chinese, so much that we're gonna let the Chinese listen in on you. I think we'll be safer in a world where neither can listen—if we spend more effort on security, on assurance, then we'll be safer, even though there are bad actors." (Motherboard)
A few days ago Bruce Schneier gave a video interview to Alex Pasternak of Motherboard Online Magazine. In his typically calm and reasoned manner, Bruce Schneier explained the current state of the societal conflict between freedom and security. In the end he is optimistic. He states, “We as a society will figure this out, that privacy and liberty are so important to us as a people that we will reestablish it.” I certainly hope so.
We didn’t arrive at our current state because the NSA put us here. We came here voluntarily as a society because 9/11 scared the bejeezus out of us. We wanted somebody to tell us everything will be okay. That doesn’t mean the NSA was just following orders. Our government in general and the IC in particular are riddled with bureaucrats more dedicated to their national security fiefdoms than to our Constitution. They took the opportunity we offered them after 9/11 and ran with it. They built a surveillance capability second to none. I’m proud of that capability, but that capability outstripped the legal and oversight regime needed to make it an effective tool to both protect the American people and to preserve our Constitutional freedoms.
The IC didn’t seize control of our communications all by themselves. As Schneier notes, Google, Verizon and many other IT companies have been seizing control of our information long before the NSA ever did. He describes this in his essay “Surveillance as a Business Model.” The NSA just built on what was already in place, but their ability to “market” their capability was far inferior to the IT industry’s ability to convince consumers that this is all good for them. This led to one of the ways I feel the NSA has screwed the pooch. The world no longer trusts American IT, fearing NSA installed backdoors and total network penetration. Bloomberg estimates NSA spying risks 35 billion in US technology sales. In this economy, that hurts.
As Schneier points out, the NSA’s unrelenting efforts to weaken encryption is damaging the security of the entire internet. That puts all information at risk. In addition to our personal information, business, industrial and government information is also put at risk. Again, the NSA is screwing the pooch. Luckily, the IT industry is now making some efforts to better encrypt customer information and their network traffic… although they’re probably only doing so to protect their market share. No matter what the industry’s motivations are, the NSA and the government should be supporting those efforts, not hindering them.
TTG (That's not me, but I've done the same thing.)