The NSA has betrayed the Internet

I am writing this on a plane to Vancouver for a meeting that cryptographer, computer security and privacy specialist Bruce Schneier has called to ‘save the Internet’.

Our task in Vancouver is to render as much of the NSA’s intercept capability inoperable as possible. To replace pervasive surveillance with pervasive cryptography.

NSA-sign

We don’t know what the cryptanalytic capabilities of the NSA are, but we can have a pretty good guess. None of the disclosures so far have been a major surprise. The NSA prefers to circumvent cryptography rather than use computers to break it. The point of that infamous Google/Yahoo diagram with ‘SSL added and removed here‘ is that the NSA was reaching into the internal networks of the major Web service providers to read unencrypted traffic in the clear.

For whatever reason, Google was looking for ways to encrypt those links before the Snowden document dump occurred. But pre-Snowden, the means to encrypt the very fastest Internet links only became available some time after the routers to support those links. And network managers whose data centers are already operating at capacity are always looking to move to the fastest device.

Over the next week we will be taking apart the Internet protocols, and performing what amounts to a protocol security audit to determine what leverage we have to prevent pervasive surveillance. But we will be doing that work without the (open) assistance of the NSA. Which is a real problem, because the original mission of the NSA was to protect the US and allies against attack. Spying on the whole US population only happened due to ‘mission creep’. Where did ‘deliberately introducing vulnerabilities into Internet standards so that they could be exploited’ enter the picture? Whose side is the NSA actually on?

The lack of an NSA presence is actually going to be a problem because the Snowden documents will have caused foreign governments to do a lot more than just make diplomatic protests. Many of those governments will be trying to play the NSA game as well or better. And many of the governments likely to be playing the game of ‘catch up’ are pretty brutal affairs. Those of us assembling in Vancouver have a lot of expertise in the civilian field, but we don’t spend our time examining the foreign governments trying to attack our systems. The US military, in the form of the NSA, does.

There is no clearer demonstration of the need for a new approach to information security in the US government than the fact that Edward Snowden was able to access so much information without attracting notice. Snowden was a 29 year old systems administrator, and not that high up on the NSA totem pole. Yet he was somehow able to access the organization’s crown jewels, which were sitting unencrypted on the systems he was administering.

Senior people in the US foreign policy penumbra looked shocked when I suggested that it was a scandal that a second major breach had occurred in two years without any top level accountability. Eventually we learned that Gen. Keith Alexander, Director of the NSA, is retiring, and I have been privately assured that Director of National Intelligence Clapper has been told he is leaving as well.

But firing a general who will take a plum consulting job on top of his plump military pension is hardly the same level of accountability being meted out to Chelsea (formerly “Bradley”) Manning. And one can only imagine what the US authorities would do to Snowden if they got their hands on him.

Share This Post

  • HelenRainier

    Does “US assets” translate into Wall Street and the finance complex?

  • Badgerite

    Well, that was a throw away anyway. I suppose MIT helped. Poindexter had a computer in his home and internet connection (such internet as existed then ) before most people had even heard of it.
    By the by, ‘betraying the internet’? Isn’t that a little like betraying the telephone. It’s not the holy grail, for God sake, it is just a new mode of communication. Nothing more and nothing less.
    Fresh Air on NPR had a really interesting interview on Monday with journalist Hooman Madj (an Iranian American) about his book on his stay in Iran entitled, The Ministry of Guidance Invites You To Not Stay. Apparently the Intelligence Service there had him in for an ‘interview’ and knew just about everything about him including having perused his emails. Imagine that.

  • Badgerite

    J. Edgar Hoover did not fail. He was in office til he died because no one had the balls to fire him because, 1) He catered to whoever was in office by providing them with intel which they tended to like a lot ( even FDR) and 2) he had stuff on everybody.
    Who has had a permanent seat at the FBI since Hoover? No one.
    Does anyone have a permanent seat at the NSA? No. Clapper and Alexander are retiring. And whoever replaces them will not have a permanent seat.
    Hoover had no legal restraints because he did not operate within the law. He had no FISA Court, he had no audit trails, there were no ‘whistle blower’ mechanisms. He assiduously built his image as synonymous with G men and law and order. On his own authority he could kind of do what he wanted and he did. His ’empire’ was for himself, to maintain his position. He knew he had to use his ‘blackmail power’ judiciously so as not to attract too much enmity or attention. A case in point, during the Nixon Administration, when Nixon was considering implementing the Huston’s plan (google it) the person who stood in his way was Hoover. Nixon wanted to do it. Hoover would not go along. He thought it was bound to be discovered and attract a terrible backlash. So the plan was abandoned. Hoover was a cagey old bird. He knew the limits of his own power and he did not overstep it often in his lifetime. The one exception would probably be his campaign against MLK. He misjudged the times on that one.
    It is kind of ridiculous to compare the two. Hoover sort of ‘owned’ the FBI during his time there. Clapper and Alexander are employees. They will go. Others will take their place. Kind of like the FBI is now.

  • Bill_Perdue

    Then FISA, then NDAA and finally with Obama’s decision to order the racist murders of US citizens.

  • Bill_Perdue

    US vs Vietnam, US vs Iraq. etc., etc., etc. – which side is the pirates.

  • MyrddinWilt

    I have long suspected that the string of scoops that helped Josh Marshal build TPM came from NSA employees who were disgruntled by Bush era abuse of NSA capabilities.

    We never did get to a full explanation of those prostitutes in the Watergate building but the number 2 at the CIA was forced out and several people went to jail.

  • Joseph Blosch

    Badge, you might want to do some reading. There are two people with teams that did most of the legwork on the http protocol. The DoD was not a big part of it.

  • Drew says it below. That’s when it really took off.

    But I think it started before then. I can’t put my finger on exactly when, but it likely was when we first were exposed to terrorism. People were shocked, Shocked! that the good ‘ol USA could be the target of terrorism. Never mind that our foreign policy and clandestine implementation of that policy practically invited such terrorism. That’s what brought out the “let’s be safe at all costs” mentality.

    Which primed the pump that we see running now. Problem is, we never will be completely safe. Life just ain’t that way. We can try, but there’s always going to be someone who takes issue with what we do in the world and will use horrible means to express their dissatisfaction with our policies.

  • Drew2u

    Patriot Act, for starters.

  • Drew2u

    Don’t think of it as which side is which and look at it more of; this administration has a history of being quite direct and, daresay, ruthless when it comes to bringing swift justice to those it wants quashed; Chelsea Manning, Somali Pirates, “Noncitizen” US citizens, Bin Laden, etc.

  • They’ve already been outed spying for personal reasons, spying on journalists, spying on foreign politicians… there’s no reason not to assume they’ve also been spying on our own politicians. At the very least, there’s no doubt they have the capability of doing it. So what is to stop them from using that as leverage to defend themselves against Congressional scrutiny?

  • I just want to know where the freedoms of privacy and presumption of innocence went.

  • What makes you think they aren’t?

    J. Edgar Hoover tried — and in most respects failed — to build an empire out of being able to blackmail the highest level of politicians in America. Now the NSA has the ability, handed to them in the aftermath of 9/11.

    Don’t most of today’s politicians seem curiously averse to even looking into what the NSA has been doing?

  • Badgerite

    As I understand it, Snowden managed to access the ‘crown jewels’ by using the computer passwords of people high up in the NSA food chain. If you have access to the passwords used as part of your job, it would not be the same as someone from abroad or foreign governments trying to hack in. Not the same task at all.
    ‘Mission creep’? Well, yes. in the sense that the NSA has started to co-opt the function of the CIA and become the avenue of intelligence gathering abroad. There is a good article about this in the New York Times of November 02,2013 by Scott Shane entitled, ‘No Morsel too Minuscule for the All-Consuming NSA.
    If you trade the CIA for the NSA for intelligence gathering purposes, are you not trading less accurate information for more accurate information. The failures abroad of the CIA both in terms of intelligence gathering and ‘special operations’ are well known. Some would call them crimes.
    Why is trading the CIA for the NSA necessarily bad. At least the information they gather is probably accurate and not merely educated guesses and ideological grudges.
    I have yet to see anything that establishes ‘massive surveillance’ of domestic American communications. That the NSA has established a pervasive presence abroad is clear. But some of that is just the kind of spying that the CIA used to do and some has actually not been used for ‘targeting of drones’ but has been used to stop killings. It is a fair article and a good informative read no matter how you come down on this particular issue.
    I don’t consider the arrest at Kennedy International Airport of Chinese who are operatives of a human trafficking smuggling network or the foiling of a plot to kill a Swedish journalist who made a cartoon of ‘the prophet’ necessarily bad things.

  • rhallnj

    The only way this this problem gets any worse is if we find the NSA spying on American politicians. Let’s hope we don’t go there.

  • Whitewitch

    Spying on ones own people never bodes well for a government…it is often a sign of the end of times for a government, as least as far as having the confidence of her people. This President (as well as the few before him) have been a stellar disappointment…who knew that hope and change included peeping in our drawers as well…..

  • MyrddinWilt

    Thanks.

    The situation with the NSA is rather more complex as I explain in the next post. They have a dual mandate to gather intelligence and to safeguard US assets. The problem is that those mandates ended up out of balance.

  • MyrddinWilt

    Which side is the pirates?

    The NSA etc. have a lot of resources but their attacks are brittle. A $100 million attack is rendered useless once it is exposed.

  • Thanks to you and all of the people participating in this audit.

    As to the question of which side the NSA is on is concerned, well, they’re on their own side. I firmly believe that they’ve just gone off on their own and decided that they have a right to collect any information that they want. They’ve lost sight of the reason for their existence and decided that it’s just to know everything they can know of other people’s business. Which presents a problem – how can any agency do its job properly when it’s overwhelmed by information? Clearly they are; they can’t keep track of who has access to it and what they can do with it.

    What bothers me is what kind of back doors are present in computer operating systems, and how do they exploit them? Another topic for another time, I suppose.

  • Drew2u

    Somali pirates vs. navy seals; just sayin’.

  • Jim Olson

    Prayers and well wishes as well. I know nothing of how to do this…but I think its a shame that you’re having to approach this with the notion that the government is the enemy here.

  • Buford2k11

    I wish you much success in this endeavor…The attempts at confining the net is a serious threat to our way of life…there is way too much corporate cooperation with the NSA…good luck and good hunting….

  • ronbo

    May God help and protect you all. This current administration has been more active than all others at using the Espionage Act to maintain government secrecy and the hierarchy of power with “citizen” being at the bottom.

© 2017 AMERICAblog Media, LLC. All rights reserved. · Entries RSS
CLOSE
CLOSE