Today, Glenn Greenwald and his team published a pretty mind-boggling story on the Guardian (header image is via The Guardian, too, btw). The NYT went along for the ride, as well (good to see that). The Guardian piece reveals another chapter in the Edward Snowden saga which, incredibly, seems to get worse and more far-reaching every week. Very bad news for President Obama as well as for ‘Mutti Merkel’ in Germany (facing the election on Sept 22). The details that are coming out in this piece could easily beat even Cory Doctorow’s most daring science fiction spins on the ‘big brother’ theme. Personally, I have no clue why the likes of Intelligence Director Clapper and NSA boss General Alexander are still allowed to maintain their positions after everything that has come to light, so far – it boggles the mind to observe how President Obama is missing the boat on this. But…maybe not.
Anyhow, here are some juicy bits by James Ball, Julian Borger and Glenn Greenwald via theguardian.com, Thursday 5 September 2013 20.00 BST (high-lights added by me). There are some pretty incredible statements here – things are actually even worse than I thought when I penned my data wars and prism ultimatum posts just a few weeks ago. It turns out I was being vastly optimistic about what is actually going down.
US and UK spy agencies defeat privacy and security on the internet: NSA and GCHQ unlock encryption used to protect emails, banking and medical records • $250m-a-year US program works covertly with tech companies to insert weaknesses into products • Security experts say programs ‘undermine the fabric of the internet’
“US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden. ..Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves. Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software. The NSA spends $250m a year on a program which, among other goals, works with technology companies to “covertly influence” their product designs…The agencies insist that the ability to defeat encryption is vital to their core missions of counter-terrorism and foreign intelligence gathering…”
Berkman’s Bruce Schneier, as usual, nails it once again:
“Cryptography forms the basis for trust online,” said Bruce Schneier, an encryption specialist and fellow at Harvard’s Berkman Center for Internet and Society. “By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet.”
But this bit is where it gets really scary:
*Funding for the program – $254.9m for this year – dwarfs that of the Prism program, which operates at a cost of $20m a year, according to previous NSA documents. Since 2011, the total spending on Sigint enabling has topped $800m. The program “actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs”, the document states. None of the companies involved in such partnerships are named; these details are guarded by still higher levels of classification. Among other things, the program is designed to “insert vulnerabilities into commercial encryption systems”. These would be known to the NSA, but to no one else, including ordinary customers, who are tellingly referred to in the document as “adversaries”. “These design changes make the systems in question exploitable through Sigint collection … with foreknowledge of the modification. To the consumer and other adversaries, however, the systems’ security remains intact.”
And here is the bottom line which tells us where all the ‘collateral damage’ will be happening:
“Backdoors are fundamentally in conflict with good security,” said Christopher Soghoian, principal technologist and senior policy analyst at the American Civil Liberties Union. “Backdoors expose all users of a backdoored system, not just intelligence agency targets, to heightened risk of data compromise.” This is because the insertion of backdoors in a software product, particularly those that can be used to obtain unencrypted user communications or data, significantly increases the difficulty of designing a secure product.” This was a view echoed in a recent paper by Stephanie Pell, a former prosecutor at the US Department of Justice and non-resident fellow at the Center for Internet and Security at Stanford Law School. “[An] encrypted communications system with a lawful interception back door is far more likely to result in the catastrophic loss of communications confidentiality than a system that never has access to the unencrypted communications of its users,” she states.
So, be sure to read the whole thing at the Guardian, and support them by buying a subscription, as well!
Now, incidentally, we just finished editing the second episode of TheMeetingoftheMinds.tv (MOTM) which features my fellow futurist Ross Dawson and me in a, if I may say so myself, quite thoughtful discussion on privacy, data security and the recent PRISM/NSA revelation. This video was literally just edited and published (thanks to Jonathan Marks) when I ran across this latest Guardian piece – so, good timing:)
MOTM Episode #1, on Big Data is very much related to this
Both NSA slides via The Guardian