The NSA's War Against Encryption
New revelations about National Security Agency abuses, which now include everything from industrial espionage to reports that the agency can access most data on our smartphones, seem to put everything we know about how business is done on the Internet in danger.
Complete story below the line.
E-commerce relies on data encryption for everything from secure credit card transactions to protecting trade secrets. The NSA's seemingly limitless ability to crack encryption has not only put the privacy of private citizens in danger, it also threatens to shake the foundations of online business.
The accusation that the NSA has been spying on Petrobas, Brazil's largest oil company, through the “Blackpearl” program that extracts data from private networks, not only highlights the culture of abuse rife within the agency but also the danger of having the veil of security pulled back for anyone doing business on the Internet.
Even more troubling is that many of the techniques used by NSA operators are very similar to those used by Chinese hackers to access private information, including installing backdoors in security software and malware. While the NSA insists it surveils international corporations only to find early signs of international terrorism and economic crisis, the “national security” excuse starts to wear thin when the tactics are indistinguishable from those used for corporate espionage and criminal hacking.
There also are a rapidly diminishing number of options for those who want to keep their online communications and data private and secure. In the wake of the Snowden documents, many email encryption services have either been forced to shut down or hand over client information to the government.
One of the most troubling incidents of the government's crackdown on encryption is the shutdown of Lavabit, an encrypted email service that became popular in the wake of Snowden's revelations. The decision of CEO Ladar Levinson to shut down his service rather than comply with court orders has landed him in legal hot water and potentially facing criminal charges because of his unwillingness to hand over his clients' private information.
Silent Circle, one of the most readily available data encryption services, also preemptively shut down their encrypted email services “to prevent spying.”
While smaller encryption companies have been closing up shop, tech giants have been scrambling to find tougher encryption solutions, after it was revealed that government agents intercept their transmissions. Both Yahoo and Microsoft have expressed deep concern over the NSA's breaches of privacy not only for their individual email and commerce clients, but also because without encryption, the landscape of the modern Internet would be completely changed.
Google, Yahoo, Microsoft and Facebook also have pushed back against the government for permission to be more transparent about what kinds of requests for cooperation they receive. While little is known about how complicit they actually are in helping the NSA undermine Internet security measures, the fact that many are scrambling to implement more transparency and better encryption practices implies they may not all be willing partners.
Enhanced encryption for online services and user data won't be able to stop the NSA from snooping on the communications of private citizens. But it will make information gathering more difficult. And this could force the government to target its efforts on actual threats, instead of capturing massive amounts of information about ordinary American citizens, businesses, and other entities.
A secure, encrypted Internet is what allows individuals and businesses to protect their private communications, banking information, medical records, and trade secrets. Undermining that security not only compromises the privacy of everyday Americans, but also threatens one of the most vibrant aspects of the economy and the trust we put in it.