Continued from page 2

Analysts note that, because of the open nature of the Internet, attack technologies tend to proliferate quickly, increasing the likelihood that criminals and others will get access to NSA cyberweapons.

Craig Mundie, a senior adviser to the CEO of Microsoft Corp., said that when a cyberweapon is used, “every bad guy in the world gets to watch.”

As a result, “this [cyberattack] capability escalates globally very rapidly,” he said.

The trust factor

Critics say the NSA’s dual attitude toward vulnerabilities it discovers or plants in software is an inescapable byproduct of the agency’s twofold role.

In assuring the integrity of vital U.S. communications, the NSA relies on encryption and other technologies to make online communications secure. But as the government's premier surveillance agency, it is dedicated to defeating those same technologies.

The encryption revelations “highlight the problem of having information assurance and signals intelligence under the same roof,” said Kevin Bankston, senior counsel with the Center for Democracy and Technology, a nonprofit that advocates for Internet freedom.

The agency, Mr. Bankston notes, is supposed to play a key role in securing vital privately owned U.S. infrastructure from computer attack.

But as an Internet or telecommunications service provider, “you’d be crazy to ask the NSA for help now” fighting a virus or other computer attack, said Alan B. Davidson, who was head of public policy for Google Inc. for seven years until 2012.

Mr. Davidson, now a researcher at the Massachusetts Institute of Technology, said the NSA has undermined trust in the government’s role as a guarantor of Internet security.

“Government could and should have a role,” he said, “but it can’t if it’s not trusted.”

Many cryptologists believe the effort to subvert encryption and other means to achieve anonymity, privacy and security on the Internet also makes the U.S. — and the rest of the world — less safe online.

“Dependable computing is essential to our society. You have to be able to trust your computer,” Mr. Ylonen said.

Encryption is essential to the security of critical infrastructure such as major credit card companies and other financial services, he said. “Undermining them damages cybersecurity.”