In its relentless effort to expand its surveillance capabilities, the National Security Agency has eroded trust in the process that secures online financial transactions and forms the foundations of privacy and security on the Web, computer scientists and Internet security specialists say.
Recently leaked documents have revealed that the NSA has sought to defeat encryption, which scrambles confidential data to shield it from prying eyes. One critic compares the NSA effort to a misguided plot to sabotage vaccines.
“Suppose the U.S. government says terrorists are getting vaccinated, and in response to that, they decided they were going to put saltwater instead of vaccine in every vaccination needle in the world,” said Jon Callas, co-inventor of Pretty Good Privacy, the most widely used email encryption system. “That would be terrible. It would be inhuman. But if it’s true [about NSA efforts], it’s kind of like that.”
Documents leaked by former NSA contractor Edward Snowden show that the agency used financial incentives, secret courts and outright theft to acquire the digital “keys” to widely used commercial encryption technologies. The agency, working with its British counterpart, Government Communications Headquarters, also built software “back doors” into encryption packages and, some suspect, inserted vulnerabilities into encryption standards.
News that the NSA is trying to defeat encryption is “very disconcerting,” said Tatu Ylonen, the Finnish computer scientist who invented Secure Shell, the encryption protocol used by almost all large commercial enterprises such as banks and credit card companies.
“I don’t like the idea of someone breaking into my house. These days, most of my valuable stuff is on my computer, so I don’t like the idea of someone breaking into my computer. It doesn’t matter who is doing it or why,” Mr. Ylonen said.
Director of National Intelligence James R. Clapper has said the NSA “would not be doing its job” if it didn’t try to defeat encryption, noting that it is used routinely by spies, terrorists and other malefactors.
Current and former officials say the capabilities are used only against legitimate foreign intelligence targets, such as officials of a foreign power or members of a terrorist group.
The NIST connection
Encryption scrambles digital documents and email according to a mathematical formula, or algorithm. The data can be unscrambled and read only with a special digital key.
Online information is routed from computer to computer until it reaches its destination, exposing the data to interception and eavesdropping. Encryption is the basis for any kind of privacy or security on the Web.
For example, the small padlock in a browser address bar that tells computer users they are securely connected to an online bank or store is based on a form of encryption called Transport Layer Security or Secure Sockets Layer.
Online eavesdroppers might be able to see where encrypted traffic is going, but they cannot read it — which is how passwords, credit card numbers and other sensitive information are protected on the Web.
Alarmed by the growth of encryption technologies, the NSA in the 1990s tried to mandate the introduction of “back doors,” or secret keys for commercial encryption services. The agency failed, but the latest Snowden documents show it did not give up.
“We thought in the past that the standards [the U.S.] government promoted were designed to improve security,” said Mr. Callas, now chief technology officer for Silent Circle, a firm offering encryption services for phone calls, video chats and instant messaging. “Now I have a raised eyebrow [about that]. It’s a question.”
According to the Snowden documents, the NSA “makes cryptographic modifications to commercial or indigenous cryptographic information security devices or systems” so they can be subject to eavesdropping.
The documents don’t name any of the systems the agency has tried to weaken, but some cryptographers have long been suspicious of the NSA’s role in developing encryption standards approved and promoted by the National Institute of Standards and Technology — the federal agency that sets benchmarks for security measures.
As a result of the latest revelations, the standards and technology institute has “lost the trust of the computer science community,” said Christopher Soghoian, a privacy researcher and advocate with the American Civil Liberties Union. “They are compromised.”
The standards and technology institute said in a statement that it is “required by statute” to consult with the NSA and that it “would not deliberately weaken a cryptographic standard.”
Nonetheless, the agency has reopened for public comment a 2006 standard long criticized by many cryptographers.
Privacy advocates and cryptographers say the National Institute of Standards and Technology still will have to tell the truth about any collaboration with the NSA in order to rebuild trust.
“They are going to have to work real hard to get themselves out of this hole, if they ever can,” Mr. Soghoian said.
The NIST press office was closed because of the government shutdown, and no one could be reached for comment.
The ‘NOBUS’ principle
One former NSA chief said intelligence officials are ever careful to weigh the costs and benefits of exploiting any cybersecurity flaw they come across, including in encryption.
“There are vulnerabilities, and then there are vulnerabilities,” said Michael V. Hayden, a retired Air Force general who headed the agency from 1999 to 2005.
“When weighing the balance between exploiting or plugging a vulnerability once it has been discovered, the question cannot be handled in the abstract. Particulars matter,” said Gen. Hayden, who is now a principal with the Chertoff Group, a private security and intelligence firm.
One factor taken into account is what Mr. Hayden calls the “NOBUS” principle: “no one but us.”
If a vulnerability can be exploited only by U.S. agencies for technical reasons, Gen. Hayden said, “That is not a vulnerability that we are legally and morally obliged to patch. That is a vulnerability that we are legally and morally obliged to exploit in order to help keep the American people safe.”
“Time is also a factor,” he said. “It may be NOBUS now, but one has to be alert as this changes over time.”
Analysts note that, because of the open nature of the Internet, attack technologies tend to proliferate quickly, increasing the likelihood that criminals and others will get access to NSA cyberweapons.
Craig Mundie, a senior adviser to the CEO of Microsoft Corp., said that when a cyberweapon is used, “every bad guy in the world gets to watch.”
As a result, “this [cyberattack] capability escalates globally very rapidly,” he said.
The trust factor
In assuring the integrity of vital U.S. communications, the NSA relies on encryption and other technologies to make online communications secure. But as the government's premier surveillance agency, it is dedicated to defeating those same technologies.
The encryption revelations “highlight the problem of having information assurance and signals intelligence under the same roof,” said Kevin Bankston, senior counsel with the Center for Democracy and Technology, a nonprofit that advocates for Internet freedom.
The agency, Mr. Bankston notes, is supposed to play a key role in securing vital privately owned U.S. infrastructure from computer attack.
But as an Internet or telecommunications service provider, “you’d be crazy to ask the NSA for help now” fighting a virus or other computer attack, said Alan B. Davidson, who was head of public policy for Google Inc. for seven years until 2012.
“Government could and should have a role,” he said, “but it can’t if it’s not trusted.”
Many cryptologists believe the effort to subvert encryption and other means to achieve anonymity, privacy and security on the Internet also makes the U.S. — and the rest of the world — less safe online.
“Dependable computing is essential to our society. You have to be able to trust your computer,” Mr. Ylonen said.
Encryption is essential to the security of critical infrastructure such as major credit card companies and other financial services, he said. “Undermining them damages cybersecurity.”