Perhaps the biggest condemnation of President Obama’s address last Friday announcing reforms to the NSA’s surveillance programs was his failure to mention any of the agency’s alleged involvement in subverting cryptography standards and the impact that has had on the trustworthiness of products built on those baselines.
A long list of the nation’s top cryptographers and security influencers took a stand today against the government’s surveillance activities and subversion of security technology via an open letter. The experts condemn the intelligence community’s practices and point out that tampering with crypto standards via the insertion of backdoors and the tapping of commercial links between data centers belonging to large Internet providers not only damages the privacy and civil liberties of Americans, but opens the door for malicious hackers—criminal and nation-state—to exploit the same holes used by the NSA.
“Indiscriminate collection, storage, and processing of unprecedented amounts of personal information chill free speech and invite many types of abuse, ranging from mission creep to identity theft,” the experts wrote in the letter. “These are not hypothetical problems; they have occurred many times in the past.”
The co-signers of the letter include some security and computing legends such as Steve Bellovin, Niels Ferguson, Ed Felten, Ron Rivest, Bruce Schneier and dozens of others. The letter calls on the government to be transparent about its activities and “resist the deployment of mass surveillance programs in advance of sound technical and social controls,” the letter said. The experts also lent their endorsement to a movement called Reform Government Surveillance, which was unwrapped in December.
A group of eight technology giants, including Facebook, Apple and Google, make up the Reform Government Surveillance coalition, which proposed five principles in an open letter of its own to Obama.
Those principles start with limits on the government’s ability to compel service providers to disclose user data and stop bulk collection of Internet communication. It also calls for intelligence agencies to operate under a clear, transparent legal framework that includes independent reviewing courts, which is currently not the case with the Foreign Intelligence Surveillance Court. The group asks the government to allow data to cross borders without having to worry about legal loopholes that enable government to access data stored outside the country. They also ask that governments work together to avoid conflicting laws and develop transparent legal frameworks under which governments agree to operate when it comes to requests for user data.
“The choice is not whether to allow the NSA to spy. The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users,” the letter said. “Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life.”
Obama’s speech last week called for immediate and longterm reforms to the NSA’s bulk collection of phone call metadata. The program would end as it exists today, but the president stopped short of ending the agency’s collection of data, which it says it uses to map connections between foreigners thought to be involved in terrorism. The dragnet, however, also sweeps up communications to and from Americans who are not terror suspects, something that has outraged privacy advocates.