Here’s something new we just learned, courtesy of Edward Snowdon: The United States government has for years pressed major technology companies – including the companies that facilitate our email, telephone calls, online banking and financial services – to deliberately introduce security flaws into their systems to make spying easier. Using bribes, legal threats, secret orders from the Foreign Intelligence Surveillance Court, and political pressure, the government demanded secret access to the supposedly private, confidential data and communications of untold millions of people in the United States and abroad.
As a result, the National Security Agency and related agencies are believed to be able to open, read and manipulate personal and commercial communications, by circumventing encryption procedures, by demanding or stealing the encryption keys from service providers, by exploiting secret “back doors” that it persuaded leading technology companies to install in the software we use every day, or even by cracking encrypted messages and phone calls in real time. Bottom line takeaway: Any communications you thought were private and secure are neither private nor secure.
You might say, “So what? I have nothing to hide. I’m a law-abiding citizen.”
Here’s so what: If you deliberately weaken or disable all the digital locks so that it’s easier for government spies to gain access to everyone’s bank accounts, computer hard disks, emails, telephone calls, online chats, web browsing records, and passwords, you also make it easier for criminals and other snoops to gain access to the same systems. Having nothing to hide does not mean having nothing to steal.
The American Bill of Rights and numerous Supreme Court decisions also allegedly protect citizens against warrantless search and seizure, but the Bush Administration argued that the Patriot Act supersedes those legal (and moral) restrictions.The Snowdon files reveal that the Obama Administration has expanded the surreptitious collection of private communications far beyond even the Bush Administration’s fantasies.
We are no longer shocked when a hacker cracks a company network and steals thousands of customer names along with matching Social Security numbers, credit card numbers and other sensitive information. It happens all too often. Every day, average people fall victim to credit card fraud, bank fraud, identity theft, and other crimes. Who’s to blame?
Criminals, of course. But according to a new report by ProPublica, The New York Times and The Guardian, Uncle Sam could be an accomplice. By actively seeking to weaken the international standards used to encrypt email, web browsing, voice-over-IP (e.g. Skype) calls, and instant messaging, and by insisting that every network and router and encryption system have secret “back doors” to facilitate government snooping, the government has made all of us more vulnerable to hackers. If the government can peek into compromised systems, you can bet that the Russian Business Network and PLA Unit 61398 will discover and exploit the same deliberate flaws.
Remember, the Clinton Administration asked for similar capabilities back in the 1990s, but Congress and the courts said no. The 4th Amendment guarantees against unreasonable searches prevailed over the government’s desire for a panopticon, a peep hole through which it could track everything we see and hear and say. Smacked down by the legal system, the Bush II and Obama administrations decided to do it anyway, without telling anyone or asking permission from Congress or the courts.
The government asked the three news organizations not to publish the latest revelations, arguing that doing so would severely harm America’s ability to spy on terrorists, foreign governments (friendly or not), and foreign companies. If they find out that the United States has the keys to all of their locks, the government argued, they’ll change locks. And then we won’t be able to spy on them as easily.
Of course, American companies (as well as foreign companies that want to do business in America) can’t change the locks because the government has secret courts that threaten to put executives in jail if they resist, as the Snowdon documents reveal. Two American makers of encryption technology shut down their businesses last month rather than give the government access to their customers’ private data. Others, like an unnamed giant telecommunications company, cooperated willingly. Still others resisted until Uncle Sam offered them millions of dollars to make some itsy bitsy changes in their security codes. The rest probably tried to say no, until slapped with one of the infamous National Security Letters.
Imagined conversation:
USA: “Please help us catch terrorists. We want to to know about every email and phone call sent and received by every one of your customers, every day. No warrants.”
SkypooglesofT&T: “Sorry, that would be a gross violation of their constitutional and legal rights, not to mention morally obtuse.”
USA: “Please reconsider, or else we’ll throw your sorry, unpatriotic asses into jail. And by the way, you can’t fight us in court because it’s illegal for you to even tell anyone that we asked you to do this.”
SkypooglesofT&T: “Okay, since you asked nicely …”
Now, imagine that you’re a foreign company wanting to do business with an American company, or to buy hardware or software from an American company, or to open a manufacturing plant here, or to open an R&D office in Silicon Valley. You know that your Microsoft software, your Apple computers, your Cisco networking gear, your AT&T phone switches … everything is bugged. Doing business in the United States automatically gives the United States government access to your entire computer networks and all your confidential data.
Anyone who is not freaking out is not paying attention.
*
UPDATE, Sept. 6: The Office of the Director of National Intelligence issued a statement saying that the “deciphering enciphered communications is not a secret, and is not news.”
However, the O.D.N.I. continued, the reports by The Guardian, The New York Times and ProPublica “reveal specific and classified details about how we conduct this critical intelligence activity. Anything that yesterday’s disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.”
The fact that the NSA can bypass or crack modern encryption systems is, as they say, not news. It’s what they are supposed to do. When the USA suddenly removed the restrictions on exporting advanced telecommunications equipment to Iran on May 30, it was an obvious signal that the NSA wasn’t worrying about giving the Iranians access to standard encryption technologies. Why? Because the NSA knows it can circumvent or even break standard encryption in virtually real time.
The news — to me, at least — is that the United States government deliberately sought to weaken and manipulate the process for setting global encryption standards, and that it bribed, threatened and otherwise pressured technology companies and Internet service providers to create secret “back doors” in the technologies that all of us use to safeguard our private communications, health and financial records, and commercial secrets. Oh, that and the fact that it routinely collects and stores the private communications of millions of American citizens without probable cause.
I’d say that’s important information for the public debate. Now I’m just hoping that there will, in fact, be a public debate.
