NPI's Cascadia Advocate

Offering commentary and analysis from Washington, Oregon, and Idaho, The Cascadia Advocate provides the Northwest Progressive Institute's uplifting perspective on world, national, and local politics.

Thursday, September 5th, 2013

When are SSL and VPNs not secure? Why, when the NSA wants to spy on you, of course!

With each pass­ing week, it is becom­ing increas­ing­ly clear that for­mer NSA employ­ee Edward Snow­den’s doc­u­ment dump con­sti­tutes the largest and most impor­tant leak in the his­to­ry of the Unit­ed States of America.

While Snow­den remains in Rus­sia, news­pa­pers in the West con­tin­ue to sift through the doc­u­ments he leaked, using those as the basis for new sto­ries that expose the extent of the Nation­al Secu­ri­ty Agen­cy’s spy­ing capabilities.

Insti­tu­tion­al­ly, the NSA is addict­ed to what’s known in nation­al secu­ri­ty-speak as sig­nals intel­li­gence — basi­cal­ly, com­mu­ni­ca­tions that they can inter­cept. That addic­tion — that seem­ing­ly bot­tom­less hunger for infor­ma­tion — has so con­sumed the agency that the con­cept of lim­its or checks on its pow­er (even self-enforced lim­its) appears to have become some­thing that only exists on paper.

What­ev­er the NSA wants, the NSA must have, and that is appar­ent­ly why the NSA has devot­ed so many resources to crack­ing Secure Sock­ets Lay­er (SSL, the tech­nol­o­gy used to encrypt web traf­fic) and VPNs (vir­tu­al pri­vate networks).

Here’s New York Times with this lat­est rev­e­la­tion:

The Nation­al Secu­ri­ty Agency is win­ning its long-run­ning secret war on encryp­tion, using super­com­put­ers, tech­ni­cal trick­ery, court orders and behind-the-scenes per­sua­sion to under­mine the major tools pro­tect­ing the pri­va­cy of every­day com­mu­ni­ca­tions in the Inter­net age, accord­ing to new­ly dis­closed documents.

The agency has cir­cum­vent­ed or cracked much of the encryp­tion, or dig­i­tal scram­bling, that guards glob­al com­merce and bank­ing sys­tems, pro­tects sen­si­tive data like trade secrets and med­ical records, and auto­mat­i­cal­ly secures the e‑mails, Web search­es, Inter­net chats and phone calls of Amer­i­cans and oth­ers around the world, the doc­u­ments [pro­vid­ed by Edward Snow­den] show.

In oth­er words, if it’s online, the NSA has access to it. Any­thing you pub­lish online is not secur­able — at least not from the NSA — despite what you may have been told by com­pa­nies like Google, Yahoo, Microsoft, Face­book, or Apple.

The agency, accord­ing to the doc­u­ments and inter­views with indus­try offi­cials, deployed cus­tom-built, super­fast com­put­ers to break codes, and began col­lab­o­rat­ing with tech­nol­o­gy com­pa­nies in the Unit­ed States and abroad to build entry points into their prod­ucts. The doc­u­ments do not iden­ti­fy which com­pa­nies have participated.

The N.S.A. hacked into tar­get com­put­ers to snare mes­sages before they were encrypt­ed. And the agency used its influ­ence as the world’s most expe­ri­enced code mak­er to covert­ly intro­duce weak­ness­es into the encryp­tion stan­dards fol­lowed by hard­ware and soft­ware devel­op­ers around the world.

There’s more. The whole arti­cle is worth a read, and The Guardian has a com­pan­ion arti­cle that is also well worth your time.

Secu­ri­ty expert Bruce Schneier, who has been col­lab­o­rat­ing with Glenn Green­wald on the Snow­den doc­u­ments, has pub­lished a chal­lenge to engi­neers and pro­gram­mers all around the world, declar­ing that the Unit­ed States gov­ern­ment has betrayed the Inter­net — and it’s time to take it back. Schneier writes:

By sub­vert­ing the inter­net at every lev­el to make it a vast, mul­ti-lay­ered and robust sur­veil­lance plat­form, the NSA has under­mined a fun­da­men­tal social con­tract. The com­pa­nies that build and man­age our inter­net infra­struc­ture, the com­pa­nies that cre­ate and sell us our hard­ware and soft­ware, or the com­pa­nies that host our data: we can no longer trust them to be eth­i­cal Inter­net stewards.

This is not the Inter­net the world needs, or the Inter­net its cre­ators envi­sioned. We need to take it back.

And by we, I mean the engi­neer­ing community.

Yes, this is pri­mar­i­ly a polit­i­cal prob­lem, a pol­i­cy mat­ter that requires polit­i­cal intervention.

But this is also an engi­neer­ing prob­lem, and there are sev­er­al things engi­neers can – and should – do.

One, we should expose. If you do not have a secu­ri­ty clear­ance, and if you have not received a Nation­al Secu­ri­ty Let­ter, you are not bound by a fed­er­al con­fi­den­tial­ly require­ments or a gag order. If you have been con­tact­ed by the NSA to sub­vert a prod­uct or pro­to­col, you need to come for­ward with your sto­ry. Your employ­er oblig­a­tions don’t cov­er ille­gal or uneth­i­cal activ­i­ty. If you work with clas­si­fied data and are tru­ly brave, expose what you know. We need whistle­blow­ers.

Mean­while, our friends at the Elec­tron­ic Fron­tier Foun­da­tion have just announced a major vic­to­ry in their Free­dom of Infor­ma­tion Act (FOIA) law­suit against the fed­er­al gov­ern­ment over NSA spying.

The Depart­ment of Jus­tice will soon be releas­ing hun­dreds of pages worth of pro­ce­dur­al doc­u­ments, legal analy­ses, and FISC court opin­ions… includ­ing mate­ri­als that describe how the exec­u­tive branch has inter­pret­ed Sec­tion 215 of the Patri­ot Act. (NPI has sup­port­ed the repeal of the Patri­ot Act since its incep­tion in 2003).

Appar­ent­ly, the Depart­ment of Jus­tice has been unable to come up with a ratio­nale or jus­ti­fi­ca­tion for keep­ing the mate­ri­als a secret. Or at least not one that a judge will find cred­i­ble. So at last, the shroud that has masked the legal foun­da­tion that the NSA oper­ates on is begin­ning to lift. This is going to be big.

The EFF has been doing tremen­dous work on behalf of the Amer­i­can peo­ple and we’re very glad that they keep going back to court to demand trans­paren­cy from the fed­er­al gov­ern­ment. Amer­i­cans have the right to know what their gov­ern­ment is doing to them and to oth­er peo­ples around the world in their name.

Edward Snow­den is a nation­al trea­sure, and he should be wel­comed home in the Unit­ed States as a free man rather than being pros­e­cut­ed for leak­ing clas­si­fied infor­ma­tion. Snow­den has done his coun­try a great ser­vice, but sad­ly, because our gov­ern­ment views him as a trai­tor and a law­break­er, he’s had to go to a coun­try like Rus­sia to avoid being thrown into a prison cell. How is what Snow­den did any worse than what Direc­tor of Intel­li­gence James Clap­per did (lying to Con­gress) or what the NSA has been doing (vio­lat­ing the Con­sti­tu­tion of the Unit­ed States)?

Pres­i­dent Oba­ma should issue a full and com­plete par­don for Edward Snow­den so he can come back home with­out need­ing to wor­ry about being locked up and pros­e­cut­ed for his brave and coura­geous whistle­blow­ing. Amer­i­ca needs more men like Edward Snow­den, and few­er men like James Clapper.

Restore Amer­i­ca’s hon­or, Mr. Pres­i­dent, and par­don Edward Snowden.

Adjacent posts

  • Enjoyed what you just read? Make a donation


    Thank you for read­ing The Cas­ca­dia Advo­cate, the North­west Pro­gres­sive Insti­tute’s jour­nal of world, nation­al, and local politics.

    Found­ed in March of 2004, The Cas­ca­dia Advo­cate has been help­ing peo­ple through­out the Pacif­ic North­west and beyond make sense of cur­rent events with rig­or­ous analy­sis and thought-pro­vok­ing com­men­tary for more than fif­teen years. The Cas­ca­dia Advo­cate is fund­ed by read­ers like you and trust­ed spon­sors. We don’t run ads or pub­lish con­tent in exchange for money.

    Help us keep The Cas­ca­dia Advo­cate edi­to­ri­al­ly inde­pen­dent and freely avail­able to all by becom­ing a mem­ber of the North­west Pro­gres­sive Insti­tute today. Or make a dona­tion to sus­tain our essen­tial research and advo­ca­cy journalism.

    Your con­tri­bu­tion will allow us to con­tin­ue bring­ing you fea­tures like Last Week In Con­gress, live cov­er­age of events like Net­roots Nation or the Demo­c­ra­t­ic Nation­al Con­ven­tion, and reviews of books and doc­u­men­tary films.

    Become an NPI mem­ber Make a one-time donation

  • NPI’s essential research and advocacy is sponsored by: