NPI's Cascadia Advocate

Offering commentary and analysis from Washington, Oregon, and Idaho, The Cascadia Advocate is the Northwest Progressive Institute's unconventional perspective on world, national, and local politics.

Thursday, September 5th, 2013

When are SSL and VPNs not secure? Why, when the NSA wants to spy on you, of course!

With each passing week, it is becoming increasingly clear that former NSA employee Edward Snowden’s document dump constitutes the largest and most important leak in the history of the United States of America.

While Snowden remains in Russia, newspapers in the West continue to sift through the documents he leaked, using those as the basis for new stories that expose the extent of the National Security Agency’s spying capabilities.

Institutionally, the NSA is addicted to what’s known in national security-speak as signals intelligence – basically, communications that they can intercept. That addiction – that seemingly bottomless hunger for information – has so consumed the agency that the concept of limits or checks on its power (even self-enforced limits) appears to have become something that only exists on paper.

Whatever the NSA wants, the NSA must have, and that is apparently why the NSA has devoted so many resources to cracking Secure Sockets Layer (SSL, the technology used to encrypt web traffic) and VPNs (virtual private networks).

Here’s New York Times with this latest revelation:

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents [provided by Edward Snowden] show.

In other words, if it’s online, the NSA has access to it. Anything you publish online is not securable – at least not from the NSA – despite what you may have been told by companies like Google, Yahoo, Microsoft, Facebook, or Apple.

The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.

The N.S.A. hacked into target computers to snare messages before they were encrypted. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.

There’s more. The whole article is worth a read, and The Guardian has a companion article that is also well worth your time.

Security expert Bruce Schneier, who has been collaborating with Glenn Greenwald on the Snowden documents, has published a challenge to engineers and programmers all around the world, declaring that the United States government has betrayed the Internet – and it’s time to take it back. Schneier writes:

By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical Internet stewards.

This is not the Internet the world needs, or the Internet its creators envisioned. We need to take it back.

And by we, I mean the engineering community.

Yes, this is primarily a political problem, a policy matter that requires political intervention.

But this is also an engineering problem, and there are several things engineers can – and should – do.

One, we should expose. If you do not have a security clearance, and if you have not received a National Security Letter, you are not bound by a federal confidentially requirements or a gag order. If you have been contacted by the NSA to subvert a product or protocol, you need to come forward with your story. Your employer obligations don’t cover illegal or unethical activity. If you work with classified data and are truly brave, expose what you know. We need whistleblowers.

Meanwhile, our friends at the Electronic Frontier Foundation have just announced a major victory in their Freedom of Information Act (FOIA) lawsuit against the federal government over NSA spying.

The Department of Justice will soon be releasing hundreds of pages worth of procedural documents, legal analyses, and FISC court opinions… including materials that describe how the executive branch has interpreted Section 215 of the Patriot Act. (NPI has supported the repeal of the Patriot Act since its inception in 2003).

Apparently, the Department of Justice has been unable to come up with a rationale or justification for keeping the materials a secret. Or at least not one that a judge will find credible. So at last, the shroud that has masked the legal foundation that the NSA operates on is beginning to lift. This is going to be big.

The EFF has been doing tremendous work on behalf of the American people and we’re very glad that they keep going back to court to demand transparency from the federal government. Americans have the right to know what their government is doing to them and to other peoples around the world in their name.

Edward Snowden is a national treasure, and he should be welcomed home in the United States as a free man rather than being prosecuted for leaking classified information. Snowden has done his country a great service, but sadly, because our government views him as a traitor and a lawbreaker, he’s had to go to a country like Russia to avoid being thrown into a prison cell. How is what Snowden did any worse than what Director of Intelligence James Clapper did (lying to Congress) or what the NSA has been doing (violating the Constitution of the United States)?

President Obama should issue a full and complete pardon for Edward Snowden so he can come back home without needing to worry about being locked up and prosecuted for his brave and courageous whistleblowing. America needs more men like Edward Snowden, and fewer men like James Clapper.

Restore America’s honor, Mr. President, and pardon Edward Snowden.

Adjacent posts

  • Donate now to support The Cascadia Advocate

    Thank you for reading The Cascadia Advocate, the Northwest Progressive Institute’s journal of world, national, and local politics.

    Founded in March of 2004, The Cascadia Advocate has been helping people throughout the Pacific Northwest and beyond make sense of current events with rigorous analysis and thought-provoking commentary for more than fifteen years. The Cascadia Advocate is funded by readers like you: we have never accepted advertising or placements of paid content.

    And we’d like it to stay that way.

    Help us keep The Cascadia Advocate editorially independent and freely available by becoming a member of the Northwest Progressive Institute today. Or make a donation to sustain our essential research and advocacy journalism.

    Your contribution will allow us to continue bringing you features like Last Week In Congress, live coverage of events like Netroots Nation or the Democratic National Convention, and reviews of books and documentary films.

    Become an NPI member Make a one-time donation