Critics of the National Security Agency’s bulk metadata collection programs are turning their attention to the spy agency’s alleged role in undermining Internet security standards to gain access to networks and computers around the world and now calling for a fundamental change in its mission.
Speaking at a New America Foundation event July 7, a group of privacy advocates called for NSA to be stripped of its information assurance mission.
“The NSA right now has two missions that are jammed into one agency,” said Bruce Schneier, a fellow at Harvard’s Berkman Center for Internet and Society who has helped media outlets interpret and understand the classified NSA documents stolen by former contractor Edward Snowden. “There is the ‘attack them’ and the ‘defend us’.” And while those missions were complementary during the Cold War, having them in the same agency today is a recipe for abuse, according to Schneier.
Founded in 1952, NSA traces its roots to the signals intelligence and code-breaking operations that helped defeat Nazi Germany during World War II. But with the birth of the Internet, NSA — home to the largest concentration of world-class mathematicians, computer scientists and engineers in the world — also took the leading role in information assurance.
“Tapping a Soviet undersea naval cable had no effect on U.S. communications. What’s changed with the Internet is that everyone uses the same stuff,” Schneier said. “So those missions now collide. And that’s where the problem is.”
Schneier recommended a “more formal breaking” of the information security mission from NSA’s traditional foreign intelligence mission.
But even NSA’s foreign intelligence mission is problematic to Schneier and the other staunch privacy advocates, who argued that the agency’s surveillance tactics cast suspicion not only on suspected terrorists but all law-abiding citizens.
“Now the surveillance is against pretty much everybody,” Schneier said.
Even Google got into the action. The company’s senior privacy policy council, David Lieber, said NSA’s authorities under the Foreign Intelligence Surveillance Act to retain encrypted communications indefinitely “sends the unfortunate message that the use of encryption is inherently suspect.”
According to Lieber, such a policy has the potential to “bleed over” into other security tools used by ordinary Americans to secure their communications and personal information. “The perception that all of these security tools are going to ultimately be undermined or exploitable [by NSA]…creates disincentives for users to take advantage of these tools for security.”
Danielle Kehl, a policy analyst at New America Foundation’s Open Technology Institute, referenced documents leaked by Snowden and accused NSA of surreptitiously influencing companies to alter product designs to make it easier for the agency to hack those products. She said the statutory relationship between NSA and the National Institute of Standards and Technology should be severed.
“NIST is a body that needs to rebuild its credibility,” Kehl said, referring to NIST’s promulgation of an encryption standard that NSA allegedly weakened intentionally. “They claim they didn’t know what was happening in 2006 when this compromised standard was issued. They’re facing a trust deficit right now.”
Kehl argued for ensuring any NSA reform legislation passed by Congress eliminates the possibility of “allowing the NSA to take advantage of NIST.” Follow @DanielVerton