NSA will keep breaking encryption, no matter what a White House panel says

 

Foreign Policy

The National Security Agency has gone to extraordinary lengths to foil encryption used in commercial technology. A new report in Sunday’s Der Spiegel revealed that the agency’s elite hacker group, known as Tailored Access Operations, infiltrated networks of European telecommunications companies and accessed and read emails that “were believed to be securely encrypted.” From the NSA’s perspective, counter-encryption efforts have led to important intelligence breakthroughs.

That’s why of the 46 recommendations offered by a presidential review panel on government surveillance activities, the one that suggests that the NSA ramp down its efforts against encryption may be met by with a mixture of outrage and laughter in the halls of the agency.

“The U.S. government should take additional steps to promote security, by … fully supporting and not undermining efforts to create encryption standards,” the report’s authors recommend.

Undermining encryption, of course, is precisely what the NSA does. It’s a code-breaking organization. It develops methods and techniques to “subvert, undermine, weaken or make vulnerable” — to borrow from the list of things the panel said the agency should stop doing — the codes that governments, terrorist networks, criminal organizations, businesses and everyday people use to shield their communications from prying eyes.

“Encryption is an essential basis for trust on the Internet; without such trust, valuable communications would not be possible,” the review panel writes. “For the entire system to work, encryption software itself must be trustworthy.”

That may be. But the NSA doesn’t want the entire system to work — at least not all the time. Part of its mission is to capture, read and analyze information. A trustworthy, reliable encryption system can be an obstacle to global surveillance.

The NSA has tried to obscure the lengths to which it goes to undermine encryption standards, a good indication that it won’t abandon that work without a fight. In September, when The New York Times and ProPublica were preparing to report on the NSA’s counter-encryption efforts, the Obama administration tried to persuade the news organizations not to publish their articles, arguing that the revelations might prompt NSA’s targets to switch to new methods of encryption that would be harder to crack. Surely officials have and will continue to make the same argument to President Obama, who has already disregarded one of the panel’s recommendations that the director of the NSA no longer be “dual-hatted” as the commander of U.S. Cyber Command, which oversees computer warfare operations. Those operations, by the way, rely on breaking encryption.

In some respects, the NSA is torn between two competing missions. It breaks codes. But it also makes them, mostly for the purpose of protecting the government’s information. In a recent interview with the national security blog Lawfare, Anne Neuberger, the senior official who manages the NSA’s relationships with technology companies, was asked about news reports that the agency had secretly included a vulnerability into an encryption standard that was developed by the National Institute of Standards and Technology and then adopted by more than 160 countries.

Neuberger didn’t confirm or deny the reports. She called NIST an “incredibly respected close partner on many things,” including setting encryption standards, some of which the agency itself uses. But, she added, NIST “is not a member of the intelligence community.”

“All work that they do is … pure white hat,” Neuberger said, meaning not malicious and oriented solely around defending encryption. “Their only responsibility is to set standards” and “to make them as strong as they possibly can be.” That left out the work that NSA does to defeat those standards, which has included buying privileged access into encryption products sold commercially. On Friday, Reuters reported that the agency paid RSA, a major computer security vendor, $10 million to promulgate an encryption weakness that the NSA had developed.

© 2013, Foreign Policy

Read more From Our Inbox stories from the Miami Herald

  • A GOP ultimatum to Vlad

    With the party united, the odds are now at least even that the GOP will not only hold the House but also capture the Senate in November.

  • We stand with the kidnapped girls of Nigeria

    As president and founder of the South Florida Girl Up, a club of teenage activists in Florida for the Girl Up Campaign of the United Nations Foundation, I want to add my voice to that of other activists with whom I’ve collaborated to create and support the first clubs in Mexico, Ecuador, and Colombia.

  • Preventing a massacre in N. Korea’s gulags

    Since the U.N. Commission of Inquiry issued its report on North Korea in February, U.N. bodies, human-rights organizations, governments and think tanks have been working to respond to the crimes against humanity it documented, including the systematic abuse of prisoners and food policies that lead to starvation. But the report’s most chilling section rarely gets discussed: standing orders at North Korea’s political prison camps (the kwanliso) to kill all prisoners in the event of armed conflict or revolution.

Miami Herald

Join the
Discussion

The Miami Herald is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere on the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

The Miami Herald uses Facebook's commenting system. You need to log in with a Facebook account in order to comment. If you have questions about commenting with your Facebook account, click here.

Have a news tip? You can send it anonymously. Click here to send us your tip - or - consider joining the Public Insight Network and become a source for The Miami Herald and el Nuevo Herald.

Hide Comments

This affects comments on all stories.

Cancel OK

  • Marketplace

Today's Circulars

  • Quick Job Search

Enter Keyword(s) Enter City Select a State Select a Category