NSA will keep breaking encryption, no matter what a White House panel says

 

Foreign Policy

The National Security Agency has gone to extraordinary lengths to foil encryption used in commercial technology. A new report in Sunday’s Der Spiegel revealed that the agency’s elite hacker group, known as Tailored Access Operations, infiltrated networks of European telecommunications companies and accessed and read emails that “were believed to be securely encrypted.” From the NSA’s perspective, counter-encryption efforts have led to important intelligence breakthroughs.

That’s why of the 46 recommendations offered by a presidential review panel on government surveillance activities, the one that suggests that the NSA ramp down its efforts against encryption may be met by with a mixture of outrage and laughter in the halls of the agency.

“The U.S. government should take additional steps to promote security, by … fully supporting and not undermining efforts to create encryption standards,” the report’s authors recommend.

Undermining encryption, of course, is precisely what the NSA does. It’s a code-breaking organization. It develops methods and techniques to “subvert, undermine, weaken or make vulnerable” — to borrow from the list of things the panel said the agency should stop doing — the codes that governments, terrorist networks, criminal organizations, businesses and everyday people use to shield their communications from prying eyes.

“Encryption is an essential basis for trust on the Internet; without such trust, valuable communications would not be possible,” the review panel writes. “For the entire system to work, encryption software itself must be trustworthy.”

That may be. But the NSA doesn’t want the entire system to work — at least not all the time. Part of its mission is to capture, read and analyze information. A trustworthy, reliable encryption system can be an obstacle to global surveillance.

The NSA has tried to obscure the lengths to which it goes to undermine encryption standards, a good indication that it won’t abandon that work without a fight. In September, when The New York Times and ProPublica were preparing to report on the NSA’s counter-encryption efforts, the Obama administration tried to persuade the news organizations not to publish their articles, arguing that the revelations might prompt NSA’s targets to switch to new methods of encryption that would be harder to crack. Surely officials have and will continue to make the same argument to President Obama, who has already disregarded one of the panel’s recommendations that the director of the NSA no longer be “dual-hatted” as the commander of U.S. Cyber Command, which oversees computer warfare operations. Those operations, by the way, rely on breaking encryption.

In some respects, the NSA is torn between two competing missions. It breaks codes. But it also makes them, mostly for the purpose of protecting the government’s information. In a recent interview with the national security blog Lawfare, Anne Neuberger, the senior official who manages the NSA’s relationships with technology companies, was asked about news reports that the agency had secretly included a vulnerability into an encryption standard that was developed by the National Institute of Standards and Technology and then adopted by more than 160 countries.

Neuberger didn’t confirm or deny the reports. She called NIST an “incredibly respected close partner on many things,” including setting encryption standards, some of which the agency itself uses. But, she added, NIST “is not a member of the intelligence community.”

“All work that they do is … pure white hat,” Neuberger said, meaning not malicious and oriented solely around defending encryption. “Their only responsibility is to set standards” and “to make them as strong as they possibly can be.” That left out the work that NSA does to defeat those standards, which has included buying privileged access into encryption products sold commercially. On Friday, Reuters reported that the agency paid RSA, a major computer security vendor, $10 million to promulgate an encryption weakness that the NSA had developed.

© 2013, Foreign Policy

Read more From Our Inbox stories from the Miami Herald

  • Obama’s hard stance on ISIS a long time coming

    Listening to the president’s address to the nation regarding the crisis with ISIS or ISIL if you prefer, I was struck by the lack of indignation in the president’s presentation. Where was the visible anger, the fist-pounding oratory that made it clear in no uncertain terms the nation would not tolerate this threat to our interests and, for that matter, humanity?

  • D.C. government guilty of abusing drivers

    “You are guilty until you have proven yourself innocent. … That has worked well for us.”

  • Domestic violence puts some women on the path to incarceration

    Domestic violence is a hot topic right now — a conversation being fueled by what we’ve witnessed inside a fancy hotel elevator and on the stage of the Miss America pageant.

Miami Herald

Join the
Discussion

The Miami Herald is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere on the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

The Miami Herald uses Facebook's commenting system. You need to log in with a Facebook account in order to comment. If you have questions about commenting with your Facebook account, click here.

Have a news tip? You can send it anonymously. Click here to send us your tip - or - consider joining the Public Insight Network and become a source for The Miami Herald and el Nuevo Herald.

Hide Comments

This affects comments on all stories.

Cancel OK

  • Marketplace

Today's Circulars

  • Quick Job Search

Enter Keyword(s) Enter City Select a State Select a Category