GOLD/FOREX
DUBAI 21°C
PRAYER TIMES
OPINION
OPINION
Opinion /
Op-Eds

Breaking of encryption may just continue

Quite often, the NSA finds itself torn between competing missions

Last updated:
By Shane Harris
3 MIN READ
Add as a preferred source on Google

The National Security Agency (NSA) has gone to extraordinary lengths to foil encryption used in commercial technology. A new report in last Sunday’s Der Spiegel revealed that the agency’s elite hacker group, known as Tailored Access Operations (TAO), infiltrated networks of European telecommunications companies and accessed and read emails that “were believed to be securely encrypted”. From the NSA’s perspective, counter-encryption efforts have led to important intelligence breakthroughs.

That is why of the 46 recommendations offered by a presidential review panel on government surveillance activities, the one that suggests that the NSA ramp down its efforts against encryption may be met by with a mixture of outrage and laughter in the halls of the agency.

“The US Government should take additional steps to promote security, by ... fully supporting and not undermining efforts to create encryption standards,” the report’s authors recommend.

Undermining encryption, of course, is precisely what the NSA does. It is a code-breaking organisation. It develops methods and techniques to “subvert, undermine, weaken or make vulnerable” — to borrow from the list of things the panel said the agency should stop doing — the codes that governments, terrorist networks, criminal organisations, businesses and everyday people use to shield their communications from prying eyes.

“Encryption is an essential basis for trust on the internet; without such trust, valuable communications would not be possible,” the review panel writes. “For the entire system to work, encryption software itself must be trustworthy.”

That may be. But the NSA does not want the entire system to work — at least not all the time. Part of its mission is to capture, read and analyse information.

A trustworthy, reliable encryption system can be an obstacle to global surveillance.

The NSA has tried to obscure the lengths to which it goes to undermine encryption standards, a good indication that it will not abandon that work without a fight.

In September, 2013, when the New York Times and ProPublica were preparing to report on the NSA’s counter-encryption efforts, the Barack Obama administration tried to persuade the news organisations not to publish their articles, arguing that the revelations might prompt NSA’s targets to switch to new methods of encryption that would be harder to crack.

Surely officials have and will continue to make the same argument to President Barack Obama, who has already disregarded one of the panel’s recommendations that the director of the NSA no longer be “dual-hatted” as the commander of US Cyber Command, which oversees computer warfare operations. Those operations, by the way, rely on breaking encryption.

In some respects, the NSA is torn between two competing missions. It breaks codes. But it also makes them, mostly for the purpose of protecting the government’s information. In a recent interview with the national security blog Lawfare, Anne Neuberger, the senior official who manages the NSA’s relationships with technology companies, was asked about news reports that the agency had secretly included a vulnerability into an encryption standard that was developed by the National Institute of Standards and Technology (NIST) and then adopted by more than 160 countries.

Neuberger did not confirm or deny the reports. She called NIST an “incredibly respected close partner on many things,” including setting encryption standards, some of which the agency itself uses. But, she added, NIST “is not a member of the intelligence community”.

“All work that they do is ... pure white hat,” Neuberger said, meaning not malicious and oriented solely around defending encryption. “Their only responsibility is to set standards” and “to make them as strong as they possibly can be.”

That left out the work that NSA does to defeat those standards, which has included buying privileged access into encryption products sold commercially. Last Friday, Reuters reported that the agency paid RSA, a major computer security vendor, $10 million (Dh36.78 million) to promulgate an encryption weakness that the NSA had developed.

— Washington Post

Get Updates on Topics You Choose

By signing up, you agree to our Privacy Policy and Terms of Use.
Up Next

Related Stories

Rare disease day

A call to build a future for people with rare diseases

3m read
Cyberattacks, unlike traditional security threats, are shapeless, anonymous, and capable of striking from any location in the world.

How the UAE is confronting a new wave of cyber threats

5m read
When trust is slowly replaced by control, employees stop feeling like participants and start feeling like risks to be managed.

Why smart organisations lose good people

3m read
Building nations requires a strong foundation for developmental and structural institutions, as well as for people, national identity, and the regulatory frameworks that govern the state.

Nation-building is vision, not experimentation

5m read