Friday, September 27, 2013
In 2006, a federal agency, the National Institute of Standards and Technology, helped build an international encryption system to help countries and industries fend off computer hacking and theft. Unbeknown to the many users of the system, a different government arm, the National Security Agency, secretly inserted a “back door” into the system that allowed federal spies to crack open any data that was encoded using its technology.
Documents leaked by Edward Snowden, the former N.S.A. contractor, make clear that the agency has never met an encryption system that it has not tried to penetrate. And it frequently tries to take the easy way out. Because modern cryptography can be so hard to break, even using the brute force of the agency’s powerful supercomputers, the agency prefers to collaborate with big software companies and cipher authors, getting hidden access built right into their systems.
The New York Times, The Guardian and ProPublica recently reported that the agency now has access to the codes that protect commerce and banking systems, trade secrets and medical records, and everyone’s e-mail and Internet chat messages, including virtual private networks. In some cases, the agency pressured companies to give it access; as The Guardian reported earlier this year, Microsoft provided access to Hotmail, Outlook.com, SkyDrive and Skype. According to some of the Snowden documents given to Der Spiegel, the N.S.A. also has access to the encryption protecting data on iPhones, Android and BlackBerry phones.
These back doors and special access routes are a terrible idea, another example of the intelligence community’s overreach. Companies and individuals are increasingly putting their most confidential data on cloud storage services, and need to rely on assurances their data will be secure. Knowing that encryption has been deliberately weakened will undermine confidence in these systems and interfere with commerce.
The back doors also strip away the expectations of privacy that individuals, businesses and governments have in ordinary communications. If back doors are built into systems by the N.S.A., who is to say that other countries’ spy agencies — or hackers, pirates and terrorists — won’t discover and exploit them?
Full article: http://www.nytimes.c … ack-doors.html?_r=1&