To demonstate how broad these intrusions are: when the government got wind of what Snowden was about to reveal, NSA officials immediately contacted both the Times and ProPublica to ask that they not publish the information. After making a few changes to protect what were clearly (to them) security matters, the publications went ahead and did their duty. But the fact that the contact was made reflects the depth and seriousness of what Snowden released.
It gets worse. To argue that you have to lie about secure communications to catch a guy committing a crime is absurdly Orwellian and that's what the government is going to argue. But it has no argument to defend a second atrocity it is committing. Our government and the British government has been "cooperating" with companies that actually produce encryption programs to insert code that will allow government officials to decrypt all communications.
"According to an intelligence budget document leaked by Mr. Snowden," the New York Times reported, "the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which 'actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs' to make them 'exploitable.' Sigint is the acronym for signals intelligence, the technical term for electronic eavesdropping."
Here too, we don't know which "IT industries" are involved but there is little doubt that they include major purveyors of security software. In fact, the entire Internet system for developing encryption and privacy standards has been "infiltrated" by the NSA since at least 2006. During meetings of two "standards" authorities -- the U.S. National Institute of Standards and Technology and later the International Organization for Standardization -- the NSA pushed for standards that included vulnerabilities. In other words, it surreptitiously fooled agencies whose purpose is to protect privacy into authorizing computer privacy code that had holes in it through which the NSA could spy.
"Even agency programs ostensibly intended to guard American communications are sometimes used to weaken protections," the New York Times piece reads. "The N.S.A.'s Commercial Solutions Center, for instance, invites the makers of encryption technologies to present their products to the agency with the goal of improving American cyber security. But a top-secret N.S.A. document suggests that the agency's hacking division uses that same program to develop and 'leverage sensitive, cooperative relationships with specific industry partners' to insert vulnerabilities into Internet security products."
This is pure criminal fraud at its most despicable.
It's important to keep in mind that one of the goals of this attack on encryption is to get us to stop using it and that would be a huge mistake. For one thing, while everything is captured, it's not necessarily the case that your information is being read. Besides, the fact that someone is listening should never stop us from talking. We need to talk if we're going to figure out how to stop them from listening.
Most important, however, is the Snowden reminder that good encryption can and will still work. For example, if you use encryption programs that use the Open PGP protocol (a free and open-source answer to the more popular proprietary Pretty Good Privacy protocol), your email is much more protected from decryption -- Open PGP is not owned or controlled by any one company so the government can't make "deals".
Using Free and Open-Source Software (and FOSS-supporting providers) helps free us from the corporate control that is the linchpin of this government-surveillance strategy. Using good passwords and insisting (from providers) that the encryption be solid is also now a necessity.
The attack on privacy is illegal and unconstitutional. There are no court orders involved because the intrusion is so basic that it affects everybody using the Internet. But it's also fraudulent because you are told by the people who provide secure layers for websites and email that their protocols make these communications safe and private. You're told by people who produce and sell encryption-protection software that using their products assures your privacy. Some of these people lied; they committed a destructive and outrageous fraud.
The casualty of these efforts is not only the privacy that the constitution affords us (vitally important to any democracy) but the trust we have all had in the Internet: the belief that we can protect our privacy by using the tools available to us for that purpose.
Our government, colluding with other governments and corporations world-wide, has smashed that trust and, given the importance of the Internet to our lives as people and activists, that is the most damaging crime.
1 | 2