When Edward Snowden the former NSA employee, leaked thousands of classified documents, it shed light on ways in which the Federal government had been spying on its own citizens and foreign nationals of other countries. Supporters say that the surveillance is necessary to maintain cyber security and safety in an age where terrorists are able to network more efficiently and effectively than just a decade ago. While a very large proportion of the population are relatively neutral or supportive, some sizable fraction also protested, including among them engineers who many years ago had been responsible for putting together the standards that govern the technical backbone of the internet. This anger was on display at a recent IETF meeting (Internet Engineering Task Force) where the attendants railed at how these actions constitute a type of “attack” on the very fabric of the internet. We asked our friends at Cyber Security News to give us the low-down on the situation.
At its most basic, the cyber attack resulted in interception of voice and print communications between private parties in this country. Some of the interceptions were maintained at “meta” level, i.e. only characteristic measures of messages were kept, such as message length, or identity of recipient and sender etc, but it is unclear to what extend the content was also surveilled. In more detail then what are the tools the Federal government uses to fight terrorism?
1. Subversion of security standards – The NSA is not only a code-cracking organization, but it is also responsible for recommending security standards such as the mathematical and computational details of certain encryption standards. This sets up a conflict of interest whereby the NSA being interested in exerting control over surveillance, is able to suggest weakened or compromised standards which it can then exploit. This has happened allegedly between RSA a provider of security systems and the NSA, whereby the latter encouraged the former to use a weaker form of random number generation than expected. This makes it not only easier for government agencies to eavesdrop, but by the general nature of the compromise, security is weakened against all forms of attack.
2. Physical tapping of data pipelines – Among the Snowden revelations was that the NSA had physically tapped into the communication infrastructure of major firms like Google and Yahoo. It’s true that both companies and others make clear that there is no expectation of privacy because sometimes looking into users’ emails is necessary either for criminal investigative reasons but also as part of its business strategy to serve up ads correctly. However, such major companies also know that their users expect reasonable privacy from third party eyes. The tapping is an indication that there are deeper problems for cyber security.
3. Legal avenues of attack – The encrypted email provider Lavabit was subpoenad by the Federal government. Rather than yield its customer information, the entire firm shut down to maintain integrity of data. To what extent does this legal strategy in general compromise information that is maintained under cyber security control?
These troubling questions mean that there is sudden interest and energy in the cyber security field, spawning a sudden increase in Cyber Security Jobs. In addition academia is experiencing a surge of interest in encryption, cyber security, and other aspects of computer science that deal with
(Photo Credit: Benson Schliesser / Creative Commons)
