The NSA is Making Us All Less Safe

https://www.eff.org/deeplinks/2013/10/nsa-making-us-less-safe

By weakening encryption, the NSA allows others to more easily break it. By installing backdoors and other vulnerabilities in systems, the NSA exposes them to other malicious hackers—whether they are foreign governments or criminals. As security expert Bruce Schneier explained, “It’s sheer folly to believe that only the NSA can exploit the vulnerabilities they create.”

The New York Times presented internal NSA documents with some specifics. They are written in bureaucratese, but we have some basic translations:

•“Insert vulnerabilities into commercial encryption systems, IT systems, networks and endpoint communications devices used by targets”— Sabotage our systems by inserting backdoors and otherwise weakening them if there’s a chance that a “target” might also use them.

•"actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs" — Secretly infiltrate companies to conduct this sabotage, or work with companies to build in weaknesses to their systems, or coerce them into going along with it in secret.

•“Shape the worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS — Ensure that the global market only has compromised systems, so that people don’t have access to the safest technology.

•"These design changes make the systems in question exploitable through Sigint collection … with foreknowledge of the modification. To the consumer and other adversaries, however, the systems' security remains intact." — Make sure no one knows that the systems have been compromised.

•“influence policies, standards and specifications for commercial public key technologies” — Make sure that the standards that everyone relies on have vulnerabilities that are hidden from users.