An autoimmune disease is one where the body’s defenses turn on the body itself, where the various mechanisms for attacking intruders and disease mistake healthy tissue for diseased intruders. Some, like Type 1 Diabetes, attack organs that perform useful functions. Others, like ALS, and Multiple Sclerosis, attack the nervous system that ties the different parts of the body together.
Various of the NSA programs seem to fit this description. I’m not talking about the mass collection of American communications data that the President’s Privacy and Civil Liberties Oversight Board recently declared both unconstitutional and useless. That’s a topic for another rant. No, what I’m talking about are their various actions to make the Internet, and all electronic communications tools, insecure and unsafe.
The Internet is one of the most marvelous, if not the most marvelous, creations of the hand of man. It stands beside the space program in its sheer technical brilliance — and I speak as someone who grew up watching satellites being launched from his back yard. It has created new industries, enabled people with innovative ideas to compete in the marketplace, and tied the world together in a way that was inconceivable a mere thirty or forty years ago. It was designed as an open system, based on trust, and for the last decade and more, the NSA has worked to destroy that trust.
Consider their efforts to put backdoors in both hardware and software, to promote weakened crypto. Part of their efforts went into suborning the various cryptographic standards bodies in such a way that NSA personnel had full control over their actions. Even such organizations as the Internet Research Task Force’s Crypto Forum Research Group are co-chaired by NSA employees*. Other programs solicited zero-day exploits from US firms like Microsoft, or purchased them on the open market.
What this all amounts to is no less than attack on the basic infrastructure of global e-commerce. It’s as if you could no longer trust the road signs on the Interstate, or you found that an unknown number of overpasses had been wired with demolition charges. As others have pointed out, obscurity is no substitute for security. If there is a vulnerability in the system, be it one that was introduced by NSA or one that NSA found out about and didn’t tell anyone, sooner or later someone else (the Russians? Chinese? Mafia?) will find it and exploit it. Will we find out about it? Probably not, because the exploit will hide behind the NSA screen. Only an exceptional set of circumstances (as with the 2005 Athens Affair) would let the cat out of the bag. Now, maybe this won’t destroy the Internet. It will merely make it untrustworthy, incapable of securely handling financial transactions. Think of it as having just a mild case of multiple sclerosis. Thanks, NSA.
*The effort to oust this particular employee failed because the group chairman said that a mere co-chair had no powers. I’d respond by pointing out that there was a reason that the most powerful man in the old Soviet Union was the mere Secretary of the Communist Party.