So far, the most serious report to arise from the NSA files has been the revelation that US authorities have been involved in a systematic program to defeat Internet encryption. By any objective measure, the revelations are astounding: intelligence agencies have been building backdoors into cryptographic technology by tampering with the standard-setting process, which means that encryption of all sorts can be circumvented, from private web communications to VPNs.
I have been surprised by the relative lack of interest from the media about this, it could be that people have become callous about the various NSA reports, or it could be that the public simply does not understand what encryption is, so cannot be incensed by the monumental break in user confidence. The truth is that this is the biggest developments in computer security ever, yet my news flashes are filled with Miley Cyrus, perhaps we need some NSA twerking, but I digress.
The issue is that there has been a monumental break of confidence, and we cannot trust any standard or provider any more. As Schneier said:
“By subverting the Internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our Internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical Internet stewards.”
The security v privacy false dichotomy will be showing its ugly head in the next few weeks, but there is one single overriding truth. One country has the keys to all encryption, which has made us all less secure. The prevalent policy in the United States seems to be that it is fine to spy on the rest of the world as long as Americans are more secure. This is unacceptable.
It’s time to wake up, the rest of the world has to do something.