After disclosures about the National Security Agency’s stealth campaign to counter Internet privacy protections, a congressman has proposed legislation that would prohibit the agency from installing “back doors” into encryption, the electronic scrambling that protects email, online transactions and other communications.
Rep. Rush D. Holt Jr., D-N.J., a physicist, said Friday that he believed NSA was overreaching and could hurt U.S. interests, including the reputations of U.S. companies whose products the agency may have altered or influenced.
“We pay them to spy,” Holt said. “But if in the process they degrade the security of the encryption we all use, it’s a net national disservice.”
Holt, whose Surveillance State Repeal Act would eliminate much of the escalation in the government’s spying powers undertaken after the 2001 terrorist attacks, was responding to news reports about NSA documents showing that the agency has spent billions of dollars over the past decade in an effort to defeat or bypass encryption. The reports, by The New York Times, ProPublica and The Guardian, were posted online Thursday.
The agency has encouraged or coerced companies to install back doors in encryption software and hardware, worked to weaken international standards for encryption and employed custom-built supercomputers to break codes or find mathematical vulnerabilities to exploit, according to the documents, disclosed by Edward J. Snowden, the former NSA contractor.
The documents show that NSA cryptographers have made major progress in breaking the encryption in common use for everyday transactions on the Web, like Secure Sockets Layer, or SSL, as well as the virtual private networks, or VPNs, that many businesses use for confidential communications among employees.
Intelligence officials say many of their most important targets, including terrorist groups, use the same Webmail and other Internet services many Americans use, so it is crucial to be able to penetrate the encryption that protects them. A statement from the director of national intelligence, James R. Clapper Jr., criticized the reports, saying that it was “not news” that the NSA works to break encryption, and that the articles would damage U.S. intelligence collection. But if intelligence officials felt a sense of betrayal by the disclosures, Internet security experts felt a similar letdown — at the NSA actions.
“There’s widespread disappointment,” said Dan Kaminsky, a prominent security researcher. “This has been the stuff of wild-eyed accusations for years. A lot of people are heartbroken to find out it’s not just wild-eyed accusations.”