Some of the best-remembered encryption debates of the 1990s were about the Clipper chip and the export controls that hampered our software industry from competing globally. I remember them vividly as they were all in my issue portfolio as a staffer for then-Senator Ashcroft. But during the same time another vital debate was underway—whether it would continue to be legal for U.S. citizens to use encryption software when sending email or to protect information on their PC.
The FBI fought for years to weaken encryption, including a long-standing proposal to force citizens to store their decoder “key” in a way that the government could access it and retrieve the encrypted material. In effect the FBI argued that you could lock your house so long as FBI agents had a key to enter. Big government even wanted to force encryption software developers to include a “back door”—a means by which the government could circumvent the encryption protections. It was as if government bureaucrats wanted a secret door built into your house, and unknown to you, so they could enter at will without alerting you. All pretty creepy stuff, but creepy, counterproductive and dangerous stuff that Congress stopped because of the potential for exploitation by government, criminals or terrorists.
During the debates the NSA (National Security Agency) never appeared as interested, which seemed odd, but now we have headlines that explain why: The NSA has been injecting weaknesses into NIST (National Institute of Standards and Technology) standards, and otherwise acting on a less-than-constitutional basis, for years. The NSA has done virtually everything that Congress thought it stopped. That it did so is abhorrent.
The result is the NSA has weakened security for all of us. In its Big Brother quest to gain access to all of our information the agency has bullied, hacked and deceived its way to having a backdoor into encryption.
Building vulnerabilities into all encryption means that all encryption now has vulnerabilities—weaknesses just waiting to be exploited by those who wish to do us harm. They know they only need to look to find the weakness.
The British were aware of the risk of such foolishness. But as the New York Times reports, the NSA ignored the concern and risked our safety anyway, “But the agency was concerned that it could lose the advantage it had worked so long to gain, if the mere ‘fact of’ decryption became widely known. ‘These capabilities are among the Sigint community’s most fragile, and the inadvertent disclosure of the simple “fact of” could alert the adversary and result in immediate loss of the capability,’ a GCHQ document warned.”
So in the end, the NSA has lost the capability it improperly gained, and U.S. citizens have lost more liberties.