The NSA’s Credibility Takes Another Hit

For indispensable reporting on the coronavirus crisis and more, subscribe to Mother Jones' newsletters.


Henry Farrell passes along the news that the NSA is merging two of its major divisions into a single directorate:

The NSA has traditionally had two big responsibilities. The first — spying and surveillance — gets the lion’s share of public attention (and, it would appear, resources). Yet the second responsibility — protecting U.S. networks from external attack — is also very important….Protecting private U.S. networks and computers from intrusion means creating secure cryptographic standards that make it a lot harder for outsiders to break in. The problem is that other networks in other countries are likely to start using the same standards. This means that the better that the NSA does at securing U.S. computers and networks against foreign intrusion, the harder it is going to be for the NSA to break into foreign computers and networks that use the same standards. If, alternatively, it cheats by promoting weak standards, the security of U.S. networks will be weakened, but it will also be easier for the NSA to break into foreign ones.

As Farrell points out, the Snowden leaks showed that the NSA did cheat: they deliberately tried to introduce weaknesses into crypto standards so they’d be able to break into foreign networks. This makes their merger of offense and defense a big problem:

When the NSA had visibly separate organizational structures, with separate budget lines for offense (attacking other people’s systems) and defense (defending one’s own systems), it helped reassure outside observers a little that the defense perspective has its internal advocates within the organization, even if those advocates often lost. In a combined structure, that is no longer the case. Outsiders will find it harder to adjudicate whether the organization is prepared to prioritize defense over offense (at least some of the time).

And that has consequences….It may make it less likely that businesses will trust the NSA with information about vulnerabilities….It may further erode the dominance of U.S. security standards (and U.S. firms) in world markets. It will surely make the cryptographic community more skeptical of cooperating with the NSA. Because the NSA is the kind of organization it is, it has great difficulty in communicating its true intentions and getting others to believe them, even when it wants to. Split organizational structures (which are costly because they go along with budget lines, factional fighting and so on) are one of the very few ways that it can credibly communicate its priorities to outsiders, and reassure them, if it wants to reassure them, that it is interested in protecting networks as well as subverting them.

To be honest, I’m surprised the crypto community—especially overseas—is willing to cooperate with the NSA at all, given what we now know. They are plainly pretty obsessed with sneaking backdoors into both crypto standards and network devices. If the Snowden leaks didn’t destroy their credibility on this subject forever, I’m not sure what would.

In any case, this is some boring bureaucratic news that might have some real-world consequences. You’ll probably never hear about it again, so I figured it might be worth hearing about it at least once.

Thank you!

We didn't know what to expect when we told you we needed to raise $400,000 before our fiscal year closed on June 30, and we're thrilled to report that our incredible community of readers contributed some $415,000 to help us keep charging as hard as we can during this crazy year.

You just sent an incredible message: that quality journalism doesn't have to answer to advertisers, billionaires, or hedge funds; that newsrooms can eke out an existence thanks primarily to the generosity of its readers. That's so powerful. Especially during what's been called a "media extinction event" when those looking to make a profit from the news pull back, the Mother Jones community steps in.

The months and years ahead won't be easy. Far from it. But there's no one we'd rather face the big challenges with than you, our committed and passionate readers, and our team of fearless reporters who show up every day.

Thank you!

We didn't know what to expect when we told you we needed to raise $400,000 before our fiscal year closed on June 30, and we're thrilled to report that our incredible community of readers contributed some $415,000 to help us keep charging as hard as we can during this crazy year.

You just sent an incredible message: that quality journalism doesn't have to answer to advertisers, billionaires, or hedge funds; that newsrooms can eke out an existence thanks primarily to the generosity of its readers. That's so powerful. Especially during what's been called a "media extinction event" when those looking to make a profit from the news pull back, the Mother Jones community steps in.

The months and years ahead won't be easy. Far from it. But there's no one we'd rather face the big challenges with than you, our committed and passionate readers, and our team of fearless reporters who show up every day.

We Recommend

Latest

Sign up for our newsletters

Subscribe and we'll send Mother Jones straight to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate

We have a new comment system! We are now using Coral, from Vox Media, for comments on all new articles. We'd love your feedback.