The NSA’s Credibility Takes Another Hit


Henry Farrell passes along the news that the NSA is merging two of its major divisions into a single directorate:

The NSA has traditionally had two big responsibilities. The first — spying and surveillance — gets the lion’s share of public attention (and, it would appear, resources). Yet the second responsibility — protecting U.S. networks from external attack — is also very important….Protecting private U.S. networks and computers from intrusion means creating secure cryptographic standards that make it a lot harder for outsiders to break in. The problem is that other networks in other countries are likely to start using the same standards. This means that the better that the NSA does at securing U.S. computers and networks against foreign intrusion, the harder it is going to be for the NSA to break into foreign computers and networks that use the same standards. If, alternatively, it cheats by promoting weak standards, the security of U.S. networks will be weakened, but it will also be easier for the NSA to break into foreign ones.

As Farrell points out, the Snowden leaks showed that the NSA did cheat: they deliberately tried to introduce weaknesses into crypto standards so they’d be able to break into foreign networks. This makes their merger of offense and defense a big problem:

When the NSA had visibly separate organizational structures, with separate budget lines for offense (attacking other people’s systems) and defense (defending one’s own systems), it helped reassure outside observers a little that the defense perspective has its internal advocates within the organization, even if those advocates often lost. In a combined structure, that is no longer the case. Outsiders will find it harder to adjudicate whether the organization is prepared to prioritize defense over offense (at least some of the time).

And that has consequences….It may make it less likely that businesses will trust the NSA with information about vulnerabilities….It may further erode the dominance of U.S. security standards (and U.S. firms) in world markets. It will surely make the cryptographic community more skeptical of cooperating with the NSA. Because the NSA is the kind of organization it is, it has great difficulty in communicating its true intentions and getting others to believe them, even when it wants to. Split organizational structures (which are costly because they go along with budget lines, factional fighting and so on) are one of the very few ways that it can credibly communicate its priorities to outsiders, and reassure them, if it wants to reassure them, that it is interested in protecting networks as well as subverting them.

To be honest, I’m surprised the crypto community—especially overseas—is willing to cooperate with the NSA at all, given what we now know. They are plainly pretty obsessed with sneaking backdoors into both crypto standards and network devices. If the Snowden leaks didn’t destroy their credibility on this subject forever, I’m not sure what would.

In any case, this is some boring bureaucratic news that might have some real-world consequences. You’ll probably never hear about it again, so I figured it might be worth hearing about it at least once.

DOES IT FEEL LIKE POLITICS IS AT A BREAKING POINT?

Headshot of Editor in Chief of Mother Jones, Clara Jeffery

It sure feels that way to me, and here at Mother Jones, we’ve been thinking a lot about what journalism needs to do differently, and how we can have the biggest impact.

We kept coming back to one word: corruption. Democracy and the rule of law being undermined by those with wealth and power for their own gain. So we're launching an ambitious Mother Jones Corruption Project to do deep, time-intensive reporting on systemic corruption, and asking the MoJo community to help crowdfund it.

We aim to hire, build a team, and give them the time and space needed to understand how we got here and how we might get out. We want to dig into the forces and decisions that have allowed massive conflicts of interest, influence peddling, and win-at-all-costs politics to flourish.

It's unlike anything we've done, and we have seed funding to get started, but we're looking to raise $500,000 from readers by July when we'll be making key budgeting decisions—and the more resources we have by then, the deeper we can dig. If our plan sounds good to you, please help kickstart it with a tax-deductible donation today.

Thanks for reading—whether or not you can pitch in today, or ever, I'm glad you're with us.

Signed by Clara Jeffery

Clara Jeffery, Editor-in-Chief

We Recommend

Latest

Sign up for our newsletters

Subscribe and we'll send Mother Jones straight to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate