Bill would bar NSA tactic in encryption
After disclosures about the National Security Agency’s stealth campaign to counter Internet privacy protections, a congressman has proposed legislation that would prohibit the agency from installing “back doors” into encryption, the electronic scrambling that protects email, online transactions and other communications.
Rep. Rush D. Holt Jr., D- N.J., who is also a physicist, said Friday that NSA was overreaching and could hurt American interests, including the reputations of American companies whose products the agency may have altered or influenced.
“We pay them to spy,” Holt said. “But if in the process they degrade the security of the encryption we all use, it’s a net national disservice.”
Holt, whose Surveillance State Repeal Act would eliminate much of the escalation in the government’s spying powers undertaken after the 2001 terrorist attacks, was responding to news reports about NSA documents showing that the agency has spent billions of dollars over the past decade to defeat or bypass encryption. The reports, by The New York Times, Pro-Publica and The Guardian, were posted online Thursday.
The agency has encouraged or coerced companies to install back doors in encryption software and hardware, worked to weaken international standards for encryption and employed custom-built supercomputers to break codes or find mathematical vulnerabilities to exploit, according to the documents, disclosed by Edward J. Snowden, the former NSA contractor.
The documents show that NSA cryptographers have made major progress in breaking the encryption in common use for everyday transactions on the Web, like Secure Sockets Layer, or SSL, as well as the virtual private networks, or VPNs, that many businesses use for confidential communications among employees.
Intelligence officials say many of their most important targets, including terrorist groups, use the same Webmail and other Internet services many Americans use, so it is crucial to be able to penetrate the encryption that protects them. In an intense competition with other sophisticated cyberespionage services, including those of China and Russia, the NSA cannot rule large parts of the Internet off-limits, the officials argue.