USA Today has two eye popping stories on the NSA crypto capabilities. The first story is entitled “Why NSA’s decrypting is OK” in their mobile app and The Case Supporting the NSA’s PRISM decrypting in their online version. The title already gives an idea of the slant that the article will take. The article starts with a bold statement “A consensus is gelling that the NSA — in using brute-force password hacking techniques, cracking into Virtual Private Networks and Secure Sockets Layer services and taking steps to weaken certain inherently weak encryption protocols – is simply doing what the NSA has always done, and was, in fact, created to do: keep the U.S. competitive in the spy-vs-spy world.” The article never defends this assertion and it is wildly at odds with the consensus that I see gelling on Facebook and on the technical cryptography mailing lists which I browse. To give the author the benefit of the doubt, I could be convinced that this is a consensus of NSA mouth pieces.
The second story is entitled Latest PRISM Disclosures Shouldn’t Worry Consumers and proves that the author the the story has no conception of why people are legitimately angry about the revelations. “Should the latest disclosures of decrypting techniques used as part of the NSA’s PRISM anti-terrorism surveillance program keep you awake tonight? Only if you do not believe President Obama and NSA Director Army Gen. Keith Alexander that any and all spying techniques are used strictly in very narrow circumstances to target suspected foreign terrorists, under a federal court review process.” You would be crazy if you did believe this because the NSA themselves have admitted that the techniques have been abused. Google LOVEINT for a clue.
“‘The people who work on PRISM are working to protect us,’ says Tom Kellermann, Trend Micro’s vice president of cybersecurity. ‘They don’t care what movie you’re going to or whether someone is cheating on his wife.’” Whether they care or not, they shouldn’t have access to that information.
“‘The big revelation is that the NSA is actually able to view more encrypted data than anyone thought,’ says Chris Petersen, chief technology officer at security analytics company LogRhythm. ‘What this will really do is put our adversaries on notice that they need to invest in stronger encryption. This really has no bearing on the average citizen.’” Spoken like a person who does not believe in democracy and freedom.
I won’t quote anymore from that article. I wish I could give the people quoted in the article the benefit of the doubt – that, as usual with reporters, their comments were taken out of context. I will say to the people quoted in the story, if this is really what you think, then you are the problem.
I post these because it is fun to see what people on the other side of the debate are thinking. And because I want to take note of the people in the industry who said these crazy things. And because it is sometimes just *fun* to read these types of articles and get outraged.