By Shu Zhang
WASHINGTON — This month a four-month investigation by The Washington Post reported that nine out of 10 people targeted by the National Security Agency’s surveillance program were normal Internet users, most of whom were American citizens. While there seems to be no doubt how the NSA’s spying into our daily lives violated the Fourth Amendment against unreasonable search and seizure, its harm to cyber security and U.S.-based technology companies hasn’t been well recognized by the public because of the issue’s complexity.
How does the NSA, whose mission is to protect American people and the government, create a more dangerous domestic and international internet environment through surveillance? Earlier this month experts gave the answer in a panel discussion titled “National Insecurity Agency: How the NSA’s Surveillance Programs Undermine Internet Security” at the New America Foundation in Washington, D.C.
“The issue is that they are deliberately weakening the security of everyone else in the world in order to make that spying easier,” said Bruce Schneier, a cryptology expert and author who contributed to The Guardian’s coverage on former NSA contractor Edward Snowden’s leaks.
Instead of targeting specific “bad guys,” Schneier argued, the NSA was creating a more vulnerable cyber network that exposed both the agency’s enemies and harmless regular people to greater outside threats. While it was easier for the NSA to attack whoever it wanted, Internet terrorists could also do the same thing to anyone else.
“That’s exactly what the NSA has become: the best hacker in the entire world,” said Joe Hall, chief technologist at the Center for Democracy and Technology.
One way the NSA can make it easier for bad guys is by requiring U.S. tech companies to insert backdoors into their commercial products so that the agency could hack in whenever it identified any targets. However, the backdoors inevitably weaken the security of those products, leading to unpredictable risks.
“Put a backdoor in,” Schneier said, “three years from now, criminals are using it.”
In addition, when the NSA found the weakness of a software or system, experts said, the agency wouldn’t alert companies to fix the problem. Instead, the NSA would keep the secret to itself for potential future actions.
Eight U.S. tech companies– AOL Inc., Apple Inc., Dropbox, Facebook, Inc., LinkedIn Corp., Microsoft Corp., Twitter, Inc. and Yahoo! Inc. – have formed a Reform Government Surveillance group and issued a joint letter to the Congress to urge lawmakers to take steps to strengthen internet security and increase transparency by reshaping the USA Freedom Act.
“It is in the best interest of the United States to resolve these issues,” eight tech CEOs said in the letter. “Confidence in the Internet, both in the U.S. and internationally, has been badly damaged over the last year.”
“We are urging the Senate to restore the confidence of Internet users in the US and around the world by passing a version of the USA Freedom Act that ensures U.S. surveillance efforts are clearly restricted by law, proportionate to the risks, transparent, and subject to oversight,” said Yahoo!’s spokeswoman Suzanne Philion. “We’re also urging the Senate to allow our companies to provide even greater detail about the number and type of government requests we receive for user data.”
