By Juan Cole | —
In all the discussions of what is alleged to be North Korea’s horrible cyber-vandalism against Sony Pictures, I haven’t seen anyone bring up a key issue: The National Security Agency has been for two decades a powerful behind-the-scenes lobby for weak internet encryption and privacy protocols.
I don’t know enough of the details of how Sony was hacked to be able to prove that specific weaknesses derived from the NSA anti-privacy lobbying and bribing. But it is certainly the case that the US government is implicated in exposing millions of consumers to such invasions of privacy.
Just this year, I wrote of a Reuters story:
“ Reuters gets the scoop: the National Security Agency gave internet security firm RSA some $10 million to use an NSA encryption formula in its BSafe software. RSA is now a subsidiary of the EMC corporation, and they have urged customers not to use BSafe since the revelations by Edward Snowden made clear that the NSA’s formula in fact allowed the agency access to all the information supposedly encrypted with it.
This story should be a huge scandal, but I fear it won’t be. This is like the FDA paying a pharmaceutical company to carry a drug that does not work and could therefore leave patients open to dying from an untreated illness after taking medication they are assured will cure it. If the NSA could exploit weaknesses in the encryption formula, so could hackers. The NSA subverted the will of millions of customers around the world who used RSA software precisely in a quest to be safe from the prying eyes of government officials and other peeping Toms.
Moreover, the $10 million has to be seen as a bribe (it was a third of that RSA’s income that year). Isn’t it illegal for government officials to bribe private companies? Isn’t it moreover illegal for intelligence officials to give out money like candy to a private company in order to spy on Americans on American soil?
I’d like to know what NSA official or officials were involved in this sting operation on the American people. I’d like to know if Barack Obama knew about it. I’d like to know if the corporate officials who accepted the “contract” with these strings attached knew they were screwing us all over.
This Reuters story makes sense of the allegation emerging from the Snowden leaks three months ago that the NSA had spent $250 million on keeping access to encrypted data by working with firms that provided encryption services. Presumably they have just been ensuring that no one’s encryption formula actually shields things from them.
Increasingly, firms and governments abroad would be crazy to buy encryption products from American companies. Likewise, getting cloud services from US corporations is a way to ensure that the US government can steal your trade secrets.”
And here is Pratap Chatterjee:
“There are three broad ways that these software companies collaborate with the state: a National Security Agency program called “Bullrun” through which that agency is alleged to pay off developers like RSA, a software security firm, to build “backdoors” into our computers; the use of “bounty hunters” like Endgame and Vupen that find exploitable flaws in existing software like Microsoft Office and our smartphones; and finally the use of data brokers like Millennial Media to harvest personal data on everybody on the Internet, especially when they go shopping or play games like Angry Birds, Farmville, or Call of Duty.”
ProPublica has also been reporting on how the NSA systematically and determinedly more or less broke the internet with regard to privacy. Hollywood executives are going back to faxing things instead of emailing them, and that might be a good idea for everyone.
So when Barack Obama urges Sony executives to stand firm, and when Sen. Lindsey Graham (R-SC) rattles sabers at North Korea, we should remember that this “act of war,” as some term Pyongyang’s hacking of Sony, was probably made possible by the baleful effect on the internet of… the US government, because it wants to be able to do to whoever it pleases what North Korea just allegedly did to Sony.
Related video added by Juan Cole: