The encryption question: Matters of trust
The National Security Agency faces yet another trust issue — one involving commercial encryption used worldwide to keep passwords, credit-card numbers and other confidential information secure online.
Documents leaked by former NSA contractor Edward Snowden show “the NSA has sought to defeat” such security measures, using “financial incentives, secret courts and outright theft to acquire the digital ‘keys' to widely used commercial encryption technologies,” The Washington Times reports. The NSA even worked with its British counterpart to insert “back doors” into such software, enabling access to encrypted online content.
Retired Air Force Gen. Michael V. Hayden, the NSA's former boss, says that if U.S. agencies can exploit such vulnerabilities, they are “legally and morally obliged” to do so “to help keep the American people safe” from terrorists and criminals who also use commercial encryption. And the NSA maintains it uses such capabilities only against legitimate foreign intelligence targets.
Yet the NSA has conflicting missions: defeating encryption for surveillance purposes while using it to protect U.S. communications. Yes, it needs to gather intelligence — but undermining public trust in encryption is worse than having no such security at all.
Innovation can offset these revelations' chilling effect on the commercial encryption industry. But it can't offset the NSA's further loss of public trust resulting from these revelations.