The National Security Agency (NSA) is refusing to reveal its new policies on the placing of back doors into commercial tech products. While the agency may argue these backdoors are valuable for national security, they present privacy concerns and are a risk to national security should foreign adversaries manage to exploit them.
Edward Snowden, a former NSA employee, now labeled a traitor, revealed how the NSA enters into agreements with US-based technology companies to give them special access (back doors) to their products. These backdoors allow the NSA and other government agencies to access personal data without a warrant.
After Snowden revealed the agency’s illegal spying, it adopted new policies to reduce the risk of compromise and exposure in the future, according to three former employees who spoke to Reuters.
However, the NSA refused to reveal the new rules to Democrat Senator Ron Wyden, who is a member of the Senate Intelligence Committee.
“Secret encryption back doors are a threat to national security and the safety of our families – it’s only a matter of time before foreign hackers or criminals exploit them in ways that undermine
American national security. The government shouldn’t have any role in planting secret backdoors in encryption technology used by Americans,” Wyden said, speaking to Reuters.
Opponents to the NSA practice of having back doors to tech products argue that foreign adversaries can exploit them. These critics are not wrong. In 2015, a foreign government exploited a back door, in Juniper Networks systems, that was being used by the US intelligence community. Juniper admitted that the NSA created the back door.
The back door was attributed to an encryption tech called Dual EC, which the NSA promoted in the hopes of making it an industry standard. It is not clear whether tech companies knew that the NSA could use Dual EC to access encrypted data.
It was not determined what foreign government hacked Juniper through NSA’s backdoor. However, China was the main suspect.
Another issue with these back doors is that they make people wary of US technology, and botch the efforts to convince US allies to ditch Chinese tech (China is known to strong-arm tech companies to provide personal data with the excuse of “national security.”)
RSA, which was once a security pioneer, lost its credibility after it was revealed that it cut deals with the government to leave back doors in its security systems.
“At NSA, it’s common practice to constantly assess processes to identify and determine best practices. We don’t share specific processes and procedures,” said Anne Neuberger, the head of NSA’s Cybersecurity Directorate.
According to NSA officials, the agency has been making efforts to rekindle trust with the private sector through different methods, including offering to alert them to flaws and loopholes in their systems.
While many tech companies are sceptical about working with the government, the NSA still seeks them out, since “special access” is too valuable, a former NSA agent said.
The anonymous sources that spoke to Reuters claimed to have some idea of the agency’s new policies on back doors. Apparently, before seeking a back door, the agency first determines the potential risk and installing an alert system should the back door be discovered or manipulated by foreign adversaries.