NY Times: NSA Should Be Barred From Requiring Companies To Introduce Surveillance Backdoors

from the good-for-them dept

Mon, Sep 23rd 2013 8:43am — Mike Masnick

This is a bit surprising, given the source, but the NY Times editorial board has come out strongly against the NSA's practice of forcing companies to install backdoors in no uncertain terms:

These back doors and special access routes are a terrible idea, another example of the intelligence community’s overreach. Companies and individuals are increasingly putting their most confidential data on cloud storage services, and need to rely on assurances their data will be secure. Knowing that encryption has been deliberately weakened will undermine confidence in these systems and interfere with commerce.

The back doors also strip away the expectations of privacy that individuals, businesses and governments have in ordinary communications. If back doors are built into systems by the N.S.A., who is to say that other countries’ spy agencies — or hackers, pirates and terrorists — won’t discover and exploit them?

In two short paragraphs, the editorial gets right to the heart of the problem. The "cost" to having these backdoors is undeniably huge in terms of trust and privacy. The harm to individuals and businesses is tremendous, but the benefits are, at best, minor. We get vague discussions about stopping some terrorist attacks, but still others get through. Yet, in every day life there are risks. It's ridiculous to expect 100% perfection in stopping terrorists, and when we go way too far in trying to stop every attack, we lead to unintended consequences such as destroying privacy and harming the ability of companies to build better, more secure products.

Surprisingly, again, the NY Times then speaks out in support of a bill from Rep. Rush Holt that would make it illegal for the government to require backdoors in various products. This would be a huge step in enabling the US tech industry to move forward with more secure encryption.

Representative Rush Holt, Democrat of New Jersey, has introduced a bill that would, among other provisions, bar the government from requiring software makers to insert built-in ways to bypass encryption. It deserves full Congressional support. In the meantime, several Internet companies, including Google and Facebook, are building encryption systems that will be much more difficult for the N.S.A. to penetrate, forced to assure their customers that they are not a secret partner with the dark side of their own government.

This is unlikely to happen, unfortunately. The DOJ, for years, has been pushing for even more backdoors. And, you may recall, just a month or so before the Snowden leaks, the DOJ wanted the power to fine companies who wouldn't install surveillance backdoors. The law enforcement world would go absolutely ballistic, should Holt's bill ever get near becoming law.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, nsa, nsa surveillance, rush holt, security, surveillance

30 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Ninja (profile), 23 Sep 2013 @ 7:03am

The law enforcement world would go absolutely ballistic, should Holt's bill ever get near becoming law.

If anything this will be fun to watch. This time they'll need wizardry to prevent such bill from moving forward. There's far too much support given all the leaks. Still, I do believe they can perform some magic tricks when in dire need and turn it from fun into terrifying. How far can the US Govt go to maintain its Police State capabilities?
[ link to this | view in chronology ]
Anonymous Coward, 23 Sep 2013 @ 9:06am

Without backdoors, the gov will be forced to go to a judge to get a warrant after probable cause is established. What an idea.
[ link to this | view in chronology ]
Anonymous Coward, 23 Sep 2013 @ 9:11am

NSA should be sent to the moon
[ link to this | view in chronology ]
- Michael, 23 Sep 2013 @ 9:15am
  
  Re:
  I think you are confused too:
  http://www.techdirt.com/articles/20130918/07151324566/angered-nsas-actions-brazilian-hacker-de faces-nasa-websites.shtml
  [ link to this | view in chronology ]
  - Anonymous Coward, 23 Sep 2013 @ 9:25am
    
    Re: Re:
    lol, I get the joke, but, they should still go to the moon.
    
    and possibly send nasa to the moon too........ again....
    [ link to this | view in chronology ]
    - TaCktiX (profile), 23 Sep 2013 @ 11:34am
      
      Re: Re: Re:
      Clearly what we should do is use NASA to send the NSA to the moon. Two birds, one stone.
      [ link to this | view in chronology ]
- Anonymous Coward, 23 Sep 2013 @ 11:24am
  
  Re:
  I think the sun would be a much brighter option. Literally.
  [ link to this | view in chronology ]
- Internet Zen Master (profile), 23 Sep 2013 @ 12:43pm
  
  Re:
  As long as we can design a ship that lets Gen. Alexander stay in his Star Trek Captain's chair, I don't think he'd have much of a problem with this idea...
  [ link to this | view in chronology ]
Anonymous Coward, 23 Sep 2013 @ 9:13am

make that all the "leaders" (*cough* slave masters) of the world. they should all be sent to the moon. with haste
[ link to this | view in chronology ]
- Anonymous Coward, 23 Sep 2013 @ 9:28am
  
  Re:
  add "also" to the beginning of the above post.
  [ link to this | view in chronology ]
- OldMugwump (profile), 23 Sep 2013 @ 9:43am
  
  Re: make that all the "leaders" (*cough* slave masters) of the world
  http://en.wikipedia.org/wiki/Sic_semper_tyrannis
  [ link to this | view in chronology ]
  - Anonymous Coward, 23 Sep 2013 @ 9:54am
    
    Re: Re: make that all the "leaders" (*cough* slave masters) of the world
    wow, nevermind. Im' just another fool on the internet
    [ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

out_of_the_blue, 23 Sep 2013 @ 9:19am

Even the NY Times engages in Populism now and then.
Don't believe for a second that it's sincere.

Your take on the advice,"bar the government from requiring software makers" is as usual Pollyanna-ish and shallow; to me the KEY word there makes it sounds like corporatist elites advising bribery over coercion 'cause you catch more flies -- more LOYAL flies -- with honey than vineger.

And besides that: there'll be no change until people go to jail for crimes already committed.
[ link to this | view in chronology ]
Anonymous Coward, 23 Sep 2013 @ 9:33am

who is to say that other countries� spy agencies � or hackers, pirates and terrorists � won�t discover and exploit them?

It is more reasonable to assume that any competent foreign spy agency has already obtained the information. Ed Snowden has demonstrated how easy it is to penetrate NSA's secrets. The fact that the Chinese let him leave, and the Russians are not trying to keep him suggests that they already know all the interesting stuff that he could tell them.
Note, they do not necessarily need his documents, but could gain a lot of useful information from talking to him, if NSA had managed to keep its secrets.
[ link to this | view in chronology ]
The Groove Tiger (profile), 23 Sep 2013 @ 9:33am

"NSA Should Be Barred."

FTFY.
[ link to this | view in chronology ]
Me, 23 Sep 2013 @ 9:34am

This is a start but not the heart of the issue
The essence is this. Protecting America means protecting liberty and that is, to honestly protect the Constitution, including the spirit of the 4th. The editorial can also be read that it is ok NSA can spy on everything only if they don't harm commerce. But the fact is, if NSA does not protect liberty, they do not protect America and have failed their primary mission. In fact, currently they harm America, beyond commerce alone. This means, they must stop mass surveillance of America, period.
[ link to this | view in chronology ]
- Anonymous Coward, 23 Sep 2013 @ 9:36am
  
  Re: This is a start but not the heart of the issue
  Yep - The NSA is more Un-American than the HUAC.
  [ link to this | view in chronology ]
- John Fenderson (profile), 23 Sep 2013 @ 9:45am
  
  Re: This is a start but not the heart of the issue
  But the fact is, if NSA does not protect liberty, they do not protect America and have failed their primary mission.
  
  A million times this. In fact, their outright assault on liberty and the Constitution is why I consider their actions (and the similar actions by other spy and law enforcement agencies) to be straight up unamerican.
  [ link to this | view in chronology ]
Some Guy, 23 Sep 2013 @ 9:38am

That's why the only real future of encryption is open source. That way if an algorithm is compromised, at least it is compromised in full view of the development community, which is about the best we can hope for. Then you publish the hash value for the compiled binaries and presumably everyone knows if they have a clean copy when they go to use it.
[ link to this | view in chronology ]
- John Fenderson (profile), 23 Sep 2013 @ 9:48am
  
  Re:
  That way if an algorithm is compromised, at least it is compromised in full view of the development community, which is about the best we can hope for.
  
  No, I'm sorry. If the implementation is compromised, then maybe. But if the algorithm is compromised, no amount of looking at the source will spot it.
  
  Seriously, cryptology is a very complicated, specialized branch of applied mathematics. Algorithmic errors (both intentional and not) are incredibly easy to make and incredibly hard to spot. This is why only fools invent their own crypto -- unless you're an expert, the odds are overwhelming that you will introduce a vulnerability without ever noticing it.
  [ link to this | view in chronology ]
  - Anonymous Coward, 23 Sep 2013 @ 11:59am
    
    Re: Re:
    The open source community includes specialists in cryptology. Further with the code being open, it must be assumed that some of these experts work for unfriendly governments. When trying to get a backdoor into open source software, it is not just the known developers that you have to get it past, but also the unknown expert who is working for an unfriendly government.
    Unless you work for the US government, you assume that they are better than you. |That is why weakening a public standard was a stupid thing to do, unless you want other intelligence agencies to be able to break domestic encrypted commercial and private traffic.
    [ link to this | view in chronology ]
Anonymous Coward, 23 Sep 2013 @ 9:56am

perhaps a way of making this shit sink in is to ask how the USG would feel if it were to discover that all of it's communications were being intercepted, decoded and read before being passed on? how would it feel if other countries suddenly got advanced knowledge of different products and manufacturing techniques? and the biggest one, how would it feel if suddenly there was an influx of beneficial drugs introduced on to the market, taking away almost all of the income from the vastly over priced US companies, and it was all due to the security forces of a country like, for example, India or Thailand, countries that normally dont have two cents to scratch their asses with? there would be hell to pay! those countries would be chastise from arse hole to breakfast and demands made in compensation as well as assurances that the spying stopped.
we already have another situation brewing, instigated by the USA over a company being able to sue a country because the company thinks it deserves to get patents etc on a product, even though it has been proven or suspected of having problematic side effects and in protecting it's citizens, the country has refused to give permission to sell the product! if this stuff carries on, the world is going to be in seriously deep shit, because a country is going to have to either allow a product to be sold, even when it is known to be dangerous or it has got to pay a fortune to the company for not allowing it to be sold! what a nightmare scenario! and thanks yet again to the USA! it ought to be stopped from trading with everywhere else. it's too bloody dangerous and self-serving!!
[ link to this | view in chronology ]
- Michael, 23 Sep 2013 @ 1:04pm
  
  Re:
  perhaps a way of making this shit sink in is to ask how the USG would feel if it were to discover that all of it's communications were being intercepted, decoded and read before being passed on
  
  You mean by someone other than Israel?
  http://www.techdirt.com/articles/20130911/08530124484/new-leak-shows-nsa-shares-raw-domesti c-communications-data-with-israeli-intelligence.shtml
  [ link to this | view in chronology ]
Anonymous Coward, 23 Sep 2013 @ 4:46pm

NSA should be dismantled.
[ link to this | view in chronology ]
Anonymous Coward, 23 Sep 2013 @ 6:14pm

We just need secure, open-source hardware and software. Cryptography specialists and home-brew citizens will take care of the security aspects.

What we really need is secure smartphones, because that's where humanity is currently getting bashed over the head by repressive governments.

I dream of the day a smartphone with open-source hardware and software drivers is released.

Once that day comes, humanity will finally be able to exercise their human rights to secure, private, communications.

It will feel absolutely liberating!

I don't care what Congress does. I don't care what Apple or Google does. They're all corrupt and can never be trusted.

I hope someone uploads specification to the internet, showing how to build an Open-Source Smartphone. That's what we really need.

If no company will build it, then we'll buy the components separately and build the phones ourselves. We'll 3D print the casings ourselves and use SIM cards from existing phone carriers if we have to.

Ahh, the future could be absolutely marvelous! If we manage to survive through the crony capitalist era, that is.
[ link to this | view in chronology ]
Bergman (profile), 23 Sep 2013 @ 11:46pm

It's a hell of a thing...
[ link to this | view in chronology ]
- Bergman (profile), 23 Sep 2013 @ 11:52pm
  
  Re: It's a hell of a thing...
  Oops. Hit enter and it posted instead of dropping down a line. =(
  
  Basically, the feds are saying that they can spy on us because we are easy to spy on and therefore don't have an expectation of privacy...but in order to make it easy to spy on us, they had to at some point invade our privacy.
  
  But now that they've invaded our privacy, we have none because we didn't object to a secret court making secret interpretations of secret laws that we didn't know existed at the time. Of course, anyone who actually did somehow object (due to having psychic powers, perhaps) would have been prosecuted for espionage, probably in secret in a secret court.
  
  By that logic, absolutely anything can be justified and absolutely NOTHING is illegal.
  [ link to this | view in chronology ]
  - Anonymous Coward, 24 Sep 2013 @ 4:36am
    
    Re: Re: It's a hell of a thing...
    "Of course, anyone who actually did somehow object (due to having psychic powers, perhaps) would have been prosecuted for espionage, probably in secret in a secret court."
    
    More accurately, a federal court would have said the same thing they told the ACLU. "You cannot prove the secret spy program exists. Therefore, your case cannot go forward due to lack of standing".
    
    So you are correct. There's no possible way anyone outside the government, could have prevented these unconstitutional spy programs from happening.
    
    It took a brave, selfless soul like Edward Snowden to shine light on this atrocity.
    [ link to this | view in chronology ]
Postulator (profile), 24 Sep 2013 @ 1:32am

When even your best friend is turning on you, maybe it's time for a little self-reflection.
[ link to this | view in chronology ]
DNY (profile), 24 Sep 2013 @ 7:43am

Cloud storage?
Cloud storage has to be the weakest argument which can possibly be advanced here. If one is worried about security of files in the cloud, get an open source encryption program, check it for back doors, encrypt things on your local machine before putting them in the cloud and decrypt them when you get them back, rather than relying on the storage provider's encryption.

The real issues involve shared and communicated data in contexts where everything has to be done online because sharing keys by physical transfer is infeasible.

One wonders whether the NYTimes is cryptologically illiterate or is deliberately advancing a straw-man because they are really in favor of expanding the power of the state.
[ link to this | view in chronology ]