Revelations in the news media that the National Security Agency has expanded its surveillance to subvert encryption protections for Internet traffic is disturbing, but unfortunately not surprising. The NSA's mission has long centered on cracking encryption. It is not illogical to assume that with minimal oversight and maximum secrecy, mission creep would occur.
News reports based on leaked documents indicate that the NSA subverted the normal scientific process at NIST to build standards into encryption programs that left vulnerabilities they later planned to exploit. The stories allege officials bullied some Internet companies in an effort to create back doors.
The zeal that comes across in the leaked NSA documents about its encryption-busting efforts is unmistakable, and unfortunate. We should not doubt that these are dedicated, competent, patriotic people who truly believe they are on a noble mission to protect our country. But the NSA's single-minded mission of all-encompassing surveillance seems to disregard and minimize the cost to our citizens and our democratic rights.
Our democratic freedoms should be cherished. If there are cases where certain freedoms may need to be infringed for national security, these cases should be thoughtful and well-considered, and protections like the Fourth Amendment's warrant requirement preserved.
We are witnessing a tragic case of myopia on the part of the NSA. The NSA has been so focused on succeeding in its own narrow and important mission, that it seems the agency stretched loosely-crafted laws way beyond expectations. This gives us little confidence that, where legal restraints are concerned, the NSA won't continue to seek ways to evade oversight and disregard Constitutional rights.
On the surface it is clear that trust in the security of the code underlying many sensitive communications including financial transactions has been broken. But more fundamentally the trust people have in the Internet as a form of communications and commerce has been undermined, and even more seriously, our trust in open democratic government and its ideals is diminished.
Among the many upsetting aspects of the scope of this program is that this type of program was debated in the 1990s, and the political opposition was steep. Senators from John Ashcroft to John Kerry opposed it for violating the Constitution and harming the nation's long-term economic interests. But current news reports indicate the NSA enacted on their own what they failed to obtain support for in the national public policy arena.
What they somehow miss is that their effort to violate the security of a few weakens the security of the many. By building back doors, they have undermined the ability of everyone else in the world to self-protect their own private information.
While no one can doubt the great technical expertise of the NSA and other parts of the surveillance community, other stakeholders' input would bring broader political and strategic context, which is critical when such policies and practices are being adopted or reviewed.
Our concern over the methods used to crack encrypted content is dwarfed by the unintended consequences -- the collateral damage to our economy, the Internet, our country, our allies, and democratic forms of government. And let's be clear, the responsibility for the consequences we deplore lies not with the leakers nor with the implementers, but with the policy decision makers. They failed in realizing the risks and consequences of their aggressive policies being revealed, and in their overconfidence that a secrecy blanket could be permanently maintained.
After seeing the way privacy and legal doors and loopholes were used and abused, it's clear we need to reassess as a nation how to draw appropriate boundaries around surveillance. Those boundaries will need to be protected by transparency and strengthened by much more robust checks and balances than those that have been circumvented.
Secret courts ruling on secret executive branch surveillance programs while keeping much of the legislative branch and public in the dark creates a false illusion of checks and balances without the effectiveness of real oversight. We're now paying the price for this.
How we collectively deal with this issue of broken codes and broken trust will say a lot about what kind of country we have become. The problem goes beyond the technical aspects of encryption and cybersecurity. The United States risks not only credibility on the world stage, but an erosion from within of our own democratic values. Continued legal and operational secrecy by the government provides ongoing opportunity for abuse, and may lead us to the point where we as nation one day realize that we have eroded the foundation of our Democracy.