The dangers of weakening cybersecurity to facilitate surveillance
Posted on 05 November 2013.
In response to the controversy over the alleged surveillance practices of the NSA, the White House established the Review Group on Intelligence and Communication Technologies, which is expected to provide recommendations to the president next week.

In comments to the Review Group, Carnegie Mellon University's Jon Peha recommended a re-evaluation of those practices that weaken commercial products and services. These practices include weakening standards and placing "back doors" into products that are accessible to U.S. government agencies.

Peha, a professor of engineering and public policy and former chief technology officer of the FCC and assistant director of the White House's Office of Science and Technology, said deliberately weakening commercial products and services may make it easier for U.S. intelligence agencies to conduct surveillance, but "this strategy also inevitably makes it easier for criminals, terrorists and foreign powers to infiltrate these systems for their own purposes." Peha pointed out that cybersecurity vulnerabilities created to eavesdrop on terrorists could have vast unintended consequences.

"If we can weaken the standard for a general-purpose encryption algorithm, then it is impossible to predict what will become vulnerable. Perhaps this algorithm will be used to protect stock market transactions, or the real-time control of an electric power grid, or the classified designs of a military aircraft, which would then become vulnerable," Peha said.

While some argue that these policies sacrifice privacy to improve national security, Peha says such policies "may have actually compromised both privacy and security in a failed attempt to improve security."

"Policies that deliberately weaken the security of U.S. products and services will affect U.S. competitiveness," Peha said. "Customers will naturally prefer products and services from companies that they believe are immune from such a policy."

Peha argues that the solution is for the NSA to apply a "comprehensive approach to assessing risks associated with these practices," which includes "protecting individual Americans from cyberattacks that lead to credit card fraud, protecting companies from cyberattacks that lead to theft of intellectual property, and protecting the competitiveness of U.S. information technology firms in the global marketplace."

"A risk assessment that only considers NSA's ability to conduct surveillance would inevitably lead to practices that weaken the security of commercial products and services even when doing so is harmful to American interests," he said.





Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //