NSA's Crypto Betrayal: Good News For Open Source?

Glyn Moody | Computerworld | September 10, 2013

Revelations from documents obtained by whistleblower Edward Snowden that GCHQ essentially downloads the entire Internet as it enters and leaves the UK, and stores big chunks of it, was bad enough. But last week we learned that the NSA has intentionally weakened just about every aspect of online encryption:

The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic - "the use of ubiquitous encryption across the internet".

Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with "brute force", and - the most closely guarded secret of all - collaboration with technology companies and internet service providers themselves.

It's that last point that I want to focus on here - the fact that computer companies are complicit in undermining the security we thought we were using to protect our privacy. I've already written about the way that Microsoft has been doing this through providing zero-day exploits to the NSA for it to use to break into corporate and government systems. Those are probably only short-term opportunities, since Microsoft does then go on to fix the bugs.