Bruce Schneier, explaining to Financial Times why US tech companies will get hurt by news that NSA got some of them to put back doors into their products while others complied with the FISA court orders — even setting up automated systems transfer the data:
“How would it be if your doctor put rat poison in your medicine? Highly damaging,” said Bruce Schneier, a US computer security expert.
Might make you shop around a just a little bit. When the dust settles though, it’s not clear what other country’s tech providers will seem more trustworthy. China? Korea? UK? France? Unlikely all. Not Switzerland. Certainly not Russia. Who then? Can Iceland grow a big enough tech sector?
But it’s called warfarin, one of the most prescribed medications in the country.
OK, you win the Internet today.
P.S. the NSA was created by executive order, and the Congress has never passed a single law proscribing its behavior.
National Security Agency Act of 1959 ?
The Act you cited is almost exclusively about employee compensation.
It also includes strange caveats like:
“Sec. 2. (a) The Secretary of Defense (or his designee) is
authorized to establish such positions, and to appoint thereto,
without regard to the civil service laws, such officers and
employees, in the National Security Agency, as may be necessary to
carry out the functions of such agency”
and
“(b)(1) In order to maintain necessary capability in foreign
language skills and related abilities needed by the National
Security Agency, the Director, without regard to subchapter IV of
chapter 55 of title 5, United States Code, may provide special
monetary or other incentives to encourage civilian cryptologic
personnel of the Agency to acquire or retain proficiency in foreign
languages or special related abilities needed by the Agency.”
I also found this:
“The power of the N.S.A., whose annual budget and staff are believed to exceed those of either the F.B.I. or the C.I.A., is enhanced by its unique legal status within the Federal Government. Unlike the Agriculture Department, the Postal Service or even the C.I.A., the N.S.A. has no specific Congressional law defining its responsibilities and obligations. Instead, the agency, based at Fort George Meade, about 20 miles northeast of Washington, has operated under a series of Presidential directives. Because of Congress’s failure to draft a law for the agency, because of the tremendous secrecy surrounding the N.S.A.’s work and because of the highly technical and thus thwarting character of its equipment, the N.S.A. is free to define and pursue its own goals”
http://www.nytimes.com/1983/03/27/magazine/the-silent-power-of-the-nsa.html
To your point, I think this COULD lead to more people stopping reliance upon closed standards and moving more toward the open standards in that someone (hopefully) more capable than them will be looking at such code closely and determining that it is free of back doors. (Ignoring for the moment the hardware issues in play). You don’t need to worry about some cloud server company, wittingly or otherwise, handing your data over to NSA if you’ve encrypted it yourself, with good encryption, before ever putting it out there. (again, ignoring some facts for complicated discussion reasons).
But the real problem in ALL of this is that most people just don’t CARE. You have the subset (of all Americans) who know little about tech and won’t educate themselves. You have another subset who know little and probably are (in practice) uneducatable to a level necessary to really understand. You have the people that think that privacy is a relic of a past age. And you have the subset of people who proudly proclaim that they have nothing to hide – because they’ve, by golly, done nothing wrong, and if it helps find bad guys…
Then there are the only humans on the planet that can correct or stop the situation (Congress, in combination, perhaps, with the Federal Courts), and it won’t happen (and nobody else will ever have enough standing), so…
Between all these subsets, you only have a few people left, and they just wind up seeming like crazies because they advocate encrypted emailing, etc. Whether what is happening is legal or not, isn’t even an issue that will ever matter.
It may be worth reminding people that the creator of the internet was DARPA, the “Defense” Advanced Research Projects Agency. Since then, the military-industrial complex has never thought of it any other way than as a military asset.
Actually, since industrial-scale commerce got its hands on the Internet, the Pentagon views it as an enemy weapons system:
http://news.bbc.co.uk/2/hi/americas/4655196.stm
That’s why they’re hunting for terists in online video games.