NSA Allowed To Use Internet Security Flaws; What You Can Do About It

image
Published: 24 Apr, 2014
Updated: 14 Oct, 2022
3 min read

President Obama decided earlier this month that when the National Security Agency discovers Internet security issues such as the recent Heartbleed, it should make the flaws public. However, he left some wiggle room for "national security and law enforcement need."

This exception is cause for concern, according to Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology.

"Each security flaw that the government does not disclose, but holds back for later use, is a flaw that could be fixed and make people and their data safer," he said. "It's not as if the NSA or FBI are the only ones looking for flaws like this. Other government intelligence services as well as organized criminals also spend a good deal of time and money finding flaws."

It's also unclear how much this policy will change things, given the broadness of the exception.

"This loophole is so enormous that the previous program would seem to meet it," Hall explained. "So, without further disclosure from the administration about the technical details, in writing, of this plan, it is not clear it is any different from the last one."

The current lack of disclosure was also highlighted by Rebecca Jeschke, Digital Rights Analyst for the Electronic Frontier Foundation.

"We should know the basics of policies and procedures so we can make sure that any program is fair and lawful," she said. "You can have that kind of transparency and still fulfill national security goals."

So what can Internet users do to protect their information? Hall suggested taking the following steps to stay safe while browsing:

  1. Always keep software up to date. No matter how much you hate updating software, it's crucial that you do so on a regular basis, lest the government or criminals use old unfixed flaws against you.
  2. Use a password manager. A password manager stores passwords, but also creates secure, random passwords.
  3. If you work in airports and cafes a lot, realize that the connection between your computer and the hotspot that is giving you Internet is not secure. So, if you're surfing to a non-encrypted site -- it will be http:// instead of https://... the "s" is for secure -- all the information you send to that site is viewable by the people around you if they know what they're doing (it's illegal, but that doesn't stop folks from snooping). You should us a Virtual Private Network (VPN) which is a piece of software you fire up in one of these "unsafe" network places. The software makes sure that anything you send on the unsafe network is encrypted and sent from a location other than where you're actually sitting.
  4. Finally, learn about and download the Tor Browser. Tor Browser is a web browser, built off of the popular Mozilla Firefox browser, that allows you to communicate anonymously online. It does this by 1) encrypting all your communications; but, also by 2) bouncing your traffic all over the world before sending it on to your destination -- like a pinball machine. This means that it's a bit slow, but it also means that unless you type "Hi, I'm Joe Hall!!1!" into a search engine, it's very difficult for people to identify you.

Jeschke suggested that to protect against bugs like Heartbleed, more website operators should use something called "perfect forward secrecy." While perfect forward secrecy can protect users in situations when a third party is monitoring their data, many browsers and servers still do not support it.

"All security breaches are different, and require different fixes," she said. "Transparency about security vulnerabilities is extremely important, so people can protect themselves adequately."

IVP Donate

And while the government may pass this kind of snooping off as necessary for security and law enforcement, it could be counterproductive in the long run, as Hall pointed out.

"The first step in having a safe digital society is making sure that the underlying infrastructure is as strong as it can be, and these unreported flaws are evidence that it is not yet strong enough," he said.

Photo Credit: NBC News

Latest articles

US map divided in blue and red with a white ballot box on top.
Could Maine Be the First State to Exit the National Popular Vote Compact?
On May 20, the Maine House of Representatives voted 76–71 to withdraw the state from the National Popular Vote Interstate Compact (NPVIC), reversing course just over a year after Maine became the 17th jurisdiction to join the agreement....
04 Jun, 2025
-
3 min read
New York City
Nine Democrats Face Off in NYC Mayoral Debate as Ranked Choice Voting, Cuomo Probe, and Independent Bid from Adams Reshape the Race
A crowded field of nine Democratic candidates will take the stage tonight, June 4, in the first official debate of the 2025 New York City mayoral primary. Held at NBC’s 30 Rock studios and co-sponsored by the city’s Campaign Finance Board, NBC 4 New York, Telemundo 47, and POLITICO New York, the debate comes at a pivotal moment in a race already shaped by political upheaval, criminal investigations, and the unique dynamics of ranked choice voting....
04 Jun, 2025
-
6 min read
Elderly woman sitting in wheelchair staring out window.
Three Reps Put Party Labels Aside to Strengthen U.S. Role in Global Fight Against Alzheimer’s
Two California members of Congress, Ami Bera, M.D. (D-CA-06) and Young Kim (R-CA-40), introduced a bill Wednesday with Republican Pennsylvania Rep. Brian Fitzpatrick aimed at bolstering the US's global role in the battle against Alzheimer’s disease. ...
04 Jun, 2025
-
3 min read