logo

NSA Allowed To Use Internet Security Flaws; What You Can Do About It

image
Created: 24 April, 2014
Updated: 14 October, 2022
3 min read

President Obama decided earlier this month that when the National Security Agency discovers Internet security issues such as the recent Heartbleed, it should make the flaws public. However, he left some wiggle room for "national security and law enforcement need."

This exception is cause for concern, according to Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology.

"Each security flaw that the government does not disclose, but holds back for later use, is a flaw that could be fixed and make people and their data safer," he said. "It's not as if the NSA or FBI are the only ones looking for flaws like this. Other government intelligence services as well as organized criminals also spend a good deal of time and money finding flaws."

It's also unclear how much this policy will change things, given the broadness of the exception.

"This loophole is so enormous that the previous program would seem to meet it," Hall explained. "So, without further disclosure from the administration about the technical details, in writing, of this plan, it is not clear it is any different from the last one."

The current lack of disclosure was also highlighted by Rebecca Jeschke, Digital Rights Analyst for the Electronic Frontier Foundation.

"We should know the basics of policies and procedures so we can make sure that any program is fair and lawful," she said. "You can have that kind of transparency and still fulfill national security goals."

So what can Internet users do to protect their information? Hall suggested taking the following steps to stay safe while browsing:

  1. Always keep software up to date. No matter how much you hate updating software, it's crucial that you do so on a regular basis, lest the government or criminals use old unfixed flaws against you.
  2. Use a password manager. A password manager stores passwords, but also creates secure, random passwords.
  3. If you work in airports and cafes a lot, realize that the connection between your computer and the hotspot that is giving you Internet is not secure. So, if you're surfing to a non-encrypted site -- it will be http:// instead of https://... the "s" is for secure -- all the information you send to that site is viewable by the people around you if they know what they're doing (it's illegal, but that doesn't stop folks from snooping). You should us a Virtual Private Network (VPN) which is a piece of software you fire up in one of these "unsafe" network places. The software makes sure that anything you send on the unsafe network is encrypted and sent from a location other than where you're actually sitting.
  4. Finally, learn about and download the Tor Browser. Tor Browser is a web browser, built off of the popular Mozilla Firefox browser, that allows you to communicate anonymously online. It does this by 1) encrypting all your communications; but, also by 2) bouncing your traffic all over the world before sending it on to your destination -- like a pinball machine. This means that it's a bit slow, but it also means that unless you type "Hi, I'm Joe Hall!!1!" into a search engine, it's very difficult for people to identify you.

Jeschke suggested that to protect against bugs like Heartbleed, more website operators should use something called "perfect forward secrecy." While perfect forward secrecy can protect users in situations when a third party is monitoring their data, many browsers and servers still do not support it.

"All security breaches are different, and require different fixes," she said. "Transparency about security vulnerabilities is extremely important, so people can protect themselves adequately."

IVP Existence Banner

And while the government may pass this kind of snooping off as necessary for security and law enforcement, it could be counterproductive in the long run, as Hall pointed out.

"The first step in having a safe digital society is making sure that the underlying infrastructure is as strong as it can be, and these unreported flaws are evidence that it is not yet strong enough," he said.

Photo Credit: NBC News

Latest articles

votes
Wyoming Purges Nearly 30% of Its Voters from Registration Rolls
It is not uncommon for a state to clean out its voter rolls every couple of years -- especially to r...
27 March, 2024
-
1 min read
ballot box
The Next Big Win in Better Election Reform Could Come Where Voters Least Expect
Idaho isn't a state that gets much attention when people talk about politics in the US. However, this could change in 2024 if Idahoans for Open Primaries and their allies are successful with their proposed initiative....
21 March, 2024
-
3 min read
Courts
Why Do We Accept Partisanship in Judicial Elections?
The AP headline reads, "Ohio primary: Open seat on state supreme court could flip partisan control." This immediately should raise a red flag for voters, and not because of who may benefit but over a question too often ignored....
19 March, 2024
-
9 min read
Nick Troiano
Virtual Discussion: The Primary Solution with Unite America's Nick Troiano
In the latest virtual discussion from Open Primaries, the group's president, John Opdycke, sat down ...
19 March, 2024
-
1 min read
Sinema
Sinema's Exit Could Be Bad News for Democrats -- Here's Why
To many, the 2024 presidential primary has been like the movie Titanic - overly long and ending in a disaster we all saw coming from the start. After months of campaigning and five televised primary debates, Americans are now faced with a rematch between two candidates polling shows a majority of them didn’t want....
19 March, 2024
-
7 min read