Obama fails to address NSA encryption-defeating methods, backdoors

The president's speech focuses more on a telephone records collection program than on the Internet, critics say

U.S. President Barack Obama failed to address the National Security Agency's reported efforts to weaken encryption standards and circumvent online encryption technologies in a speech Friday about surveillance reform.

Obama's decision not to mention the NSA's anti-encryption efforts and its attempts to exploit backdoors in networks and computers was a major omission, some tech groups said.

In December, the Obama-appointed Review Group on Intelligence and Communications Technology made several recommendations focused on supporting strong encryption and other Internet security measures, noted Greg Nojeim, director of the Center for Democracy and Technology's Project on Freedom, Security and Surveillance.

"The president didn't endorse any of them," Nojeim said.

The CDT published a score card Friday comparing Obama's recommendations to the review panel's.

The review group also recommended that the NSA, when it discovers security exploits, should share the vulnerabilities with developers. "The president didn't mention this recommendation at all, and that is troubling," Nojeim said.

"Obama missed an opportunity to speak to one of the biggest problems revealed in the surveillance disclosures," added Alex Fowler, global privacy and public policy leader at Mozilla.

A secure Internet is essential to protect free speech and privacy and for innovation and commerce, Fowler said by email. "For our government to work to undermine strong encryption, stockpile and maintain vulnerabilities, and promote backdoors in mainstream communications systems sacrifices individual and commercial security on the altar of intelligence gathering," he said.

The lack of a plan to address the NSA's anti-encryption efforts and its attempts to exploit backdoors will erode the confidence people have in the Internet, said Bob Hinden, chairman of the Internet Society's Board of Trustees. "You don't know who to trust," he said. "A lot more needs to be said about limiting that kind of surveillance to things that are necessary, and just not collecting it for collection's sake."

Obama's speech focused more on a telephone records collection program than on overseas Internet surveillance programs, Hinden said. NSA reforms need to recognize the negative effects that surveillance has had on the Internet, he said.

Obama's proposals took some positive steps "to restore confidence in how the U.S. government gathers intelligence and protects the privacy of individuals," said Daniel Castro, senior analyst with the Information Technology and Innovation Foundation, a tech-focused think tank. But the proposals didn't go far enough, he said in a statement.

Obama "should clearly and unequivocally state that the policy of the U.S. government is to strengthen, not weaken, cybersecurity and renounce the practice of having intelligence agencies work to introduce back doors and other vulnerabilities into commercial products," he said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags Bob HindenInformation Technology and Innovation FoundationAlex FowlerU.S. National Security AgencyBarack ObamainternetprivacyDaniel CastromozillaintrusionsecurityCenter for Democracy and TechnologyInternet SocietygovernmentGreg Nojeim

More about CDTIDGMozillaNational Security AgencyNSATechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place