When it comes to intelligence officials, past or present, it seems much safer to assume that they are not acting in national interests than to assume otherwise. It doesn’t matter which nation or which agency, the business of intelligence is deception.
There is an inherent conflict between the declared need of such agencies to operate in secrecy and the need to provide those operations with the oversight they require in order to prevent the abuse of power.
After the latest revelations about the CIA’s torture programs and NSA operations which undermine the security of the internet, are we not already far past the point where it must be faced that the U.S. intelligence community has systemic flaws? These should not just be patched over. It’s time to ask fundamental questions about the function of the intelligence agencies.
Bloomberg reports: The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.
The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.
Heartbleed appears to be one of the biggest glitches in the Internet’s history, a flaw in the basic security of as many as two-thirds of the world’s websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. to Juniper Networks Inc. to provide patches for their systems.
Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.
“It flies in the face of the agency’s comments that defense comes first,” said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer. “They are going to be completely shredded by the computer security community for this.” [Continue reading…]
Update — DNI states: NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report. Reports that say otherwise are wrong.
The problem for the DNI, NSA, CIA, and the rest of the intelligence community, is that they can’t restore trust simply by issuing statements or through cosmetic reform. It’s no good saying, we wouldn’t do something like that, when we already know they already have.