14 DAY TRIAL // The United States government has been dragging its feet on reforming the NSA in the past year. Many promises have been made, and even more have been forgotten in this period of time.
Even the reforms that were introduced in the elapsed time are half-hearted attempts at reining in the NSA’s powers, while the really powerful bills are stripped down to a bare minimum inside Congress, leaving behind just a shell of what they once were.
The researchers from the Open Technology Institute advise the US government to start taking steps to address the broader concern that the NSA’s programs are impacting the economy, foreign relations and cybersecurity.
First off, the privacy protections for both Americans and non-Americans need to be strengthened both inside and outside the US. Increased transparency is also ideal around government surveillance, while recommitting to the Internet Freedom agenda in a way that addresses the issues raised by the NSA surveillance might also be a good idea.
The US government is advised to start trying to restore trust in cryptography standards through the National Institute of Standards and Technology.
NIST was in the middle of a large scandal after it was revealed that one of the promoted random number generators made by the NSA was actually sporting a convenient backdoor that would enable the intelligence agency to easily decrypt all communications passed through software using this particular RNG.
The study also indicates that it may be a good idea to make sure that the US government doesn’t undermine cybersecurity by inserting anymore surveillance backdoors into hardware or software products, as it has been accused of in the past.
It would also be advisable for the government institutions to start trying to eliminate security vulnerabilities in software, rather than stockpile them. This suggestion is, of course, directly linked to the Hearbleed OpenSSL vulnerability.
While the NSA has denied having prior knowledge of Heartbleed, the White House did admit that the policy allowed the NSA to keep onto some vulnerabilities it discovered if their fixing wasn’t beneficial to the agency. Basically, if the agency could obtain something from exploiting the issue, the reporting would be delayed.
New policies need to be developed as well, detailing whether, when and under what legal standards it is possible for the government to secretly install malware on a computer or a network.
Separating NSA’s offensive and defensive functions in order to minimize conflicts of interest is also on the list of suggestions.