How the NSA (and Snowden) Make the Internet Less Secure

First, I don't want to blame the NSA. I blame policy makers. The NSA was given marching orders by policy makers (and decision makers probably gladly use the data the NSA provides), and if half of what has been revealed is true, the NSA may be the most productive government organization we have.

However, I see at least three ways the NSA's activities (and Snowden's) may have made the Internet less secure.

1. Active subversion.

There is evidence that the NSA weakened cryptography on the Internet by pushing a backdoor algorithm to be a national standard and then paying a major software supplier to make that backdoor the default algorithm used in many, many products. I wouldn't be surprised if there were a number of other examples of the NSA actively trying to weaken systems to make their primary mission of spying easier.

But even if you completely trust the NSA, such active subversion efforts can weaken your security. First, other attackers can find them. Second, security agencies have always had spy problems – Edward Snowden, Robert Hanssen, Aldrich Ames, Ana Belén Montes... We should not expect secret vulnerabilities to stay secret.

2. Passive subversion

The most recent accusation is that the NSA knew about and exploited the HeartBleed vulnerability for years. Even if this example isn't true, there is plenty of other evidence that the NSA knows about many vulnerabilities and have not told vendors about them. Again, they use this information to carry out their mission – spying.

Thus, the NSA knows we are vulnerable, but doesn't tell us. They let us remain vulnerable.

This might be one of the major reasons the NSA has pushed to be in charge of protecting the national infrastructure. They know vulnerabilities in the infrastructure that cannot be fixed because vendors don't know about them.

3. Inducement

I bet all governments looking at the Snowden revelations are jealous of the power the NSA gives the US Government. They may condemn the US, but they secretly want similar power for themselves.

Most major governments already had cyber operations. I bet most will be getting boosts in their budgets.

The NSA's activities might have removed any restraint, and Snowden lit the fire. I suspect the Snowden revelations have accelerated cyber spying activities world wide.