Transcript
DDI Backdoors - Gaurav
Notes
Encryption Back Doors
Encryption cracking refers to literally figuring out the codes being used to conduct the exchange in order to intercept the exchanged communication.
Another way to access the communication is to have a “back door” security code that would enable a third party to access the communication. At least in the past, at least the providers of the keys have been able to access the communication by retaining a back door.
Stanford Computer Science Project, no date, “The Ethics (or not) of government surveillance,” http://cs.stanford.edu/people/eroberts/cs201/projects/ethics-of-surveillance/tech_encryptionbackdoors.html DOA: 3-22-15
A "backdoor" in computing is a method of bypassing the normal method of authentication. Backdoors are usually inserted into a program or algorithm before it is distributed widely. They are often hidden in part of the design of the program or algorithm. In cryptography specifically, a backdoor would allow an intruder to access the encrypted information without having the correct credentials. The backdoor would either a) allow the intruder to guess the access key based on the context of the message or b) allow the intruder to present a skeleton key that will always grant him access.
Now the companies that provide the communications services, such as Yahoo and Apple, do not even have access to these back doors, making it impossible for them to provide it to anyone, including the government.
Philip Swartz, Washington Times October 17, 2014, FBI claims 'dark' smartphone technology could hinder good guys, http://www.washingtontimes.com/news/2014/oct/16/fbi-claims-dark-smartphone-technology-could-hinder/?page=all DOA: 3-21-15
Technological data are becoming so encrypted that law enforcement agents are now having difficulty legally obtaining the information they need to catch criminals, the head of the FBI warned Thursday. "Some believe that law enforcement, especially the FBI, has the ability to access phenomenal information at any time. That is the product of too much television," said FBI Director James Comey. "Even with lawful authority, the 'going dark' problem is we may not be able to access the information and the data that we need," he said. Mr. Comey said he is increasingly worried that encryption technology prominently featured in the latest generations of smart phones will leave the user's information inaccessible to outside parties - even law enforcement personnel with a legitimate search warrant.
Gaurav Varma
Background
Private companies are making their encryption systems more accessible
The Observer (England), June 8, 2014, John Naughton: Even a password on steroids won't keep the spies out, The Observer (England), June 8, 2014, John Naughton: Even a password on steroids won't keep the spies out, http://www.4-traders.com/GOOGLE-INC-C-16118013/news/GOOGLE-C--John-Naughton-Even-a-password-on-steroids-wont-keep-the-spies-out-18559223/ DOA: 3-22-15
The technology that Google will use is public key encryption, and it's been around for a long time and publicly available ever since 1991, when Phil Zimmermann created PGP (which stands for pretty good privacy). From then on, anyone who really wanted to communicate securely could have used PGP. The problem was (and is) that it's technically fiddly and you have to know what you're doing. And the persons with whom you wish to communicate securely also need to know what they're doing, and have PGP software installed at their end. Public key encryption is one of the great inventions of the 20th century. At its heart is a simple idea - that while it's trivially easy to multiply two very large numbers together, it's computationally very difficult to factorise the resulting product - ie to deduce what the original two numbers were. Each user has two large numbers, which serve as keys - one kept private, and the other made publicly available to anyone who wishes to communicate with him or her. PGP is terrific, but user-friendly it ain't, which is why most internet users balked at deploying it. The result was that the world's electronic communications flowed back and forth on media that were about as confidential as seaside postcards, thereby making it trivially easy for snoopers, both official and unofficial, to do their dastardly work. Google's plan is to make PGP user-friendly by incorporating it as an extension in its Chrome browser so that encryption (and decryption) are never more than a click or two away.
The government has been engaging in encryption cracking to gain access to the keys necessary to continue its surveillance
John Naughton, March 8, 2015, The Guardian, Don't trust your phone, don't trust your laptop - this is the reality that Snowden has shown us;
Edward Snowden's astute revelations show that no electronic communications device - from hard disks to sim cards - is trustworthy, http://www.theguardian.com/commentisfree/2015/mar/08/edward-snowden-trust-phone-laptop-sim-cards DOA: 3-20-15
But a few recent revelations suggest that we may now be getting down to bedrock. Two concern the consummate hacking capabilities of the NSA and its overseas franchises. The first - which came not from Snowden but from Kaspersky, a computer security firm - showed that for at least 14 years a unit in the NSA had succeeded in infecting the firmware that controls hard disk drives with malicious software that is able to persist even through reformatting of the disks. Firmware is computer code embedded in a read-only silicon chip. It's what transforms a disk from a paperweight into a storage device. The hack is significant: the Kaspersky researchers who uncovered this said its ability to subvert hard-drive firmware "surpasses anything else" they had ever seen. Being able to compromise firmware gives an attacker total control of the system in a way that is stealthy and lasting, even through software updates. Which means that the unsuspecting victim can never get rid of it. If you think this has nothing to do with you, the compromised drives were manufactured by most of the leading companies in the disk-drive business, including Western Digital, Seagate, Toshiba, IBM, Micron and Samsung. Check your laptop specifications to see which one of these companies made the drive. The second revelation, last month, came from a GCHQ presentation provided by Snowden and reported in online publication the Intercept. Documents showed that a joint NSA/GCHQ team had hacked into the internal computer network of Gemalto, the world's largest manufacturer of sim cards, stealing, in the process, encryption keys used to protect the privacy of mobile communications internationally.
Development
This aff eliminates backdoor requirements but should also eliminate encryption cracking by the NSA--- solves for circumvention cases
1AC—Case
1AC—Plan Texts
3 possible plans
The United States federal government should provide warrants to companies to install encryption back doors.
Ron Wyden, December 18, 2014, Wyden, D-Ore., is a member of the Senate Intelligence Committee, Best defense against massive data theft, With hackers running rampant, why would we poke holes in data security? http://www.latimes.com/opinion/op-ed/la-oe-1215-wyden-backdoor-for-cell-phones-20141215-story.html DOA: 3-21-15)//GV
Hardly a week goes by without a new report of some massive data theft that has put financial information, trade secrets or government records into the hands of computer hackers. The best defense against these attacks is clear: strong data encryption and more secure technology systems. The leaders of U.S. intelligence agencies hold a different view. Most prominently, James Comey, the FBI director, is lobbying Congress to require that electronics manufacturers create intentional security holes - so-called back doors - that would enable the government to access data on every American's cellphone and computer, even if it is protected by strong encryption. Unfortunately, there are no magic keys that can be used only by good guys for legitimate reasons. There is only strong security or weak security. Americans are demanding strong security for their personal data. Comey and others are suggesting that security features shouldn't be too strong, because this could interfere with surveillance conducted for law enforcement or intelligence purposes. The problem with this logic is that building a back door into every cellphone, tablet, or laptop means deliberately creating weaknesses that hackers and foreign governments can exploit. Mandating back doors also removes the incentive for companies to develop more secure products at the time people need them most; if you're building a wall with a hole in it, how much are you going invest in locks and barbed wire? What these officials are proposing would be bad for personal data security and bad for business and must be opposed by Congress.
The United States Supreme Court should overrule the ACE vs FCC decision on the grounds of the 4th amendment.
The United States federal government should bar itself from requiring software makers to insert built-in backdoors to bypass encryption.
New York Times Editorial Board, September 21, 2013, “Close the NSA’s Back Doors,” http://www.nytimes.com/2013/09/22/opinion/sunday/close-the-nsas-back-doors.html?_r=1&
Representative Rush Holt, Democrat of New Jersey, has introduced a bill that would, among other provisions, bar the government from requiring software makers to insert built-in ways to bypass encryption. It deserves full Congressional support. In the meantime, several Internet companies, including Google and Facebook, are building encryption systems that will be much more difficult for the N.S.A. to penetrate, forced to assure their customers that they are not a secret partner with the dark side of their own government.
1AC—Inherency
The NSA is permitted to crack encryption in the status quo
David Sanger, April 12, 2014, Obama lets N.S.A. exploit online security flaws, officials say, http://www.nytimes.com/2014/04/13/us/politics/obama-lets-nsa-exploit-some-internet-flaws-officials-say.html DOA: 3-21-15
Stepping into a heated debate within the United States intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should - in most circumstances - reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said over the weekend. But Mr. Obama carved a broad exception for ''a clear national security or law enforcement need,'' the officials said on Saturday, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design cyberweapons. The White House has never publicly detailed Mr. Obama's decision, which he made in January as he began a three-month review of recommendations by a presidential advisory committee on what to do in response to recent disclosures about the National Security Agency. But elements of the decision became evident on Friday, when the White House denied that it had any prior knowledge of the Heartbleed bug, a newly known hole in Internet security that sent Americans scrambling last week to change their online passwords. The White House statement said that when such flaws are discovered, there is now a ''bias'' in the government to share that knowledge with computer and software manufacturers so a remedy can be created and distributed to industry and consumers.
NSA hacking the networks of leading companies to break encryption
John Naughton, March 8, 2015, The Guardian, Don't trust your phone, don't trust your laptop - this is the reality that Snowden has shown us; Edward Snowden's astute revelations show that no electronic communications device - from hard disks to sim cards - is trustworthy, http://www.theguardian.com/commentisfree/2015/mar/08/edward-snowden-trust-phone-laptop-sim-cards DOA: 3-20-15
But a few recent revelations suggest that we may now be getting down to bedrock. Two concern the consummate hacking capabilities of the NSA and its overseas franchises. The first - which came not from Snowden but from Kaspersky, a computer security firm - showed that for at least 14 years a unit in the NSA had succeeded in infecting the firmware that controls hard disk drives with malicious software that is able to persist even through reformatting of the disks. Firmware is computer code embedded in a read-only silicon chip. It's what transforms a disk from a paperweight into a storage device. The hack is significant: the Kaspersky researchers who uncovered this said its ability to subvert hard-drive firmware "surpasses anything else" they had ever seen. Being able to compromise firmware gives an attacker total control of the system in a way that is stealthy and lasting, even through software updates. Which means that the unsuspecting victim can never get rid of it. If you think this has nothing to do with you, the compromised drives were manufactured by most of the leading companies in the disk-drive business, including Western Digital, Seagate, Toshiba, IBM, Micron and Samsung. Check your laptop specifications to see which one of these companies made the drive. The second revelation, last month, came from a GCHQ presentation provided by Snowden and reported in online publication the Intercept. Documents showed that a joint NSA/GCHQ team had hacked into the internal computer network of Gemalto, the world's largest manufacturer of sim cards, stealing, in the process, encryption keys used to protect the privacy of mobile communications internationally.
NSA has been working on the Bullrun program to crack encryption
David Sanger, April 12, 2014, Obama lets N.S.A. exploit online security flaws, officials say, http://www.nytimes.com/2014/04/13/us/politics/obama-lets-nsa-exploit-some-internet-flaws-officials-say.html DOA: 3-21-15
At the center of that technology are the kinds of hidden gaps in the Internet - almost always created by mistake or oversight - that Heartbleed created. There is no evidence that the N.S.A. had any role in creating Heartbleed, or even that it made use of it. When the White House denied prior knowledge of Heartbleed on Friday afternoon, it appeared to be the first time that the N.S.A. had ever said whether a particular flaw in the Internet was - or was not - in the secret library it keeps at Fort Meade, Md., the headquarters of the agency and Cyber Command. But documents released by Edward J. Snowden, the former N.S.A. contractor, make it clear that two years before Heartbleed became known, the N.S.A. was looking at ways to accomplish exactly what the flaw did by accident. A program code-named Bullrun was part of an effort to crack or circumvent encryption on the web.
Government can crack encryption now
Bloomberg, October 2, 2014, Apple's encryption will slow not stop snooping by cops and spies, http://www.bloomberg.com/news/articles/2014-10-02/apple-s-encryption-will-slow-not-stop-cops-and-spies DOA: 3-20-15
Those assertions "are wildly exaggerated" because police can still obtain evidence through traditional court warrants while revelations about government spying show the National Security Agency (NSA) can break or bypass encryption for terrorism investigations, said Jonathan Turley, a constitutional-law professor at The George Washington University Law School. "Citizens should not assume that these encryption devices will necessarily prevent government from intercepting communications," Turley said in a phone interview. "If history is any guide, the government will find a way to penetrate these devices."
NSA engages in encryption cracking to spy on Americans
Activist Post, September 7, 2013, http://endthelie.com/2013/09/06/nsa-and-gchq-crack-encryption-covertly-influence-companies-consider-ordinary-americans-adversaries/
NSA and GCHQ crack encryption; consider ordinary Americans 'adversaries', NSA and GCHQ crack encryption; consider ordinary Americans 'adversaries' The campaign waged by the National Security Agency (NSA) and the UK's Government Communications Headquarters (GCHQ) to undermine all Internet privacy and security goes far beyond even what was previously revealed. In the latest top secret documents revealed by Edward Snowden, it is also revealed that the agencies consider ordinary citizens 'adversaries.' Some of the most noteworthy aspects of the latest documents, reported on by The Guardian, Pro Publica and The New York Times include: This year alone, $254.9 million was allocated to a program that 'actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs.' The companies involved in this program are unknown. Previously, tech giants issued cleverly worded denials when confronted with the reports on the PRISM program. A 10-year-old NSA program aimed at breaking encryption technologies had a major breakthrough in 2010 when 'vast amounts' of data collected through dragnet taps on the world's fiber-optic cables became newly 'exploitable.' An internal memo noted that when British analysts were made aware of the NSA's program, 'Those not already briefed were gobsmacked!' The NSA's capability to break encryption is kept under a thick veil of secrecy. 'Do not ask about or speculate on sources or methods,' stated one document aimed at analysts. Strong decryption programs are described by the NSA as 'price of admission for the US to maintain unrestricted access to and use of cyberspace.' Some of these programs involve brute-force cracking, others involve direct collaboration with technology companies and internet service providers. The Office of the Director of National Intelligence responded on Friday, claiming that the U.S. intelligence community would be failing at their job if they didn't seek to crack encryption. 'It should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries' use of encryption,' the response states. However, the document clearly refers to the general consumer as an adversary. 'These design changes make the systems in question exploitable through Sigint [signals intelligence] collection [...] with foreknowledge of the modification,' the document states. 'To the consumer and other adversaries, however, the systems' security remains intact.'
NSA Engaging in Encryption Cracking
Business Insider, 10-14, 13, http://www.businessinsider.com/nsa-snowden-hackers-3-22-15
At a recent conference in Aspen, NSA Chief Keith Alexander said about tracking terrorist activities on the web, "you need the haystack to find the needle."¶ Well, despite the rather obvious fact that the NSA has access to the haystack — a euphemism for all web communications — it still relies on hackers to find the needle.¶ That's because the web is largely still encrypted.¶ Recent stories have indicated that the NSA has pulled out all stops to degrade encryption — putting plants in the right positions in the tech industry, coercing companies to insert backdoors in software and hardware, etc.¶ The NSA takes those routes because brute force attacks on encryption — with the NSA's super computers guessing umpteen passwords a millisecond — simply cannot keep up with current encryption technology.¶ Even Edward Snowden said encryption still works.¶ So the NSA has constructed an elite group of hackers to attack target computers — what they call "end point" exploitation — prior to communications entering the encrypted ether of the Internet.¶ Matthew M. Aid of Foreign Policy writes that despite the massive collection capabilities of the NSA, its secretive hacking sub-unit — called TAO, Tailored Access Operations — is the ultimate force to be reckoned with in the cyber-espionage landscape.¶ Even its name — Tailored Access — implies a reliance on software exploitation. From Foreign Policy:¶ According to sources familiar with the organization's operations, TAO has been enormously successful over the past 12 years in covertly inserting highly sophisticated spyware into the hard drives of over 80,000 computer systems around the world, although this number could be much higher.¶ The NSA's reliance on these elite hackers explains why the agency makes regular appearances at hacking conferences like DefCon and BlackHat.¶ There is simply no substitute for exploiting a target's computer in order to intercept all communications prior to those communications leaving the computer and becoming encrypted.¶ It's the cyber equivalent of the 1960s police tactic of bugging a suspect's rotary phone — they get the info right at the source.¶ Aid reports that the NSA also often pays outside services — what we've taken to referring to as "hacker mercenaries" — to provide these software exploits (known as "Zero Day Exploits," since no one knows they exist yet).¶ Since the Snowden disclosures, Aid notes, many of TAO's targets have updated their software, so the NSA's listening capability is going dark.¶ Nonetheless, every software has an exploit waiting to be found, and TAO has proven incredibly capable of finding them.
Wired, 3-15, 13, http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/
But “this is more than just a data center,” says one senior intelligence official who until recently was involved with the program. The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes. And code-breaking is crucial, because much of the data that the center will handle—financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications—will be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”¶ For the NSA, overflowing with tens of billions of dollars in post-9/11 budget awards, the cryptanalysis breakthrough came at a time of explosive growth, in size as well as in power. Established as an arm of the Department of Defense following Pearl Harbor, with the primary purpose of preventing another surprise assault, the NSA suffered a series of humiliations in the post-Cold War years. Caught offguard by an escalating series of terrorist attacks—the first World Trade Center bombing, the blowing up of US embassies in East Africa, the attack on the USS Cole in Yemen, and finally the devastation of 9/11—some began questioning the agency’s very reason for being. In response, the NSA has quietly been reborn. And while there is little indication that its actual effectiveness has improved—after all, despite numerous pieces of evidence and intelligence-gathering opportunities, it missed the near-disastrous attempted attacks by the underwear bomber on a flight to Detroit in 2009 and by the car bomber in Times Square in 2010—there is no doubt that it has transformed itself into the largest, most covert, and potentially most intrusive intelligence agency ever created.
NSA cracks most encryption
Arab News, September 7, 2013 NSA cracked most online encryption, http://news.yahoo.com/report-nsa-cracked-most-online-encryption-075457559--politics.html)//GV
The National Security Agency, working with the British government, has secretly been unraveling encryption technology that billions of Internet users rely upon to keep their electronic messages and confidential data safe from prying eyes, according to published reports based on internal US government documents. The NSA has bypassed or cracked much of the digital encryption used by businesses and everyday Web users, according to reports Thursday in The New York Times, Britain's Guardian newspaper and the nonprofit news website ProPublica. The reports describe how the NSA invested billions of dollars since 2000 to make nearly everyone's secrets available for government consumption. In doing so, the NSA built powerful supercomputers to break encryption codes and partnered with unnamed technology companies to insert "back doors" into their software, the reports said. Such a practice would give the government access to users' digital information before it was encrypted and sent over the Internet.
NSA cracking encryption
The International Herald Tribune, September 7, 2013, N.S.A. foils encryption protection around globe; Experts say the U.S. hunt for 'back doors' may have serious consequences, p. 4)//GV
The United States faced new pressure on Friday to justify its vast electronic surveillance programs following the disclosure that the National Security Agency is using supercomputers, technical trickery, court orders and persuasion to undermine the tools protecting everyday communications in the Internet age. According to newly disclosed documents, the agency has circumvented or cracked much of the encryption that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and secures the e-mails, Web searches, Internet chats and phone calls made from around the world. Many users assume - or have been assured by Internet companies - that their data is safe from prying eyes, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor. Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own ''back door'' in all encryption, it set out to accomplish the same goal by stealth. The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated. The N.S.A. hacked into target computers to snare messages before they were encrypted. And the agency used its influence as the world's most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world. ''For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,'' said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. ''Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.'' Representative Rush D. Holt Jr., a Democrat from New Jersey who is also a physicist, said Friday that he believed the N.S.A. was overreaching and could hurt American interests. ''We pay them to spy,'' Mr. Holt said. ''But if in the process they degrade the security of the encryption we all use, it's a net national disservice.'' Mr. Holt proposed legislation that would prohibit the N.S.A. from installing so-called back doors into encryption. Marc Rotenberg, executive director of the Electronic Privacy Information Center, a civil liberties group in Washington, said the dilemma posed by the N.S.A.'s efforts against encryption begin with its dual role: eavesdropping on foreign communications while protecting American communications. ''Invariably the two missions collide,'' he said. ''We don't dispute that their ability to capture foreign intelligence is quite important. The question is whether their pursuit of that mission threatens to undermine the security and privacy of Internet communications.'' An intelligence budget document makes clear that the effort to defeat encryption technology is still going strong. ''We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,'' the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year. The N.S.A.'s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans' e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features. The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission. If it cannot decipher the messages of foreign adversaries, the United States will be at serious risk, agency officials say. Some experts say the N.S.A.'s campaign to bypass and weaken communications security may have serious unintended consequences. They say the agency is working at cross-purposes with its other major mission, apart from eavesdropping: ensuring the security of U.S. communications. Some of the agency's most intensive efforts have focused on the encryption in universal use in the United States, including the protection used on smartphones. Many Americans rely on such protection every time they send an e-mail or buy something online. For at least three years, one document says, GCHQ of Britain, almost certainly in close collaboration with the N.S.A., has been looking for ways into protected traffic of the most popular Internet companies: Google, Yahoo, Facebook and Microsoft's Hotmail. By 2012, GCHQ had developed ''new access opportunities'' into Google's systems, according to the document. ''The risk is that when you build a back door into systems, you're not the only one to exploit it,'' said Matthew D. Green, a cryptography researcher at Johns Hopkins University. ''Those back doors could work against U.S. communications, too.'' Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip. ''And they went and did it anyway, without telling anyone,'' Mr. Kocher said. He said he understood the agency's mission but was concerned about the danger of allowing it unbridled access to private information. ''The intelligence community has worried about 'going dark' forever, but today they are conducting instant, total invasion of privacy with limited effort,'' he said. ''This is the golden age of spying.'' The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus primarily on GCHQ but include thousands either from or about the N.S.A. Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryptionor communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others. The full extent of the N.S.A.'s decoding capabilities is known only to a limited group of top analysts. The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian's Web site in June. ''Properly implemented strong crypto systems are one of the few things that you can rely on,'' he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the otherand grabbing text before it is encrypted or after it is decrypted. The agency's success depends on working with Internet companies - by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware. According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which ''actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs'' to make them ''exploitable.'' Sigint is the abbreviation for signals intelligence, the technical term for electronic eavesdropping. By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chip-makers to insert back doors or by surreptitiously exploiting existing security flaws, according to the documents. The 2013 N.S.A. budget request highlights ''partnerships with major telecommunications carriers to shape the global network to benefit other collection accesses'' - that is, to allow more eavesdropping. Since Mr. Snowden's disclosures ignited criticism of overreach and privacy infringements by the N.S.A., U.S. technology companies have faced scrutiny from customers and the public over what some see as too cozy a relationship with the government. In response, some companies have begun to push back against what they describe as government bullying. Google, Yahoo and Facebook have pressed for permission to reveal more about the government's secret requests for cooperation. One small e-mail encryption company, Lavabit, shut down rather than comply with the agency's demands for what it considered confidential customer information; another, Silent Circle, ended its e-mail service rather than face similar demands. In effect, facing the N.S.A.'s relentless advance, the companies surrendered.
NSA continues to exploit software vulnerabilities for spying purposes
Joseph Menn, Reuters, May 16, 2014, “Obama’s spying reforms fail to satisfy experts,” http://www.reuters.com/article/2014/05/16/us-cyber-summit-reforms-idUSBREA4F0MX20140516
(Reuters) - Obama administration actions to change some of the National Security Agency's surveillance practices after the leaks of classified documents by contractor Edward Snowden are falling short of what many private cyber experts want. Top government experts told the Reuters Cybersecurity Summit this week they would be more transparent about spying activity. Non-government guests, however, said the administration was not doing enough to advance Internet security. For instance, last December a White House review commission called for a drastic reduction in the NSA's practice of keeping secret the software vulnerabilities it learns about and then exploiting them for spying purposes. White House cybersecurity advisor Michael Daniel said at the conference that he would chair the interagency group charged with weighing each newly discovered software flaw and deciding whether to keep it secret or warn the software maker about it. "The policy has been in place for a number of years, but it was not as active as we decided that it should be," Daniel said. Now, he said, "there is a process, there is rigor in that process, and the bias is very heavily tilted toward disclosure." Commission member Peter Swire told the summit he was pleased by the formal process for debating vulnerability use, but others said there were too many loopholes. In an April 28 White House blog post, Daniel wrote that the factors the interagency group would consider included the likelihood that the vulnerability would be discovered by others and how pressing was the need for intelligence. "That is the loophole that swallows the entire policy, because there's always going to be an important national security or law enforcement purpose," Chris Soghoian, a technology policy analyst with the American Civil Liberties Union said at the summit. Some security experts active in the market for trading software flaws said they had seen no sign that U.S. purchases were declining. "There's been no change in the market at all as far as we can see," said Adriel Desautels, chief executive of Netragard Inc, which buys and sells programs taking advantage of undisclosed flaws.
NSA trying to crack encryption
Der Spiegel, December 28, 2014, Inside the NSA’s War on Internet Security, http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html DOA: 12-28-14
It's a suggestion unlikely to please some intelligence agencies. After all, the Five Eyes alliance -- the secret services of Britain, Canada, Australia, New Zealand and the United States -- pursue a clear goal: removing the encryption of others on the Internet wherever possible. In 2013, the NSA had a budget of more than $10 billion. According to the US intelligence budget for 2013, the money allocated for the NSA department called Cryptanalysis and Exploitation Services (CES) alone was $34.3 million.
NSA working to weaken encryption
Der Spiegel, December 28, 2014, Inside the NSA’s War on Internet Security, http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html DOA: 12-28-14
But how do the Five-Eyes agencies manage to break all these encryption standards and systems? The short answer is: They use every means available. One method is consciously weakening the cryptographic standards that are used to implement the respective systems. Documents seen by SPIEGEL show that NSA agents travel to the meetings of the Internet Engineering Task Force (IETF), an organization that develops such standards, to gather information but presumably also to influence the discussions there. "New session policy extensions may improve our ability to passively target two sided communications," says a brief write-up of an IETF meeting in San Diego on an NSA-internal Wiki. This process of weakening encryption standards has been going on for some time. A classification guide, a document that explains how to classify certain types of secret information, labels "the fact that NSA/CSS makes cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make them exploitable" as Top Secret. Cryptographic systems actively weakened this way or faulty to begin with are then exploited using supercomputers. The NSA maintains a system called Longhaul, an "end-to-end attack orchestration and key recovery service for Data Network Cipher and Data Network Session Cipher traffic." Basically, Longhaul is the place where the NSA looks for ways to break encryption. According to an NSA document, it uses facilities at the Tordella Supercomputer Building at Fort Meade, Maryland, and Oak Ridge Data Center in Oak Ridge, Tennessee. It can pass decrypted data to systems such as Turmoil -- a part of the secret network the NSA operates throughout the world, used to siphon off data. The cover term for the development of these capabilities is Valientsurf. A similar program called Gallantwave is meant to "break tunnel and session ciphers." In other cases, the spies use their infrastructure to steal cryptographic keys from the configuration files found on Internet routers. A repository called Discoroute contains "router configuration data from passive and active collection" one document states. Active here means hacking or otherwise infiltrating computers, passive refers to collecting data flowing through the Internet with secret NSA-operated computers. An important part of the Five Eyes' efforts to break encryption on the Internet is the gathering of vast amounts of data. For example, they collect so-called SSL handshakes -- that is, the first exchanges between two computers beginning an SSL connection. A combination of metadata about the connections and metadata from the encryption protocols then help to break the keys which in turn allow reading or recording the now decrypted traffic. If all else fails, the NSA and its allies resort to brute force: They hack their target's computers or Internet routers to get to the secret encryption -- or they intercept computers on the way to their targets, open them and insert spy gear before they even reach their destination, a process they call interdiction.
1AC—Economy Advantage
Advantage __ is the economy—___ internal links
*side note-internal link 5 is crappy
1st is consumer distrust—
NSA backdoors create consumer distrust with international businesses--- It undercuts global connectivity and spills over internationally
Trevor Timm 15, Trevor Timm is a Guardian US columnist and executive director of the Freedom of the Press Foundation, a non-profit that supports and defends journalism dedicated to transparency and accountability. 3-4-2015, "Building backdoors into encryption isn't only bad for China, Mr President," Guardian, http://www.theguardian.com/commentisfree/2015/mar/04/backdoors-encryption-china-apple-google-nsa)//GV
Want to know why forcing tech companies to build backdoors into encryption is a terrible idea? Look no further than President Obama’s stark criticism of China’s plan to do exactly that on Tuesday. If only he would tell the FBI and NSA the same thing. In a stunningly short-sighted move, the FBI - and more recently the NSA - have been pushing for a new US law that would force tech companies like Apple and Google to hand over the encryption keys or build backdoors into their products and tools so the government would always have access to our communications. It was only a matter of time before other governments jumped on the bandwagon, and China wasted no time in demanding the same from tech companies a few weeks ago. As President Obama himself described to Reuters, China has proposed an expansive new “anti-terrorism” bill that “would essentially force all foreign companies, including US companies, to turn over to the Chinese government mechanisms where they can snoop and keep track of all the users of those services.” Obama continued: “Those kinds of restrictive practices I think would ironically hurt the Chinese economy over the long term because I don’t think there is any US or European firm, any international firm, that could credibly get away with that wholesale turning over of data, personal data, over to a government.” Bravo! Of course these are the exact arguments for why it would be a disaster for US government to force tech companies to do the same. (Somehow Obama left that part out.) As Yahoo’s top security executive Alex Stamos told NSA director Mike Rogers in a public confrontation last week, building backdoors into encryption is like “drilling a hole into a windshield.” Even if it’s technically possible to produce the flaw - and we, for some reason, trust the US government never to abuse it - other countries will inevitably demand access for themselves. Companies will no longer be in a position to say no, and even if they did, intelligence services would find the backdoor unilaterally - or just steal the keys outright. For an example on how this works, look no further than last week’s Snowden revelation that the UK’s intelligence service and the NSA stole the encryption keys for millions of Sim cards used by many of the world’s most popular cell phone providers. It’s happened many times before too. Security expert Bruce Schneier has documented with numerous examples, “Back-door access built for the good guys is routinely used by the bad guys.” Stamos repeatedly (and commendably) pushed the NSA director for an answer on what happens when China or Russia also demand backdoors from tech companies, but Rogers didn’t have an answer prepared at all. He just kept repeating “I think we can work through this”. As Stamos insinuated, maybe Rogers should ask his own staff why we actually can’t work through this, because virtually every technologist agrees backdoors just cannot be secure in practice. (If you want to further understand the details behind the encryption vs. backdoor debate and how what the NSA director is asking for is quite literally impossible, read this excellent piece by surveillance expert Julian Sanchez.) It’s downright bizarre that the US government has been warning of the grave cybersecurity risks the country faces while, at the very same time, arguing that we should pass a law that would weaken cybersecurity and put every single citizen at more risk of having their private information stolen by criminals, foreign governments, and our own. Forcing backdoors will also be disastrous for the US economy as it would be for China’s. US tech companies - which already have suffered billions of dollars of losses overseas because of consumer distrust over their relationships with the NSA - would lose all credibility with users around the world if the FBI and NSA succeed with their plan. The White House is supposedly coming out with an official policy on encryption sometime this month, according to the New York Times – but the President can save himself a lot of time and just apply his comments about China to the US government. If he knows backdoors in encryption are bad for cybersecurity, privacy, and the economy, why is there even a debate?
International business linkages are the lynchpins for markets, jobs, FDI, trade, and overall growth
Area Development December, 2012, "Participation in the Global Economy Keeps U.S. Economy Growing," Area Development, http://www.areadevelopment.com/BusinessGlobalization/December2012/global-participation-grows-US-economy-1259168.shtml)//GV
A study recently released by The Business Roundtable and the United States Council for International Business comes to the conclusion that the success of U.S. companies in the global economy directly relates to economic growth and job creation here at home. Authored by Matthew Slaughter, Ph.D., of the Tuck School of Business at Dartmouth, “American Companies and Global Supply Networks: Driving U.S. Economic Growth and Jobs by Connecting with the World,” shows how globally engaged U.S. companies, their international operations, and supply networks are linked to U.S. economic growth and employment. “Despite ongoing economic uncertainties, this study underscores the fact that millions of good American jobs are created when companies engage in growing global markets via international trade and investment,” Slaughter says. “The benefits of global engagement impact all levels of our economy, not just those companies engaged in international commerce.” The study, which profiled Dow Chemical Co., Coca-Cola Co., ExxonMobil, FedEx Corp., IBM, Procter & Gamble, and Siemens, comes to the following conclusions: (1) globally engaged U.S. companies are the driving force in U.S. capital investment, R&D, and international trade, which in turn foster U.S. economic growth and the creation of well-paying jobs; (2) in order to access new customers and innovative ideas and continue to grow, these companies must participate in the global economy; and (3) global growth supports further hiring, investment, and R&D at these companies’ U.S. facilities, while also creating jobs at other U.S. companies, often small- and medium-sized, within their global supply chains. “The success of globally engaged U.S. companies has a direct and very positive impact on Main Street USA,” says John Engler, president of Business Roundtable. “To encourage and enable our companies to seek new markets and succeed anywhere in the world, we need tax, trade, and investment policies that reflect today’s competitive global economy. The benefits at home are enormous.” factor.
2nd is data localization—
NSA backdoors cause data localization—it spills over and kills international businesses
Richard Adhikari, 7-16-2015, "The Fallout From the NSA's Backdoors Mandate," No Publication, http://www.ecommercetimes.com/story/81530.html)//GV
The United States National Security Agency (NSA) is widely believed to have mandated high-tech vendors build backdoors into their hardware and software. Reactions from foreign governments to the news are harming American businesses and, some contend, may result in the breakup of the Internet. For example, Russia is moving to paper and typewriters in some cases to move certain types of information, Private.me COO Robert Neivert told the E-Commerce Times. Governments are pushing to enact laws to force the localization of data -- generally meaning they won't allow data to be stored outside their borders to protect citizens against NSA-type surveillance -- a move that's of particular concern to American businesses, according to a Lawfare Research paper. That's because they deem U.S. firms untrustworthy for having provided the NSA with access to the data of their users. Revisiting the Tower of Babel? "There's an increased use of networks on behalf of Europe and other allies that do not pass through U.S. companies or U.S.-controlled networks," Neivert said. Some countries are even proposing to break up the Internet. However, "people who say these things threaten the Internet itself are misunderstanding things," Jonathan Sander, strategy & research officer of Stealthbits Technologies, told the E-Commerce Times. "The Internet produces too much wealth for too many people and organizations for anyone, including the U.S., to threaten it." The U.S. economy "is one of the best weapons we have in the technology war," Sander continued. The U.S. market "is too big for foreign governments to ignore," which is why foreign companies continue doing business with the U.S. Concern has been expressed about invasions of privacy through surveillance, but this issue is "a matter of policy" and there are differences in how citizens of different countries approach it, Sander pointed out. "In the EU and, to a lesser extent [Australia and New Zealand], privacy is an issue at the ballot box so there are laws reflecting that." In the U.S., however, privacy "has yet to seriously break through as an issue, so there has been less motion," Sander remarked. Massive Cost to U.S. Businesses In August of last year, the German government reportedly warned that Windows 8 could act as a Trojan when combined with version 2.0 of the Trusted Platform Module (TPM), a specification for a secure cryptoprocessor. The TPM is included in many laptops and tablets, and the concern is that TPM 2.0 makes trusted computing functions mandatory rather than opt-in as before, meaning it can't be disabled. Further, it can let Microsoft establish a backdoor into the device it's in. Microsoft's response was that OEMs can turn off the TPM in x86 computers. The German government will end its contract with Verizon; Brazil has decided to replace its fighter jets with ones made by Sweden's Saab instead of Boeing; and Web hosting firm Servint Corp. reported a 30 percent decline in overseas business since the NSA leaks first made news in June 2013. "There is both diplomatic and economic backlash against these tactics," Robyn Greene, policy counsel at New America's Open Technology Institute, told the E-Commerce Times. It's difficult to establish an exact dollar amount, but "experts have estimated that losses to the U.S. cloud industry alone could reach (US)$180 billion over the next three years," Greene said. "Additionally, major U.S. tech companies like Cisco and IBM have lost nearly one-fifth of their business in emerging markets because of a loss of trust." Foreign companies are using their non-U.S. status to advertise themselves as more secure or protective of privacy, Greene remarked. The Other Side of the Story On the other hand, Cisco's share of the service provider router and carrier Ethernet market bounced back strongly after an unusually weak Q2, primarily because of a strong performance in the Asia-Pacific and the EMEA regions, SRG Research reported. "Cisco is in a league of its own, with a global presence, credibility and product range that cannot be matched by its competitors," John Dinsdale, managing director and chief analyst at SRG, told the E-Commerce Times. "When demand increases, there is only a rather short list of vendors who can satisfy it, and Cisco clearly has the strongest story to tell." In addition, the allegations that U.S. high-tech firms built backdoors into their products are not true, contended Philip Lieberman, president of Lieberman Software. "I have never seen any cooperation between U.S.-owned software or hardware manufacturers to insert backdoors into their products for the use of the NSA," Lieberman told the E-Commerce Times. "The damage that such an inclusion would cause to the company that did so would be catastrophic and probably unrecoverable." Rebuilding Faith and Trust With its backdoors, the NSA "broke the foundational element of trust, and that's something very difficult to recover from. [It has] in effect destroyed the trusted and secure reputation of U.S. companies," said Neivert. "More and more we will see U.S. tech companies focusing on distinguishing their products and services with heightened security offerings and working to achieve legislative reforms that would rein in [surveillance practices]. That's the case with the Reform Government Surveillance Coalition and tech industry trade associations that represent thousands of companies," New America's Open Technology Institute's Greene added
Data localization causes protectionism and hamstrings businesses, tech innovation, trade, manufacturing, causing collapse
Chander and Le 15 (Director, California International Law Center, Professor of Law and Martin Luther King, Jr. Hall Research Scholar, University of California, Davis; Free Speech and Technology Fellow, California International Law Center; A.B., Yale College; J.D., University of California, Davis School of Law, Anupam Chander and Uyên P. Lê, DATA NATIONALISM, EMORY LAW JOURNAL, Vol. 64:677, http://law.emory.edu/elj/_documents/volumes/64/3/articles/chander-le.pdf)
Economic Development Many governments believe that by forcing companies to localize data within national borders, they will increase investment at home. Thus, data localization measures are often motivated, whether explicitly or not, by desires to promote local economic development. In fact, however, data localization raises costs for local businesses, reduces access to global services for consumers, hampers local start-ups, and interferes with the use of the latest technological advances. In an Information Age, the global flow of data has become the lifeblood of economies across the world. While some in Europe have raised concerns about the transfer of data abroad, the European Commission has recognized “the critical importance of data flows notably for the transatlantic economy.”209 The Commission observes that international data transfers “form an integral part of commercial exchanges across the Atlantic including for new growing digital businesses, such as social media or cloud computing, with large amounts of data going from the EU to the US.”210 Worried about the effect of constraints on data flows on both global information sharing and economic development, the Organisation for Economic Co-operation and Development (OECD) has urged nations to avoid “barriers to the location, access and use of cross-border data facilities and functions” when consistent with other fundamental rights, in order to “ensure cost effectiveness and other efficiencies.”211 The worry about the impact of data localization is widely shared in the business community as well. The value of the Internet to national economies has been widely noted.212 Regarding Brazil’s attempt to require data localization, the Information Technology Industry Council, an industry association representing more than forty major Internet companies, had argued that “in-country data storage requirements would detrimentally impact all economic activity that depends on data flows.”213 The Swedish government agency, the National Board of Trade, recently interviewed fifteen local companies of various sizes across sectors and concluded succinctly that “trade cannot happen without data being moved from one location to another.”214 Data localization, like most protectionist measures, leads only to small gains for a few local enterprises and workers, while causing significant harms spread across the entire economy. The domestic benefits of data localization go to the few owners and employees of data centers and the few companies servicing these centers locally. Meanwhile, the harms of data localization are widespread, felt by small, medium, and large businesses that are denied access to global services that might improve productivity. In response to Russia’s recently passed localization law, the NGO Russian Association for Electronic Communications stressed the potential economic consequences, pointing to the withdrawal of global services and substantial economic losses caused by the passing of similar laws in other countries.215 For example, besides the loss of international social media platforms, localization would make it impossible for Russians to order airline tickets or consumer goods through online services. Localization requirements also seriously affect Russian companies like Aeroflot because the airline depends on foreign ticket-booking systems.216 Critics worried, at the time, that the Brazilian data localization requirement would “deny[] Brazilian users access to great services that are provided by US and other international companies.”217 Marilia Marciel, a digital policy expert at Fundação Getulio Vargas in Rio de Janeiro, observes, “Even Brazilian companies prefer to host their data outside of Brazil.”218 Data localization affects domestic innovation by denying entrepreneurs the ability to build on top of global services based abroad. Brasscom, the Brazilian Association of Information Technology and Communication Companies, argues that such obligations would “hurt[] the country’s ability to create, innovate, create jobs and collect taxes from the proper use of the Internet.”219 Governments implementing in-country data mandates imagine that the various global services used in their country will now build infrastructure locally. Many services, however, will find it uneconomical and even too risky to establish local servers in certain territories.220 Data centers are expensive, all the more so if they have the highest levels of security. One study finds Brazil to be the most expensive country in the Western hemisphere in which to build data centers.221 Building a data center in Brazil costs $60.9 million on average, while building one in Chile and the United States costs $51.2 million and $43 million, respectively.222 Operating such a data center remains expensive because of enormous energy and other expenses—averaging $950,000 in Brazil, $710,000 in Chile, and $510,000 in the United States each month.223 This cost discrepancy is mostly due to high electricity costs and heavy import taxes on the equipment needed for the center.224 Data centers employ few workers, with energy making up three-quarters of the costs of operations.225 According to the 2013 Data Centre Risk Index—a study of thirty countries on the risks affecting successful data center operations—Australia, Russia, China, Indonesia, India, and Brazil are among the riskiest countries for running data centers.226 Not only are there significant economic costs to data localization, the potential gains are more limited than governments imagine. Data server farms are hardly significant generators of employment, populated instead by thousands of computers and few human beings. The significant initial outlay they require is largely in capital goods, the bulk of which is often imported into a country. The diesel generators, cooling systems, servers, and power supply devices tend to be imported from global suppliers.227 Ironically, it is often American suppliers of servers and other hardware that stand to be the beneficiaries of data localization mandates.228 One study notes, “Brazilian suppliers of components did not benefit from this [data localization requirement], since the imported products dominate the market.”229 By increasing capital purchases from abroad, data localization requirements can in fact increase merchandise trade deficits. Furthermore, large data farms are enormous consumers of energy,230 and thus often further burden overtaxed energy grids. They thereby harm other industries that must now compete for this energy, paying higher prices while potentially suffering limitations in supply of already scarce power. Cost, as well as access to the latest innovations, drives many e-commerce enterprises in Indonesia to use foreign data centers. Daniel Tumiwa, head of the Indonesian E-Commerce Association (IdEA), states that “[t]he cost can double easily in Indonesia.”231 Indonesia’s Internet start-ups have accordingly often turned to foreign countries such as Australia, Singapore, or the United States to host their services. One report suggests that “many of the ‘tools’ that start-up online media have relied on elsewhere are not fully available yet in Indonesia.”232 The same report also suggests that a weak local hosting infrastructure in Indonesia means that sites hosted locally experience delayed loading time.233 Similarly, as the Vietnamese government attempts to foster entrepreneurship and innovation,234 localization requirements effectively bar start-ups from utilizing cheap and powerful platforms abroad and potentially handicap Vietnam from “join[ing] in the technology race.”235 Governments worried about transferring data abroad at the same time hope, somewhat contradictorily, to bring foreign data within their borders. Many countries seek to become leaders in providing data centers for companies operating across their regions. In 2010, Malaysia announced its Economic Transformation Program236 to transform Malaysia into a world-class data center hub for the Asia-Pacific region.237 Brazil hopes to accomplish the same for Latin America, while France seeks to stimulate its economy via a “Made in France” digital industry.238 Instead of spurring local investment, data localization can lead to the loss of investment. First, there’s the retaliation effect. Would countries send data to Brazil if Brazil declares that data is unsafe if sent abroad? Brasscom notes that the Brazilian Internet industry’s growth would be hampered if other countries engage in similar reactive policies, which “can stimulate the migration of datacenters based here, or at least part of them, to other countries.”239 Some in the European Union sympathize with this concern. European Commissioner for the Digital Agenda, Neelie Kroes, has expressed similar doubts, worrying about the results for European global competitiveness if each country has its own separate Internet.240 Then there’s the avoidance effect. Rio de Janeiro State University Law Professor Ronaldo Lemos, who helped write the original Marco Civil and is currently Director of the Rio Institute for Technology and Society, warns that the localization provision would have caused foreign companies to avoid the country altogether: “It could end up having the opposite effect to what is intended, and scare away companies that want to do business in Brazil.”241 Indeed, such burdensome local laws often lead companies to launch overseas, in order to try to avoid these rules entirely. Foreign companies, too, might well steer clear of the country in order to avoid entanglement with cumbersome rules. For example, Yahoo!, while very popular in Vietnam, places its servers for the country in Singapore.242 In
