“The NSA has both weakened overall trust in the network and directly harmed the security of the Internet.”
A report published by the New America Foundation’s Open Technology Institute on Tuesday details the impact of NSA surveillance activities on the United Sates economy, foreign policy and Internet security.
There have been numerous discussions on the intelligence agency’s controversial spying programs over the past year, ever since former NSA contractor Edward Snowden started leaking classified information obtained from the organization’s systems. However, the Open Technology Institute argues that most discussions have revolved around the impact of surveillance programs on privacy and civil liberties, and not so much on how they affect the interests of the United States and the global Internet community.
The 64-page paper focuses on the costs to cybersecurity, the direct economic costs to U.S businesses, the economic and technological costs of data localization and data protection proposals, and political costs to American foreign policy.
For example, the report points to the NSA’s attempts to intentionally weaken critical cryptographic standards. One of these algorithms was until recently included in cryptographic libraries used by default by RSA and other companies.
The agency is also said to be spending hundreds of millions of dollars on getting companies to intentionally create backdoors in their products, including communication devices, commercial encryption systems and IT networks. In addition to getting companies to insert security holes into their products, the NSA keeps information about zero-day vulnerabilities to itself, instead of notifying the companies whose solutions are affected. This leaves organizations and regular users exposed to attacks from the NSA, and also from other entities that might have knowledge of the flaws, the report said.
The Open Technology Institute believes costs to cybersecurity also stem from the activities of the NSA’s Tailored Access Operations (TAO) unit, whose employees rely on an aggressive set of tools to hack into computers, phones, routers and even SCADA systems. One of the tactics used by this unit involves targeting networks and network providers, including the undersea cables that carry Internet traffic between continents. The TAO unit is also said to have impersonated several major US companies, including Facebook and LinkedIn, in an effort to insert malware and steal sensitive information.
When it comes to economic impact, NSA surveillance has led to a decline in overseas sales and the loss of business opportunities for American companies. One of the most impacted sectors is cloud computing, which could lose billions of dollars over the next 3-5 years, the report said.
In addition to direct costs, there are also potential costs to businesses and the openness of the Web due to foreign governments’ new proposals for data localization and data protection laws. As an example, the paper points to Brazil, Germany and India, where data localization laws designed to prevent or limit information flows in an effort to protect against NSA spying are being considered.
“Data localization proposals also threaten the functioning of the Internet, which was built on protocols that send packets over the fastest and most efficient route possible, regardless of physical location. Finally, the localization of Internet traffic may have significant ancillary impacts on privacy and human rights by making it easier for countries to engage in national surveillance, censorship, and persecution of online dissidents,” said the authors of the report.
As far as costs to foreign policy are concerned, the country’s relations with other nations have already been negatively impacted due to recent revelations. The United States’ interests are threatened by the damage to bilateral and multilateral relations, and by the loss of credibility for the Internet freedom agenda, according to the report.
The complete report, “Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity,” is available online.