There are now resounding calls to drastically change the secretive National Security Agency in the wake of the documents leaked by former NSA contractor Edward Snowden. Some advocate a completely re-made spy agency, others say moves that drastic would hurt national security.
It's become a question of "reform" of the NSA, but Congress is divided on how to tackle this and a report from the Presidentially-appointed committee looking into that question is not likely to appear until year end at the earliest. Some lawmakers in the House and Senate are advocating changes to stop some kinds of surveillance and information collection by the NSA. But others think the issue isn't NSA but Snowden, whom they call a traitor for supplying NSA documents he stole by hacking what was supposed to be the NSA's super-secure network.
Calls for new restraints on the NSA are coming from the U.S. high-tech industry--particularly Google, Facebook, Microsoft and Yahoo--which have been stung by revelations on how closely they must work under current law to supply customer data to the NSA. New accusations are now springing forth in the media that the NSA has been quietly intercepting large data chunks on its own anyway.
On the diplomatic front, America's global allies, especially Germany, are furious to find out that the NSA spied on their government leaders, including German Chancellor Angela Merkel, something seen as not just a betrayal of trust but also perhaps of democracy itself.
What's also believed now is that Snowden, who fled to Russia, holds about 10,000 documents related to traditional espionage against Russia and China that could have huge impact in global politics if passed on or made public. One security vendor, Venafi, this week offered its own opinion on how Snowden, a contractor at Booz Allen who seems to have had a systems administrator role at the NSA, got so much data out of the NSA network without being noticed.
Jeff Hudson, CEO at Venafi, says Snowden likely elevated his privileges by generating SSH keys to use them to get access to other servers. "He then used that SSH key to get access to another," said Hudson. SSH keys allow for authentication and encrypted file transfer, but tracking SSH keys in use can be a problem. "Why doesn't the NSA just come out and say that happened?"
Many in the high-tech industry would likely agree with the stark conclusion reached by Bruce Schneier, crypto expert and author who has read some of the Snowden documents directly, that "the NSA has turned the Internet into a giant surveillance platform."
But the U.S.-based tech industry is caught between a rock and hard place. Some high-tech companies, such as Google, are trying to make it harder for the NSA to intercept data by using more encryption to stymie NSA intercept.
Sign up for Computerworld eNewsletters.