|Photograph by Mark Viker/Getty Images|
Definition of PANGLOSSIAN
: marked by the view that all is for the best in this best of possible worlds : excessively optimistic
Origin of PANGLOSSIAN
Pangloss, optimistic tutor in Voltaire's Candide (1759)
First Known Use: 1831
Dear NSA, Thanks for Making Us All Insecure
By David Meyer September 06, 2013
Dear stupid, stupid NSA,
I’ve got to hand it to you: As an agency set up with the task of breaking codes and spying on people, you seem to be doing a pretty sterling job.
You and your counterparts in the U.K., Australia, Canada, and New Zealand (and possibly elsewhere) are able to monitor most of the communications flowing around the world. You appear to have successfully subverted the American Web services that everyone uses, and you’ve used the value and size of the U.S. market to bring all manner of Internet backbone providers and hardware vendors on-side too.
Now we also know that you have—in your own words—some capabilities against the encryption in TLS/SSL, HTTPS, SSH, VPNs, VoIP, WEBMAIL, and other network communication technologies. So even if it takes a fair amount of effort (unlike your indiscriminate data-trawling techniques), that’s basic Internet security out the window then. Nicely done.
We’re still pretty sure that strong cryptography [Project XIII uses AES strong encryption] is safe (Edward Snowden said so, and he’s yet to be proven wrong on this stuff), but even there it’s not unreasonable to suspect you can muscle your way in if the situation merits it.
Again, well played, maybe.
However, you’ve not stopped at code breaking—you have also made sure that vulnerabilities have been inserted into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets.
Here’s where the stupidity creeps in: You actively work to influence policies, standards, and specifications for commercial public key technologies and shape the worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by yourself.
In other words, instead of just building a better lock pick, you are trying to make sure that all locks are faulty by design.
What is so jaw-droppingly idiotic about your actions is that you have not only subverted key elements of modern cryptography, but you have also appointed yourself as the guardian of the knowledge that the resulting vulnerabilities exist. And if your own security systems were up to the task, then those secrets wouldn’t be sitting in the offices of the New York Times and ProPublica.