Internet security experts are calling for a campaign to rewrite web security in the wake of disclosures that the US National Security Agency has developed the capability to break encryption protecting millions of sites. But they acknowledged the task won’t be easy, in part because internet security has relied heavily on brilliant government scientists who now appear suspect to many.
“We had the assumption that they could use their capacity to make weak standards, but that would make everyone in the US insecure,” said Johns Hopkins cryptography professor Matthew Green. “We thought they would never be crazy enough to shoot out the ground they were standing on, and now we’re not so sure."
Vint Cerf, author of the some of the core internet protocols, said that he didn’t know whether the NSA had truly wreaked much damage, underscoring the uncertainty in the new reports about what use the NSA has made of its abilities. “There has long been a tension between the mission to conduct surveillance and the mission to protect communication, and that tension resolved some time ago in favour of protection at least for American communications,” Cerf said.
Another problem is the relatively small number of mathematical experts working outside the NSA. “A lot of our foundational technologies for securing the Net have come through the government,” said researcher Dan Kaminsky. “They have the best minds in the country, but their advice is now suspect.”