The New York Times reported last week that the National Security Agency was accused of breaking into the computer systems of a European SIM card manufacturer, a move that would give the U.S. intelligence agency the ability to collect mobile voice and data communications. Gemalto, the manufacturer, provides SIM cards for cell-phone carriers such as Verizon Wireless in the United States and China Mobile abroad. As a result, millions of cellphone users around the world are affected. More generally, the United States and Iran are currently locked in a cyberwar, in which U.S. banks were targeted in 2012. An internal NSA memo states that Iran learned techniques from U.S. cyber-attacks, which points to an inevitable escalation of tactics. The U.S. government ignores the fact that the United States’ enemies could use the exact same tactics against us. The NSA must exercise caution and not compromise the security of everyday Americans as it carries out its operations.
Some have defended the NSA’s actions as being necessary to ensure the safety of the United States. This is simply not the case. By accessing our mobile voice and Internet data, the NSA bypasses built-in security measures and undermines the security of those cell phones. Supporters of the U.S. surveillance apparatus may trust the government, but this exploit represents a glaring hole in security. Even if we are not bothered by our government listening to our calls, we would rightly balk at foreign spies doing the same.
The attack on a SIM manufacturer is characteristic of the NSA’s tactics over the last decade, in which it forsakes targeted surveillance in favor of a broader approach. Traditional aspects of policing, including the assumption of innocence, are being ignored by the NSA: when leaked slides contain stated aims of “sniff it all” and “know it all,” it becomes clear that the NSA seeks to eliminate online anonymity entirely in the name of security. The results would be disastrous: doctor-patient confidentiality would be eroded, and medical hotlines — including NYU’s Wellness Exchange — would no longer be anonymous.
The United States needs to take more responsibility when it comes to cyber attacks and computer-
driven espionage. The Obama administration has long refused to state how much they use computer bugs hidden from software manufacturers in order to steal personal data from users. The administration must be more transparent in its use of these exploits, and should reevaluate the supposed necessity of cyber attacks.
As with other forms of cybercrime, it is impossible to control whether our government conducts surveillance on our enemies or if criminals use it to compromise U.S. businesses. There is no such thing as a software bug or an exploit that only the good guys can use.
Opinions expressed on the editorial pages are not necessarily those of WSN, and our publication of opinions is not an endorsement of them.
A version of this article appeared in the Thursday, March 5 print edition. Email Tommy Collison at [email protected]