The NSA is trying to crack Tor. The State Department is helping pay for it. In light of the revelations about NSA attempts to crack Tor, we here at The Switch wrote about the internal debate over online anonymity in the federal government. "But their interest in cracking privacy tools is in direct conflict with efforts in other parts of the U.S. government — especially the State Department, which supports the aforementioned activist and journalist Tor users. In 2013, the State Department and USAID awarded $25 million to groups working on Internet freedom issues, like "supporting counter-censorship and secure communications technology, digital safety training and policy and research programs for people facing Internet repression."
Dual-leadership role at NSA and Cyber Command stirs debate. The Post's own Ellen Nakashima reported about a different internal government conflict -- the current dual role of General Keith B. Alexander as the head of the NSA and head of U.S. Cyber Command. "The debate has taken on greater significance in the wake of disclosures by former National Security Agency contractor Edward Snowden about the sweeping scope of the agency’s domestic surveillance to thwart terrorist attacks and gain foreign intelligence." Nakashima quotes Peter Singer of the Brookings Institution, who says his role has "blurred the lines between a military command and a national spy agency." While Alexander disagrees with this sentiment, Nakashima also spoke to administration officials who "acknowledge that there are concerns with what they call the dual-hat assignment."
Europe aims to regulate the cloud. Danny Hakim at the New York Times reports that revelations about NSA surveillance are spurring European Union regulators to take a more serious look at cloud computing as they update digital privacy regulation. "Even before revelations this summer by Edward J. Snowden on the extent of spying by the National Security Agency on electronic communications, the European Parliament busied itself attaching amendments to its data privacy regulation," says Hakim, "[a]nd since the news broke of widespread monitoring by the United States spy agency, cloud computing has become one of the regulatory flash points in Brussels as a debate ensued over how to protect data from snooping American eyes."
Why everyone is left less secure when the NSA doesn’t help fix security flaws. We here at the Switch reported on some unusual comments about how the government weighs whether it is "legally or ethically compelled" to help fix computer vulnerabilities, essentially "if the agency thinks that no one else will be able to exploit a vulnerability, it leaves the problem unfixed to aid in its own spying efforts." But the agency's purchases from the zero-day exploit market can be risky for the public, explained Chris Soghoian of the ACLU, "The NSA does not have a monopoly over the exploits that it buys, whether from the black market or from defense contractors. Those same vulnerabilities can and will be discovered by other researchers too, some of whom may sell them to other governments and criminals."