The U.S. Government: Paying to Undermine Internet Security, Not to Fix It by Julia Angwin.
The Heartbleed computer security bug is many things: a catastrophic
tech failure, an open invitation to criminal hackers and yet another reason to upgrade our passwords on dozens of websites. But more than anything else, Heartbleed reveals our neglect of Internet security.
The United States spends more than $50 billion a year on spying and intelligence, while the folks who build important defense software — in this case a program called OpenSSL that ensures that your connection to a website is encrypted — are four core programmers, only one of whom calls it a full-time job.
In a typical year, the foundation that supports OpenSSL receives just $2,000 in donations. The programmers have to rely on consulting gigs to pay for their work. “There should be at least a half dozen full time OpenSSL team members, not just one, able to concentrate on the care and feeding of OpenSSL without having to hustle commercial work,” says Steve Marquess, who raises money for the project.
Is it any wonder that this Heartbleed bug slipped through the cracks?
Dan Kaminsky, a security researcher who saved the Internet from a similarly fundamental flaw back in 2008, says that Heartbleed shows that it’s time to get “serious about figuring out what software has become Critical Infrastructure to the global economy, and dedicating genuine resources to supporting that code.”
I said last week in NSA … *ucked Up …TCP/IP that the NSA was at war with the U.S. computer industry and ecommerce in general.
Turns out I was overly optimistic, the entire United States government has an undeclared war against the U.S. computer industry and ecommerce in general.
If I were one of the $million high-tech donors to any political party, I would put everyone on notice that the money tap is off.
At least until there is verifiable progress towards building a robust architecture for ecommerce and an end to attacks on the U.S. computer industry, either actively or by neglect by U.S. agencies.
Only the sound of money will get the attention of the 530+ members of the U.S. Congress. When the money goes silent, you will have their full and undivided attention.