Flaws in that little padlock on people’s supposedly secure Internet sites have sent users in recent days scrambling to change passwords and question whether they should keep providing sensitive information in their online interactions.
Known as Heartbleed, it is yet another and perhaps the largest-ever threat to Internet security. Far more disturbing, however, are reports that the government may have known about it for two years, but used it to aid in its surveillance of Americans rather than issue public warnings.
That little image of a lock has always made Internet users feel secure that information such as Social Security and credit card numbers was encrypted, or private, in their communications with banking, shopping or other websites where business was transacted.
The fact the lock has been capable of being opened by unsavory third parties or the government is indeed a cause for alarm. The other problem is that no one seems to know if any outsiders have actually been unlocking secure communications.
Many people may not be that worried about the National Security Agency’s recording of their mundane phone calls or emails, but hackers having access to passwords and credit card numbers is a different story. The question is whether everyone could have known about Heartbleed a lot sooner than April 7.
On Friday, Bloomberg News quoted sources who said the NSA discovered the flaw two years ago, and rather than make it public so it could be repaired, used it as “a basic part of the agency’s toolkit for stealing account passwords and other common tasks.”
Naturally, the government denied that the report was accurate, insisting it knew nothing about Heartbleed previously and therefore did not withhold knowledge of it or use it for its surveillance programs.
But you have to wonder if you can trust the government’s denial, since it lost our trust last year when we learned it began secretly snooping on Americans years ago without their knowledge.