Yes, The NSA Has Always Hated Encryption

from the like-kryptonite-to-spies dept

Tue, Jul 30th 2013 3:31pm — Mike Masnick

With the latest reports of the feds (both the NSA and the FBI) trying to get tech companies to cough up master encryption keys, Matt Novak of the awesome PaleoFuture blog (now a part of Gizmodo) notes that the NSA has a long history of hating civilians who use encription. While many of us lived through the crypto wars of the 90s, in which PGP was branded a weapon, and it was supposedly illegal to export it, Novak goes even further back to when the NSA flipped out about some of the early research on civilian cryptography in the 1970s:

As Jay Stowsky at UC-Berkeley notes in his 2003 paper "Secrets or Shields to Share?" the intelligence community fought tooth and nail against the private development of cryptography for computers. When the NSA got wind of the research developments at IBM, Stanford and MIT in the 1970s they scrambled to block publication of their early studies. When that didn't work, the NSA sought to work with the civilian research community to develop the encryption. As Stowsky writes, "the agency struck a deal with IBM to develop a data encryption standard (DES) for commercial applications in return for full pre-publication review and right to regulate the length, and therefore the strength of the crypto algorithm."

Naturally, in the Watergate era, many researchers assumed that if the U.S. government was helping to develop the locks that they would surely give themselves the keys, effectively negating the purpose of the encryption. Unlike IBM, the researchers at Stanford and MIT didn't go along with the standard and developed their own encryption algorithms. Their findings were published (again, against the wishes of the NSA) in the late 1970s after courts found that researchers have the right to publish on the topic of cryptography even if it makes the government uncomfortable. According to Stowsky, the NSA retaliated by trying to block further research funding that Stanford and MIT were receiving through the National Science Foundation.

Of course, imagine an internet without the kind of encryption we have today. While it still doesn't go nearly far enough it is one of the few things that really can significantly protect some aspects of privacy. Not only that, but it's really been key to many of the things that we now take for granted online, including e-commerce and online money transactions. Of course, if the NSA had had its way, we might not have that today -- or at least it wouldn't be nearly as trustworthy, meaning there would be a lot less of it.

Think about that every time the NSA or FBI wants master keys, backdoors or weaker encryption. They hype up the FUD about how they need this to stop extraordinarily low probability events like terrorist attacks, but allowing that technology creates tremendous innovations and benefits. When we do a basic cost-benefit analysis, the NSA is going to lose, but they'll try to scare the crap out of people so they don't even get a chance to realize what they're giving up.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: encryption, history, nsa, research, surveillance

21 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

This comment has been flagged by the community. Click here to show it

out_of_the_blue, 30 Jul 2013 @ 3:41pm

Why, it's getting so can't even trust Microsoft!
Verdeckte Updates: Windows-Hintert�r gef�hrdet Internetverschl�sselung

http://www.spiegel.de/netzwelt/web/windows-hintertuer-gefaehrdet-ssl-vers chluesselung-a-913825.html

Believe basically says that Microsoft has compromised SSL.

Take a loopy tour of Techdirt.com! You always end up same place!
http://techdirt.com/
When you think surveillance, think Google!
[ link to this | view in chronology ]
- John Fenderson (profile), 30 Jul 2013 @ 4:30pm
  
  Re: Why, it's getting so can't even trust Microsoft!
  It doesn't say Microsoft has compromised SSL. It says that Microsoft has included functionality that allows them to change the root CA without you noticing (which could allow them to compromise SSL). It's a fine, but important, distinction.
  
  Of course, if your concern is spying, it has been known for over a decade that you should be avoiding Windows. Microsoft loves putting in backdoors for the NSA and other spy organizations.
  [ link to this | view in chronology ]
  - Anonymous Coward, 1 Aug 2013 @ 1:21pm
    
    Re: Re: Why, it's getting so can't even trust Microsoft!
    Linux FTW :)
    [ link to this | view in chronology ]
- G Thompson (profile), 30 Jul 2013 @ 9:32pm
  
  Re: Why, it's getting so can't even trust Microsoft!
  Again... why has this comment been flagged...
  
  It's either a reportable comment based on community (Techdirt) guidelines and mores or ISN'T..
  
  Guess what? If this comment above by OOTB is reportable by breaching/skirting those unwritten guidelines then every single comment over the last few years should be too..
  
  And the tagline that OOTB puts at the end? So freakin what.. It's rhetorical opinion and basically some stories on TD have been loopy. That's what makes the place great
  [ link to this | view in chronology ]
  - Anonymous Coward, 30 Jul 2013 @ 10:51pm
    
    Re: Re: Why, it's getting so can't even trust Microsoft!
    Its been flagged because the arbitrary number of people that are required to flag the comment has been reached. If you instead mean why have these people flagged this comment, it is not the content of the comment but rather the commentator. Imaging these hypothetically unwritten guidelines, I imagine there would be a clause in there to attempt to post on topic and contribute to the discussion at hand, a clause that OOTB would have breached an excessive number of times with his rants, to the point that the community don't believe he's worth giving another chance.
    
    While I don't really agree with the sentiment of flagging the comments just cause its OOTB, I can see where the desire for it comes from.
    [ link to this | view in chronology ]
    - Josh in CharlotteNC (profile), 31 Jul 2013 @ 6:37am
      
      Re: Re: Re: Why, it's getting so can't even trust Microsoft!
      ootb is has admitted that the only reason he posts is to disrupt the discussion. Something that arguing over whether his comment should be hidden in every post achieves remarkably well. And yes, I'm now adding to the disruption.
      [ link to this | view in chronology ]
    - art guerrilla (profile), 31 Jul 2013 @ 7:23am
      
      Re: Re: Re: Why, it's getting so can't even trust Microsoft!
      you will not find anyone against censorship more than i am; HOWEVER, OOTB has EARNED his auto-reporting over many, many, many slimy posts... i don't agree with it, but he has no one to blame but himself for pissing off a large portion of the community repeatedly...
      
      his signal to noise ratio is not worth the effort...
      
      (oh, and i *do* call this a *form* of censorship, albeit about as inoffensive as can be imagined...)
      
      i like the commenting/reporting system at slashdot, which not only downgrades the obvious trolls, but generally 'rates' the comments in a semi-fair manner, such that ALL the fluff (whether trollish, off-topic, repetitive, or simply stupid) can be 'hidden' if that is how you set your level of surfing slashdot...
      
      art guerrilla
      aka ann archy
      eof
      [ link to this | view in chronology ]
      - Anonymous Coward, 31 Jul 2013 @ 8:03am
        
        Re: Re: Re: Re: Why, it's getting so can't even trust Microsoft!
        ootb is not censored, anyone wanting to read his comments are perfectly capable of clicking the link to see them.
        
        He is free to say what he wants, he is not free to force us all to read it.
        [ link to this | view in chronology ]
Anonymous Coward, 30 Jul 2013 @ 4:00pm

In the MMORPG reallife tech tree, encryption comes in the root of a lot of things.

Without it, you wouldn't be able to do banking online, have virtual offices, telemedicine, privacy, private conversations, secure cars, secure medical equipment and implants.

Although terrorism and in general extremism of any kind(e.g.: religious, nationalistic, racial, etc) can and from time to time causes loss of life, if compared to what tech enables and how much lifes it saves and secure, there is just no contest to the benefits it brings against the bad it could cause and mostly is because most people are not after others, most people just want to live their lifes in peace.
[ link to this | view in chronology ]
- Anonymous Coward, 31 Jul 2013 @ 12:22am
  
  Re:
  And what happens when the Government is the terrorists?
  [ link to this | view in chronology ]
  - Anonymous Coward, 31 Jul 2013 @ 2:40am
    
    Re: Re:
    Depends how strong that government' military is, in this instance, US Armed drones overflying independent nations in mid-east raining down surprise attacks, No Declared War, very definition of terrorism, only a fellow with a forked tougne, would define it otherwise
    [ link to this | view in chronology ]
Mike, 30 Jul 2013 @ 8:10pm

Blah, they can probably decrypt it all... they just want to make you think it's secure so people think they're safe and continue to communicate online.
[ link to this | view in chronology ]
- Josh in CharlotteNC (profile), 31 Jul 2013 @ 6:47am
  
  Re:
  Barring the mythical and non-existant quantum computers or a serious breakthrough in factoring mind bogglingly large numbers, brute forcing a modern encryption scheme is not possible. What the NSA (or other people breaking encryption systems like DRM) rely on to break encryption schemes are flaws in how keys are managed or generated, attacks that depend on knowing what parts of the message already are, and other flaws that turn what is supposed to be a completely random encrypted message into something that is predictable instead of random.
  [ link to this | view in chronology ]
Ninja (profile), 31 Jul 2013 @ 4:48am

Amusingly by promoting and engaging in mass surveillance they are making people push for encryption standards and strengths that are much harder to crack. That along with anonymizing alternatives will breed very fertile grounds for criminals to work with very few hassles.

Why instead not do the very basic, narrowly focused investigative work in the first place? No encryption tool can prevent such work from uncovering the truth.
[ link to this | view in chronology ]
Hephaestus (profile), 31 Jul 2013 @ 6:54am

"They hype up the FUD about how they need this to stop extraordinarily low probability events like terrorist attacks"

Over a ~thirty year period (1982 to 2012) these are the likelihoods of you dying of something other than terrorism.

heart disease 17,600 times
medical error 5,882 times
car accident 1048 times
falling 404 times
drown 87 times
railway accident 13 times
accidental suffocation in bed 12 times
choke to death on your own vomit 9 times
killed by a police officer 8 times
accidental electrocution 8 times
hot weather 6 times

And my favorite

Death by lightning strike 1 times
[ link to this | view in chronology ]
Nicholas Weaver (profile), 31 Jul 2013 @ 7:41am

The strange thing is, DES was NOT weakened by the NSA!
A strange coda to the story however. DES was NOT weakened by the NSA. The design's subtle tweaks by the NSA ended up being used to counter differential cryptanalysis, and although the key length was somewhat short, it was still uncrackable at the time of development (now its crackable in a day or less).
[ link to this | view in chronology ]
Uriel-238 (profile), 31 Jul 2013 @ 10:15am

Poor encryption costs lives.
When I read Why, it's getting so can't even trust Microsoft! I read it as sarcastic. Microsoft's never had secure encryption as a top priority.

PFS, people. It's the new condom.

This just reminds me that our communications should be securely encrypted long before we have need for it (say, engaging in subject matters that might be regarded as seditionary.)

Interestingly, we're closing in on the 100th anniversary of the Zimmerman Telegram.
[ link to this | view in chronology ]
Anonymous Coward, 31 Jul 2013 @ 1:59pm

One benefit of the gov't restricting key lengths to 40 bits for any exported system: very weak encryption on DVD's.
[ link to this | view in chronology ]
yaga (profile), 31 Jul 2013 @ 6:46pm

Why is encryption spelled with an "i" in the third sentence? Or am I imagining that?
[ link to this | view in chronology ]
Anonymous Coward, 1 Aug 2013 @ 1:21pm

Goverments hate Bitcoin.
[ link to this | view in chronology ]
- Anonymous Coward, 1 Aug 2013 @ 1:21pm
  
  Re:
  Governments
  [ link to this | view in chronology ]