Johns Hopkins Tells Security Researcher To Remove Blog Post About NSA Encryption Attacks From University Server

from the now-take-a-look dept

Last week, a great blog post by cryptographer and research professor Matthew Green was posted, providing some fantastic details about the likely attack vectors by the NSA to compromise encryption schemes. It's a well written and detailed piece from someone who clearly knows what he's talking about. Oh, and it kicks off with an amusing story about how the reporters working on the "NSA builds backdoors into encryption" story had contacted him for comments and, because they didn't reveal too many details, he was concerned about coming off as too paranoid or too much of a "crank." However, after the details came out, he realized he "wasn't cranky enough."
Oddness aside it was a fun (if brief) set of conversations, mostly involving hypotheticals. If the NSA could do this, how might they do it? What would the impact be? I admit that at this point one of my biggest concerns was to avoid coming off like a crank. After all, if I got quoted sounding too much like an NSA conspiracy nut, my colleagues would laugh at me. Then I might not get invited to the cool security parties.

All of this is a long way of saying that I was totally unprepared for today's bombshell revelations describing the NSA's efforts to defeat encryption. Not only does the worst possible hypothetical I discussed appear to be true, but it's true on a scale I couldn't even imagine. I'm no longer the crank. I wasn't even close to cranky enough.
He then goes on to explain where the most probable attacks are coming from and what we should be most worried about and what's likely still safe. I had hoped to write up something about the post in general, but today something new came up. Green noted that the Dean where he teaches, at Johns Hopkins, had asked him to remove the blog post from the university's servers. The blog post was cross-posted both to a blog on the university's servers, as well as to Green's personal blog on Blogger. The personal blog post is still up (and now about to get that much more attention for the takedown). He also notes that this "isn't my Dean's fault" though plenty of folks are curious whose fault it might be. For what it's worth, it appears that Hopkins has a close relationship with the NSA, and the school really isn't that far from the NSA's headquarters.

Either way, for a whole variety of reasons, demanding the blog post be taken down seems fairly pointless. Not only will it draw much more attention to the original post, it now creates additional scrutiny towards Johns Hopkins as to why it's stifling the speech of one of its professors on a key topic of public interest.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: censorship, cryptography, encryption, matthew green, nsa, nsa surveillance
Companies: johns hopkins


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 9 Sep 2013 @ 11:52am

    Who's to say that the NSA didn't force financial leverage on Johns Hopkins?

    I mean, given the revelations thus far, I wouldn't put it past those rat bastards.

    link to this | view in thread ]

  2. icon
    ChurchHatesTucker (profile), 9 Sep 2013 @ 11:54am

    Not surprised

    There's a whole lot of Secret Squirel Stuff going on at the Hop. It also has a ton of International faculty/students. This could get interesting.

    link to this | view in thread ]

  3. icon
    Internet Zen Master (profile), 9 Sep 2013 @ 12:01pm

    Hmm...

    At a glance, it looks like John Hopkins has NSA-sponsored programs that are pretty much training for future cyber-security employees (read: future NSA n00bs). I guess the NSA probably politely asked Hopkins to have their prof take down a blog post that would make hiring new recruits even more difficult. I doubt the NSA wants a repeat of what happened the last time they went out recruiting at a college on a campus that is a hell of a lot closer to home.

    Of course, that's just me making a harmless speculative guess. It would be interesting to find out the real reason though, if it's ever revealed.

    As the Zen Master says, "We'll see."

    link to this | view in thread ]

  4. identicon
    Anonymous Anononymous Coward, 9 Sep 2013 @ 12:08pm

    Streisanded

    Dear NSA:

    Don't you already have a fairly complete dossier on the keywords "Streisand AND Effect"?

    If so, please study 'correlation and cause' whilst holding up a hand mirror to your face.

    Yours Truly

    The Internets

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 9 Sep 2013 @ 12:10pm

    NSA appears to be trying to bury everybody else head in the sand to make their revealed secrets secret again!

    link to this | view in thread ]

  6. icon
    Namel3ss (profile), 9 Sep 2013 @ 12:10pm

    Ah the Streisand effect...

    They just never will learn, will they?

    link to this | view in thread ]

  7. This comment has been flagged by the community. Click here to show it
    identicon
    out_of_the_blue, 9 Sep 2013 @ 12:15pm

    All hail the "conspiracy kooks" who turned out to be RIGHT.

    The tide is slightly turning, but took real courage before to go against the masses of placid dolts who just couldn't believe that the gov't is actively evil.

    I'm not bragging personally because not one who's done the work of publicizing info over the last three or so decades, but now clear that it's almost impossible to be "cranky enough" with regard to the surveillance state. It has nearly unlimited money with which to buy research and people.

    But I'm confident that what I believe about Facebook and Google as actual components of the NSA will soon be proven. That's one of the items they really wish to protect, because gives the illusion of not only separation between gov't and corporations, but that there's some varied interests in the society, instead of all under ONE over-arching conspiracy.

    Spying is the main 'business model' of the internet, especially for Google and Facebook.

    link to this | view in thread ]

  8. icon
    gojomo (profile), 9 Sep 2013 @ 12:16pm

    Maybe also motivated by clumsy DoD site-blocking policies

    Another possibility: the DoD thinks the post is 'dangerous viewing' for troops. So, as when they blocked access to the entire Guardian website (http://www.techdirt.com/articles/20130627/22485123649/defense-department-blocks-all-web-access-to-g uardian-response-to-nsa-leaks.shtml), they will be blocking any *.jhu.edu domains that host it.

    But, those same domains may include other information that the DoD/troops need (and have "paid for" in research grants and joint programs). Hence, because (like early versions of China's firewall) their censoring tech is crude and whole domain/IP-address oriented, they pressure JHU to segregate content for troop-friendliness.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 9 Sep 2013 @ 12:21pm

    "wasn't even close to cranky enough."

    I have similar feelings when I see conspiracy nuts come by and claim something. Then I hit them with a newspaper and go
    "Whatever you just said was less crazy than what's being confirmed as true facts right now!"

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 9 Sep 2013 @ 12:25pm

    NSA: Hey, if we can't even find evidence of terrorists in all our data to prevent the Boston Bombings then there's NO WAY the Internet will find Matthew Green's posts criticizing us if we make him take it off the John Hopkins server.

    link to this | view in thread ]

  11. icon
    Internet Zen Master (profile), 9 Sep 2013 @ 12:31pm

    Re: All hail the "conspiracy kooks" who turned out to be RIGHT.

    Until the Guardian posts an article explicitly stating that Facebook and Google are actually part of the NSA (i.e. part of the government itself) and not just corporations that have been forced (to a certain extent, depending on the company involved.) to reluctantly cooperate with an intrusive government which can make their existence a living nightmare if they wanted, you are still making baseless claims.

    Seriously blue, stop and think for a moment. How many people would have to know about this single giant conspiracy you keep saying exists? Thousands? Hundreds of thousands? The odds of everyone involved being able to keep their mouths shut, or no information leaking out onto the web, are very, very low.

    link to this | view in thread ]

  12. icon
    Baldaur Regis (profile), 9 Sep 2013 @ 12:35pm

    Re: Not surprised

    To the NSA, "International faculty/students" is code for "TERRORISTS!!!!" And "blogger" is code for "LITERATE TERRORISTS!!!"

    link to this | view in thread ]

  13. icon
    Arthur Moore (profile), 9 Sep 2013 @ 12:43pm

    Re: Maybe also motivated by clumsy DoD site-blocking policies

    Hmm, that's an interesting possibility. Unfortunately, having necessary military information and services sharing the same domain as self hosted websites is just a bad idea.

    I'm aware that different subdomains can be completely separated, but the cost of a domain name is so cheap that it's not worth the potential trouble. The largest reason to not go with a separate domain name is shared hosting. At that point domain names are the least of the universities security troubles.

    link to this | view in thread ]

  14. icon
    Chris ODonnell (profile), 9 Sep 2013 @ 12:44pm

    You would think that an agency that has already hoovered up all of MIke's email would be familiar with the Streisand Effect.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 9 Sep 2013 @ 12:44pm

    Re: Re: All hail the "conspiracy kooks" who turned out to be RIGHT.

    Hey, I've ALWAYS kept my mouth shut about how the 'G' in 'USG' stood for Goog....oh crap.

    link to this | view in thread ]

  16. icon
    Rikuo (profile), 9 Sep 2013 @ 12:47pm

    Re: All hail the "conspiracy kooks" who turned out to be RIGHT.

    Can you explain for us just why you're so worried about Google and Facebook? Why it is that you focus so much of your attention and the thrust of your comments towards them? Yes, we know Google and Facebook collect massive amounts of information, information that is WILLINGLY given to them by their users. No-one is worried about what those two corporations can do. They don't have police. They don't have prisons.
    The government does. The government is who is demanding all this information, and will then, inevitably use that information to arrest people, indeed already has what with the DEA having laundered tips they get from the NSA.
    If you're so worried about Google and Facebook having your information and then passing it along, stop using them. Look to other services. There will doubtlessly be new services within the next year or two that have as part of their marketing campaign "Not based or have any ties to the US at all! Free from NSA spying!"

    link to this | view in thread ]

  17. icon
    Rikuo (profile), 9 Sep 2013 @ 12:49pm

    Re:

    Ahh but they haven't read Mike's emails, now have they?

    link to this | view in thread ]

  18. icon
    PopeRatzo (profile), 9 Sep 2013 @ 1:15pm

    Re:

    "Financial" nothing. After what we've learned, they might have the dean's kids in a cell somewhere.

    I think we've passed the point where there is something - some "red line" - that the NSA will not cross. Torture? Natch. Blackmail? You bet. Setting up a fatal "accident"? Almost certainly.

    Our government has declared all of us the enemy.

    link to this | view in thread ]

  19. identicon
    Peter Henry, 9 Sep 2013 @ 1:27pm

    Dean, meet Barbra

    link to this | view in thread ]

  20. icon
    ChurchHatesTucker (profile), 9 Sep 2013 @ 3:08pm

    Re: Re: Not surprised

    They got that memo long ago.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 9 Sep 2013 @ 4:43pm

    CYA screwup

    As noted elsewhere, this sort of thing often turns out to be a ham-fisted attempt at CYA by a clueless academic administrator. They never learn. At a guess, someone in the upper reaches of Johns Hopkins is worried about the NSA money spigot, and decided to preemptively lean on the Dean. No specific NSA pressure needed. And of course, it promptly blew up in their face. As both the academic and the Dean in question perhaps hoped.

    link to this | view in thread ]

  22. identicon
    SturdyNeuronz, 10 Sep 2013 @ 6:19am

    Really?

    The internet was formerly darpanet. It's purpose was to link .gov to .edu together (ie: to influence academia). So this is not surprising.

    link to this | view in thread ]

  23. identicon
    Security Vancouver, 16 Sep 2013 @ 2:46am

    To censor is never a good thing! To bury, to create secrets... Safety and security are important but here it's very exaggerated !

    link to this | view in thread ]

  24. identicon
    pacifique, 11 Mar 2014 @ 2:54am

    I think it is very difficult for human being not being under by other people or any organization but the most important is how to adapt yourself with the new situation .I found a site which gives the better web hosting .The site is http://www.internetbizwebpage.info

    link to this | view in thread ]

  25. identicon
    Anonymous, 29 Oct 2016 @ 3:02pm

    Its True

    Coming from a former employee of JHH, it is true, I had DOD monitor my phone when I started going through trouble with Johns Hopkins and they continue to do so. They come into my home when I'm not there and my car. I was and still am under surveillance and it's horrible. Believe it or not, do some research under Intelligent Decision who left their pen in my home while they did God knows what. I don't trust my home or car not alone what I eat. Work for them at your own risk. Oh yes. They also monitor your phone and internet. Signed, tired of being watched and want my life back!

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.