Open Letter From Security Researchers Explains How NSA Has Weakened Our Communications Infrastructure

from the read-it dept

Fri, Jan 24th 2014 2:49pm — Mike Masnick

Among the many problems with President Obama's weak statement concerning NSA surveillance was the fact that he didn't even address the serious issue of the NSA undermining cryptography with backdoors. The White House's task force had included a recommendation to end this practice, and the President appeared to ignore it entirely. Now, a large group of US computer security and cryptography researchers have sent a strongly worded open letter to the President condemning these efforts (and his failure to stop the program).

Indiscriminate collection, storage, and processing of unprecedented amounts of personal information chill free speech and invite many types of abuse, ranging from mission creep to identity theft. These are not hypothetical problems; they have occurred many times in the past. Inserting backdoors, sabotaging standards, and tapping commercial data-center links provide bad actors, foreign and domestic, opportunities to exploit the resulting vulnerabilities.

The value of society-wide surveillance in preventing terrorism is unclear, but the threat that such surveillance poses to privacy, democracy, and the US technology sector is readily apparent. Because transparency and public consent are at the core of our democracy, we call upon the US government to subject all mass-surveillance activities to public scrutiny and to resist the deployment of mass-surveillance programs in advance of sound technical and social controls. In finding a way forward, the five principles promulgated at http://reformgovernmentsurveillance.com/ provide a good starting point.

The choice is not whether to allow the NSA to spy. The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life. We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.

That ReformGovernmentSurveillance.com site is the one launched by a bunch of the biggest internet companies, so it's good to see these researchers and technologists lining up behind that effort as well.

One of the things that's been glaring about all of the investigations and panels and research into these programs is that they almost always leave out actual technologists, and especially leave out security experts. That seems like a big weakness, and now those security researchers are speaking out anyway. At some point, the politicians backing these programs are going to have to realize that almost no one who actually understands this stuff thinks what they're doing is the right way to go about this.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, cryptography, nsa, security, security researchers, surveillance

26 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

This comment has been flagged by the community. Click here to show it

Anonymous Coward, 24 Jan 2014 @ 2:55pm

"Indiscriminate collection, storage, and processing of unprecedented amounts of personal information chill free speech and invite many types of abuse, ranging from mission creep to identity theft."

wow, then Facebook and Google are screwed !!!

ok, I can understand 'identity theft', but "mission creep" ?
of course, time being in one direction every day is "unprecedented", because of the amount of data that is around.

"security researchers" ???? really...

Lets all compare the amount of identity theft as a result of Facebook, to the amount as a result of NSA.
[ link to this | view in chronology ]
- John Fenderson (profile), 24 Jan 2014 @ 3:53pm
  
  Re:
  Bringing the like of Facebook, Google, and the like into the discussion about the NSA (et al) is meaningless, and a distraction from the effort to fix the "NSA problem". People can make an informed choice about using the various social media sites. They cannot about the NSA. Therefor, the NSA is the bigger problem.
  [ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

Anonymous Coward, 24 Jan 2014 @ 3:00pm

"The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users."

so Google and Facebook, are "intrinsically secure" in their own right?
[ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 5:22pm
  
  Re:
  "so Google and Facebook, are "intrinsically secure" in their own right?"
  
  Of course not, and that's the point. Google and Facebook have been repeatedly demonstrated to be "vulnerable to attack".
  [ link to this | view in chronology ]
- Anonymous Coward, 25 Jan 2014 @ 12:41am
  
  Re:
  Imagine if someone targeted Visa and Mastercard using these weaknesses in the cryptography algorithms, and escaped with many millions of dollars.
  
  This is a startlingly plausible scenario, given the NSA revelations.
  [ link to this | view in chronology ]
NAProtector, 24 Jan 2014 @ 3:06pm

Sad Part
The sad thing about this is it will probably go ignored because they are computer techs and not politicians.

Like techs telling their boss that there should be an off site backup of systems and the boss tells them to just back it up on the main server because its convient and cheaper and to make sure all users are admins.
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

out_of_the_blue, 24 Jan 2014 @ 3:13pm

So where's ReformCorporateSurveillance.com?
Because without closing ALL the doors, closing NSA's (few and vaguely justifiable) backdoors is meaningless.

By the way, Mike, YOU ARE THE CUT-AND-PASTIEST BLOGGER EVER! Can't you LINK instead of blockquoting more than you write? It appears that you want a lot of text without doing the labor.
Can Mike pass the Turing Test? Is he human or Mimeograph? Well, just try to pin him down on any point more complex than what he had for lunch! That's one of the sports here.

11:12:53[m-145-8]
[ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2014 @ 3:18pm

It seems NSA's psy ops are in full take over mode, Mike. You might want to do some comment clean-up.
[ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 3:32pm
  
  Re:
  I am amazed at the dedication though. It reminds me of religious fanatics. A dedication so powerful that it has created its own truth that logic and common sense cannot defeat. I am glad there is a report button though.
  [ link to this | view in chronology ]
  - PRMan, 26 Jan 2014 @ 7:59pm
    
    Re: Re:
    Religious fanatics typically get their truth from other sources like the Bible, books that billions of people over the centuries have found value in...
    
    OOTB is a truly unique case...
    [ link to this | view in chronology ]
Applesauce, 24 Jan 2014 @ 3:40pm

NSA the enemy of security
I'll make the point once again:
NSA, by inserting backdoors in everything they can, has willfully and materially damaged (perhaps catastrophically) the USA's information security infrastructure.
How is this not criminal?
[ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2014 @ 3:49pm

many tnx for the explanation guys but if you think for one second that Obama is going to take any notice, you're in cloud cuckoo land. and as for the NSA and it's proponents, their isn't a hope in hell! their main aim is to be able to track every single person, everywhere, every second and know exactly who they meet, talk to or message, both on and off line. the fact that this unrealistic and completely short sighted attitude is not only going to screw the internet further, it's going to fuck them up completely, seems to be irrelevant to them, just as it will probably mean they wont be able to track anyone, anywhere again. that will make things so much better for the people!

if you can understand the mentality here, please go ahead and explain. i am sure there will be a captive audience!
[ link to this | view in chronology ]
Beta (profile), 24 Jan 2014 @ 4:14pm

going off-message
"One of the things that's been glaring about all of the investigations and panels and research into these programs is that they almost always leave out actual technologists, and especially leave out security experts."

Remember what happened when they let Richard Feynman onto the Rogers Commission, investigating the Challenger disaster? One physicist on a panel full of astronauts and military brass, and he went and got to the bottom of things ("Feynman is becoming a real pain."). Ill say this much for politicians, they sometimes learn from really embarassing mistakes.
[ link to this | view in chronology ]
- Anonymous Coward, 24 Jan 2014 @ 8:14pm
  
  Re: going off-message
  Wasn't his little demonstration with his glass of icy water the best public scientific chastising ever ?
  
  I'm glad you got me to recall that awesome moment !
  
  Thanks ! :)
  [ link to this | view in chronology ]
krolork (profile), 24 Jan 2014 @ 4:22pm

We need a revolution.
[ link to this | view in chronology ]
- Anonymous Coward, 25 Jan 2014 @ 3:57am
  
  Re:
  Be careful what you wish for. Stalin, Mao and Pol Pot amongst others were revolutionary leaders. The hazard with a revolution is it can replace bad with worse, and things may not improve for a generation or more when a counter revolution becomes possible. The wrong people coming to power now in the US would gain the tools to make 1984 look like an utopia.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 27 Jan 2014 @ 8:13am
    
    Re: Re:
    This. Revolutions are much more likely to result in a worse situation than a better one.
    [ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2014 @ 4:38pm

i hope it's remembered that 3rd party companies and industries were in at the beginning of this surveillance crap and the main aim was supposedly to catch people sharing music and movie files. just think about the way that a government and it's security agencies can search through all the data, legally, when it's collected by these 3rd parties. they hand it over in return, again supposedly, for bringing in legislation that allows file sharers to be prosecuted, bankrupted and imprisoned. it doesn't stop the file sharing, it doesn't increase the earnings of the actors or musicians and it doesn't do the industries any good either. it sure as hell has never bankrupted any artists or musicians but it has certainly ruined the lives of ordinary people as well as costing the lives of some! and that is the society that these industries have developed, all in the name of stopping people from doing what they want with something they've bought! things are going great in what's supposed to be the best nation on the planet! i guess that depends which side of the fence you're at!
[ link to this | view in chronology ]
Miles., 24 Jan 2014 @ 4:51pm

"We encourage..."

I can dream, but no corrective action will be taken.
[ link to this | view in chronology ]
Anonymous Coward, 24 Jan 2014 @ 5:48pm

If some kind of law passes that stops mass surveillance it needs to absolute with no "I agree to terms of privacy invasion" I don't use google or facebook products but those cockroaches are in every corner of the web waiting to catch the crumbs. no means no data rapists.
[ link to this | view in chronology ]
Jay (profile), 24 Jan 2014 @ 7:30pm

Let's think about this...
At some point, the politicians backing these programs are going to have to realize that almost no one who actually understands this stuff thinks what they're doing is the right way to go about this.

I just want us to be clear on this...

President Obama takes a LONG time listening to a known liar that tries to make him look small and poorly informed. And yet, when people are telling the president that they want to inform him and make him smarter on how to make things better, he brushes them off.

What kind of priorities does this man have?
[ link to this | view in chronology ]
Mike Gale (profile), 25 Jan 2014 @ 2:08pm

Taxpayer funding doing the opposite of what you'd expect?
I expect taxpayer funded effort to be actively trying to help taxpayers.

To me that means identifying problems, proactively working to fix those problems.

This is the opposite of some of what's happening.

It's been going on at least since they got as close to killing Zimmerman, for inventing PGP, as they dared.

I don't believe government cryptographers have such a defeatist attitude that they want to prevent cryptography. So who made these decisions?
[ link to this | view in chronology ]
Brian Dell, 25 Jan 2014 @ 2:20pm

How about talking about the Montevideo Statement, Mike?
You guys realize what Techdirt has been pushing? The Balkanization of the Internet, and ultimately less freedom of access for millions around the world.
Masnick has never mentioned the Montevideo Statement to my recollection which "warned against Internet fragmentation at a national level [and] expressed strong concern over the undermining of the trust and confidence of Internet users globally due to [Snowden's] revelations"

Andrei Soldatov, who has been documenting Russian censorship, has pointed out that:
"For journalists, human rights activists, and ordinary people, Snowden became a hero, eclipsing WikiLeaks founder Julian Assange. But in Russia, unfortunately, Snowden�s revelations led mainly to negative consequences. ...
Snowden strengthened Russia�s position in the struggle to regulate the �global� Internet...
For instance, the idea of placing global services under the control of the authorities is now supported in Germany. Such initiatives will not bring any benefit to users: in general, the creation of artificial borders will lead to the so-called Balkanization of the Internet, destroying the originally free structure of the exchange of information on the Internet and restricting the possibility of free access to information."

This is the same Soldatov who has objected to the #SnowdenOp by objecting to the propaganda put out by Snowden's Russian lawyer in particular:
"[Soldatov] said Kucherena's statements about concerns for Snowden's safety do not hold water.
'We are all perfectly aware that Snowden, who has just received asylum, does not face any danger in Russia, Soldatov said. 'American intelligence does not kidnap or assassinate people in Russia, that's a fact. This is a just a pretext.'"

But what has Masnick been doing? Hyping up the assassination threat to the point the Kremlin should give him a medal!
[ link to this | view in chronology ]
- Pragmatic, 27 Jan 2014 @ 6:32am
  
  Re: How about talking about the Montevideo Statement, Mike?
  I call bullshit:
  
  http://www.techdirt.com/search-g.php?num=20&q=Montevideo+Statement+on+the+Future+of+Int ernet+Cooperation&search=Search
  
  http://www.techdirt.com/search-g.php?q=balkanisation+of+the+inter net
  [ link to this | view in chronology ]
  - Pragmatic, 27 Jan 2014 @ 6:34am
    
    Re: Re: How about talking about the Montevideo Statement, Mike?
    Have you not noted the calls for Snowden's head and the trial by media Snowden has endured - with all the establishment figures calling him a traitor and the NSA apologists openly calling for him to be murdered?
    
    Don't waste our time. The internet never forgets.
    [ link to this | view in chronology ]
james, 26 Jan 2014 @ 7:39pm

obama
the only way to teach obama anything is with a tall tree and a short rope.
[ link to this | view in chronology ]