Open Letter From Security Researchers Explains How NSA Has Weakened Our Communications Infrastructure
from the read-it dept
Among the many problems with President Obama's weak statement concerning NSA surveillance was the fact that he didn't even address the serious issue of the NSA undermining cryptography with backdoors. The White House's task force had included a recommendation to end this practice, and the President appeared to ignore it entirely. Now, a large group of US computer security and cryptography researchers have sent a strongly worded open letter to the President condemning these efforts (and his failure to stop the program).Indiscriminate collection, storage, and processing of unprecedented amounts of personal information chill free speech and invite many types of abuse, ranging from mission creep to identity theft. These are not hypothetical problems; they have occurred many times in the past. Inserting backdoors, sabotaging standards, and tapping commercial data-center links provide bad actors, foreign and domestic, opportunities to exploit the resulting vulnerabilities.That ReformGovernmentSurveillance.com site is the one launched by a bunch of the biggest internet companies, so it's good to see these researchers and technologists lining up behind that effort as well.
The value of society-wide surveillance in preventing terrorism is unclear, but the threat that such surveillance poses to privacy, democracy, and the US technology sector is readily apparent. Because transparency and public consent are at the core of our democracy, we call upon the US government to subject all mass-surveillance activities to public scrutiny and to resist the deployment of mass-surveillance programs in advance of sound technical and social controls. In finding a way forward, the five principles promulgated at http://reformgovernmentsurveillance.com/ provide a good starting point.
The choice is not whether to allow the NSA to spy. The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life. We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.
One of the things that's been glaring about all of the investigations and panels and research into these programs is that they almost always leave out actual technologists, and especially leave out security experts. That seems like a big weakness, and now those security researchers are speaking out anyway. At some point, the politicians backing these programs are going to have to realize that almost no one who actually understands this stuff thinks what they're doing is the right way to go about this.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, cryptography, nsa, security, security researchers, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
wow, then Facebook and Google are screwed !!!
ok, I can understand 'identity theft', but "mission creep" ?
of course, time being in one direction every day is "unprecedented", because of the amount of data that is around.
"security researchers" ???? really...
Lets all compare the amount of identity theft as a result of Facebook, to the amount as a result of NSA.
[ link to this | view in thread ]
so Google and Facebook, are "intrinsically secure" in their own right?
[ link to this | view in thread ]
Sad Part
Like techs telling their boss that there should be an off site backup of systems and the boss tells them to just back it up on the main server because its convient and cheaper and to make sure all users are admins.
[ link to this | view in thread ]
So where's ReformCorporateSurveillance.com?
By the way, Mike, YOU ARE THE CUT-AND-PASTIEST BLOGGER EVER! Can't you LINK instead of blockquoting more than you write? It appears that you want a lot of text without doing the labor.
Can Mike pass the Turing Test? Is he human or Mimeograph? Well, just try to pin him down on any point more complex than what he had for lunch! That's one of the sports here.
11:12:53[m-145-8]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
NSA the enemy of security
NSA, by inserting backdoors in everything they can, has willfully and materially damaged (perhaps catastrophically) the USA's information security infrastructure.
How is this not criminal?
[ link to this | view in thread ]
if you can understand the mentality here, please go ahead and explain. i am sure there will be a captive audience!
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
going off-message
Remember what happened when they let Richard Feynman onto the Rogers Commission, investigating the Challenger disaster? One physicist on a panel full of astronauts and military brass, and he went and got to the bottom of things ("Feynman is becoming a real pain."). Ill say this much for politicians, they sometimes learn from really embarassing mistakes.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
I can dream, but no corrective action will be taken.
[ link to this | view in thread ]
Re:
Of course not, and that's the point. Google and Facebook have been repeatedly demonstrated to be "vulnerable to attack".
[ link to this | view in thread ]
[ link to this | view in thread ]
Let's think about this...
I just want us to be clear on this...
President Obama takes a LONG time listening to a known liar that tries to make him look small and poorly informed. And yet, when people are telling the president that they want to inform him and make him smarter on how to make things better, he brushes them off.
What kind of priorities does this man have?
[ link to this | view in thread ]
Re: going off-message
I'm glad you got me to recall that awesome moment !
Thanks ! :)
[ link to this | view in thread ]
Re:
This is a startlingly plausible scenario, given the NSA revelations.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Taxpayer funding doing the opposite of what you'd expect?
To me that means identifying problems, proactively working to fix those problems.
This is the opposite of some of what's happening.
It's been going on at least since they got as close to killing Zimmerman, for inventing PGP, as they dared.
I don't believe government cryptographers have such a defeatist attitude that they want to prevent cryptography. So who made these decisions?
[ link to this | view in thread ]
How about talking about the Montevideo Statement, Mike?
Masnick has never mentioned the Montevideo Statement to my recollection which "warned against Internet fragmentation at a national level [and] expressed strong concern over the undermining of the trust and confidence of Internet users globally due to [Snowden's] revelations"
Andrei Soldatov, who has been documenting Russian censorship, has pointed out that:
"For journalists, human rights activists, and ordinary people, Snowden became a hero, eclipsing WikiLeaks founder Julian Assange. But in Russia, unfortunately, Snowden’s revelations led mainly to negative consequences. ...
Snowden strengthened Russia’s position in the struggle to regulate the “global” Internet...
For instance, the idea of placing global services under the control of the authorities is now supported in Germany. Such initiatives will not bring any benefit to users: in general, the creation of artificial borders will lead to the so-called Balkanization of the Internet, destroying the originally free structure of the exchange of information on the Internet and restricting the possibility of free access to information."
This is the same Soldatov who has objected to the #SnowdenOp by objecting to the propaganda put out by Snowden's Russian lawyer in particular:
"[Soldatov] said Kucherena's statements about concerns for Snowden's safety do not hold water.
'We are all perfectly aware that Snowden, who has just received asylum, does not face any danger in Russia, Soldatov said. 'American intelligence does not kidnap or assassinate people in Russia, that's a fact. This is a just a pretext.'"
But what has Masnick been doing? Hyping up the assassination threat to the point the Kremlin should give him a medal!
[ link to this | view in thread ]
obama
[ link to this | view in thread ]
Re: Re:
OOTB is a truly unique case...
[ link to this | view in thread ]
Re: How about talking about the Montevideo Statement, Mike?
http://www.techdirt.com/search-g.php?num=20&q=Montevideo+Statement+on+the+Future+of+Int ernet+Cooperation&search=Search
http://www.techdirt.com/search-g.php?q=balkanisation+of+the+inter net
[ link to this | view in thread ]
Re: Re: How about talking about the Montevideo Statement, Mike?
Don't waste our time. The internet never forgets.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]