John Gilmore On How The NSA Sabotaged A Key Security Standard

from the betrayal-of-trust dept

In Bruce Schneier's uplifting call to fix the Internet in the wake of key technologies being subverted by the US government, one of the things he asks engineers to do is to come forward with detailed information about how the NSA did that:

We need to know how exactly how the NSA and other agencies are subverting routers, switches, the internet backbone, encryption technologies and cloud systems. I already have five stories from people like you, and I've just started collecting. I want 50. There's safety in numbers, and this form of civil disobedience is the moral thing to do.

Although not directly answering that call, EFF co-founder John Gilmore has written a fascinating short post about what he noticed happening on an IETF standards committee drawing up the important IPsec standard:

NSA employees participated throughout, and occupied leadership roles in the committee and among the editors of the documents

...

Every once in a while, someone not an NSA employee, but who had longstanding ties to NSA, would make a suggestion that reduced privacy or security, but which seemed to make sense when viewed by people who didn't know much about crypto.

...

The resulting standard was incredibly complicated -- so complex that every real cryptographer who tried to analyze it threw up their hands and said, "We can't even begin to evaluate its security unless you simplify it radically".

Needless to say, it was never simplified. Gilmore also reports what happened elsewhere:

In other circumstances I also found situations where NSA employees explicitly lied to standards committees, such as that for cellphone encryption, telling them that if they merely debated an actually-secure protocol, they would be violating the export control laws unless they excluded all foreigners from the room (in an international standards committee!).

Of course, this remains at the anecdotal level. But if Schneier gets his 50 NSA stories, we should start to have a much clearer picture of what the agency has been up to -- and how to stop it happening in the future.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Filed Under: backdoors, encryption, ietf, john gilmore, nsa, sabotage, standards, surveillance

The Pirate Bay To Sue Entertainment Companies For Attacks

from the could-get-interesting dept

Well, this could get interesting. Following the leak of MediaDefender's emails, the folks behind The Pirate Bay now believe they have enough evidence to sue many major entertainment firms for "infrastructural sabotage, denial of service attacks, hacking and spamming." Basically, there's evidence in the emails that a bunch of firms, including Universal, EMI, Sony, Paramount and others were using MediaDefender to try to mess with The Pirate Bay's system. Whether or not the lawsuit actually goes anywhere may depend on a lot of factors (including Swedish laws, which I am totally unfamiliar with). There may be some questions about how the emails in question were obtained. And, of course, the entertainment companies will likely counter that they were just trying to protect their own materials -- which could find a sympathetic ear in a courtroom. Either way it would be quite a lawsuit.

Filed Under: copyright, denial of service, p2p, sabotage
Companies: emi, fox, paramount, pirate bay, sony, ubisoft, universal

WTF Is Going On At NASA?

from the I-mean,-seriously... dept

NASA isn't exactly having a good few months. Following the love triangle/murder attempt/diaper driving astronaut scandal that captured the nation's attention, two reports have just come out that have people scratching their heads over what is going on at the agency formally known for taking people only with "the right stuff." First there was the report that astronauts have been drinking alcohol before flying and possibly even being drunk during launch. There's not really much of a technology angle to that, but that news was quickly followed up by a story of sabotage on a space station computer. The details aren't entirely clear, but someone at a subcontractor deliberately cut internal wires in a computer that was supposed to be sent up to the space station on the space shuttles' next mission. Apparently it wouldn't have been life-threatening -- but it would have been a nuisance. It must not be very fun to be in PR at NASA these days, but it really does make you wonder what's going on there. It didn't take the agency very long to go from a position of respect to a series of punchlines on late night talk shows.

Filed Under: astronauts, drinking, sabotage
Companies: nasa