Feds Beg NY Times, Pro Publica Not To Reveal That They've Inserted Backdoors Into Internet Encryption

from the too-fucking-bad dept

We already wrote about the latest reports coming out of the Snowden leaks, concerning how the NSA and GCHQ have effectively backdoored their way into breaking various encryption schemes by writing the standards themselves and recruiting internal spies within companies to covertly inject backdoors. The reporting on these documents was done jointly by The Guardian, the NY Times and Pro Publica. However, the NY Times coverage has one interesting tidbit not in the Guardian:
Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.
Pro Publica, for its part, put up a thorough and detailed explanation for why it chose to publish the story, which is well worth reading:
The story, we believe, is an important one. It shows that the expectations of millions of Internet users regarding the privacy of their electronic communications are mistaken. These expectations guide the practices of private individuals and businesses, most of them innocent of any wrongdoing. The potential for abuse of such extraordinary capabilities for surveillance, including for political purposes, is considerable. The government insists it has put in place checks and balances to limit misuses of this technology. But the question of whether they are effective is far from resolved and is an issue that can only be debated by the people and their elected representatives if the basic facts are revealed.
This is true in so many ways. As the NY Times report notes, there had been a public debate about all of this in the 90s, when there was the big fight over the Clipper Chip, an NSA-created form of encryption with backdoors. That fight ended with the NSA losing... and now it appears that they just ignored that and effectively spent the past few decades doing the same exact thing, but in secret. That deserves public exposure and discussion.

Pro Publica points out that this country is founded on a fundamental belief that you can't just "trust" the government, and yet the government is asking us to do exactly that here, as they prove time and time again not to be credible or worthy of trust.
There are those who, in good faith, believe that we should leave the balance between civil liberty and security entirely to our elected leaders, and to those they place in positions of executive responsibility. Again, we do not agree. The American system, as we understand it, is premised on the idea -- championed by such men as Thomas Jefferson and James Madison -- that government run amok poses the greatest potential threat to the people’s liberty, and that an informed citizenry is the necessary check on this threat. The sort of work ProPublica does -- watchdog journalism -- is a key element in helping the public play this role.

American history is replete with examples of the dangers of unchecked power operating in secret. Richard Nixon, for instance, was twice elected president of this country. He tried to subvert law enforcement, intelligence and other agencies for political purposes, and was more than willing to violate laws in the process. Such a person could come to power again. We need a system that can withstand such challenges. That system requires public knowledge of the power the government possesses. Today’s story is a step in that direction.
Kudos to all three publications for taking this step. It's unfortunate that they need to do this, but it's a sad statement on the way the US and UK governments have acted.

Update: The Guardian also mentions that intelligence officials asked them not to publish.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Michael, Sep 5th, 2013 @ 1:31pm

    Such a person could come to power again

    could?

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Guardian, Sep 5th, 2013 @ 1:38pm

    Such a person could come to power again

    DID...the NSA head....

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Sep 5th, 2013 @ 1:46pm

    "The news organizations removed some specific facts" which is a pity as those specific facts were likely exactly which encryption schemes had been broken, or had had backdoors placed into them, or what companies had been infiltrated.

    In other words the sort of details required to circumvent encryption broken or compromised by the NSA.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Sep 5th, 2013 @ 1:47pm

    Re:

    I was just about to post exactly this...more like "did"...and he oddly remains unnamed in the PP article...

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Coogan (profile), Sep 5th, 2013 @ 1:48pm

    The government insists it has put in place checks and balances to limit misuses of this technology.

    I was under the impression we already had checks and balances in place against government abuses of power: the fucking United States Constitution

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Sep 5th, 2013 @ 1:54pm

    Oh boy. Right... Again. Let x = x

    SSL probably fell first, since the FBI and NSA have been after that forever. VPN, probably, followed. IPSeclolzwegotu.

    I wouldn't go so far as to say encryption is a waste of time, but trying to hide anything might be.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Sep 5th, 2013 @ 1:56pm

    Re:

    The funny thing is that with the increase in electronic medical record systems, the NSA is probably technically violating HIPAA on a routine basis.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Guardian, Sep 5th, 2013 @ 1:57pm

    @everyone above

    THINK TOR.....im not saying anything what i actually know....and whom told me and the proof...that lets a cat out fo the bag shall we say....

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Internet Zen Master (profile), Sep 5th, 2013 @ 2:05pm

    Feds

    You do realize you're trying to convince the paper who broke the fucking PENTAGON PAPERS not to run with a big, juicy, earth-shaking revelation like the fact that the NSA's directly tapped into the fucking Internet and is breaking encryption codes with programs like Project BullRun?

    Seriously, how STUPID are you people?

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    That One Guy (profile), Sep 5th, 2013 @ 2:17pm

    Re: Feds

    Not so much stupid, as arrogant, they're so used to the mainstream press dancing to their tune by publishing what they want them to, and avoiding what they don't want publicized in exchange for 'exclusives' like interviews that they were probably honestly shocked when a paper told them 'No'.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    John Fenderson (profile), Sep 5th, 2013 @ 2:23pm

    Re:

    "VPN" is not an encryption scheme -- it uses one or more encryption schemes. Which one(s) a particular VPN uses depends on the VPN. In theory, it would be possible to choose one that isn't backdoored, if you can reliably determine which ones are safe.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    John Fenderson (profile), Sep 5th, 2013 @ 2:24pm

    Re: Re:

    No, they're not. HIPAA applies to specific businesses. The NSA is not one of those specific businesses.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Sep 5th, 2013 @ 2:29pm

    Could?

    "Richard Nixon, for instance, was twice elected president of this country. He tried to subvert law enforcement, intelligence and other agencies for political purposes, and was more than willing to violate laws in the process. Such a person could come to power again."

    Does Slowpoke (the Pokemon) write for ProPublica now?

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    gorehound (profile), Sep 5th, 2013 @ 2:45pm

    Re: Feds

    Maybe they know we do nothing but submit ! Maybe it is time to March with many people on Washington !

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Sep 5th, 2013 @ 3:10pm

    i find it strange that the UK government, being in bed and 'on the bottom' with the USA has as yet not been summoned to explain it's actions to the EU. instead, everything that the USG seems to be slowing down, if not stopping, the UKG is picking up the pace. that is as worrying as what the USG has already done. even the so called 'inspection' of GCHQ was said to be 'not breaking the law'. if anyone believes that, they are as stupid as those putting out the bullshit information! the UKG are as far into this as the USG. they are willing partners to the mass surveillance and need to be as screwed over it as the USG does. there isn't that long to go before the next UK election. with the monumental fuck up the government has made of the economy, the number of people and families that have been pushed below the poverty line in the UK, while the already rich just kept on as if nothing had happened, the Conservatives could easily find themselves in deep, deep shit!!

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Sep 5th, 2013 @ 3:12pm

    "Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men."

    -Sir John Dalberg-Acton (10 January 1834 19 June 1902)


    Why does it seem like all the wise men and women, were alive before I was born. It seems like all we're left with is absolute morons in this day and age.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous, Sep 5th, 2013 @ 3:30pm

    Re:

    And how's that been working out for us lately?

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    Internet Zen Master (profile), Sep 5th, 2013 @ 3:33pm

    Re: Re: Feds

    Perhaps, but I'm sticking with stupid here because of one thing:

    The NYT has access to the Snowden Documents, which are looking more and more like they're going to be the biggest scandal since Watergate/Pentagon Papers. The paper knows that they're literally sitting on a goldmine here, and so do the Feds, who are rightly terrified about it. A "fourth estate" that doesn't answer to the government's beck and call is a dangerous opponent. Especially when the paper is immune to the government's threats (thanks to New York Times Co. v. the United States [1971]).

    Best part: smaller, local papers tend to run the stories published by the NYT, so there's a good chance we might see this popping up in the physical paper come Friday morning.

    As the Zen Master says, "We'll see."

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    BentFranklin (profile), Sep 5th, 2013 @ 4:03pm

    "...recruiting internal spies within companies to covertly inject backdoors..."

    This. I've always assumed this is the easiest way. Just pay someone to leave in a bug.

    Anyone think this could happen in voting machine software?

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Sep 5th, 2013 @ 4:52pm

    Re:

    Having read through the NYT article only once so far, I am left with the impression that a cryptographer could decipher the method by which the NSA circumvented message confidentiality.

    For example, from this:

    "Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology..."

    NIST, conveniently, has a timeline for it's standards.
    http://www.nist.gov/itl/history-timeline.cfm

    However, the single one approved in 2006 is specific to the government or government contractors so it is not the general breakthrough the NSA has touted. It also points out that the algorithms are public and some independent cryptographer is going to find a planted weakness sooner or later.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Digitari, Sep 5th, 2013 @ 4:56pm

    Re:

    Erm.. I always thought that voting machine software WAS a bug. Silly me. :)

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Sep 5th, 2013 @ 5:06pm

    I had a couple of thoughts inspired by the NYT article. From the stuxnet incident, two certificates, used for signing code, were mysteriously acquired and had been utilized to install the stuxnet code. This might be one of the paths under the Bullrun program. The other was talked about by Ken Thompson (designer of Unix) back in 1983 in his paper "Reflections on Trusting Trust". I think I will go re-read that. I recommend it to anyone.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Andrew Lee, Sep 5th, 2013 @ 6:34pm

    2008 - 2012 I'd call bullshit on this and tell them they're being overly paranoid.

    2013 - I'm sitting here right now thinking this is no surprise. That said, the feeling this gives me is unique like no other. It's an combination of shame, sadness, disbelief, anger, helplessness, confusion, disgust, and fear. It's the children who will pay for our government turning commie on us because at some point down the road we'll have no freedom left.

    I am glad I have no kids and really I'd never bring one into this fucked up country. Don't get me wrong I fucking love the USA and what it's supposed to stand for. There was a lot of of bloodshed to get us here and it's down right offensive to think they're destroying everything we fought so hard for.

    Those pioneers laid their fucking lives down so we could be free and prosper and this is how we repay them?

    I don't have faith in humanity anymore, and at the rate we're going we'll be lucky to make it to the year 2250 without exterminating ourselves.

    :(

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    FM Hilton, Sep 5th, 2013 @ 7:00pm

    About time

    That the NY Times stood up for what they used to believe in: journalistic integrity.

    The government actually believes that just because they asked the Times nicely to not print these things that the Times will cower?

    I should hope to high heaven not.

    They're finally getting their groove back. Maybe it's still not too late.

    But I wonder if it isn't anyway. After all, the government's been getting away with it for all these years and now they're outraged that we're outraged?

    Silly us for believing that we could trust them.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous, Sep 5th, 2013 @ 7:12pm

    Re: About time

    We can try to understand the New York Times' effect on man.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Joey, Sep 5th, 2013 @ 9:53pm

    A note of question

    Why focus specifically on Nixon? Other presidents and politicians have done the same. Nonetheless, I applaud the watchdog nature of these publications.

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    HappyBlogFriend (profile), Sep 5th, 2013 @ 10:18pm

    Guardian...! New York Times...! ProPublica...! EVILDOERS BEWARE! They cannot be stopped! Together they form the hero known as... Free Press Man!

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Nunya, Sep 5th, 2013 @ 10:44pm

    Because Nixon is so relevant to today's current crop of internet kids... how about using someone who is actively subverting the Rule of Law right now. Like Obama and his administration.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Sep 5th, 2013 @ 11:32pm

    Re:

    I think you spelled 2050 wrong.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Andrew, Sep 5th, 2013 @ 11:52pm

    Response to: BentFranklin on Sep 5th, 2013 @ 4:03pm

    Does it matter?

     

    reply to this | link to this | view in thread ]

  31.  
    icon
    Bergman (profile), Sep 6th, 2013 @ 5:06am

    Re:

    Did. Obama.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Guardian, Sep 6th, 2013 @ 5:19am

    hrm medical records??????????

    is someone with a hernia a terrorist threat now?

    what kind a fucking bullshit is that , and it shows how fucking out of control they are...how much they are violating my own nations extreme privacy laws especially in regards to health care.

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Guardian, Sep 6th, 2013 @ 5:20am

    @24

    well if the new york times stood up for journalism then we would know what is and is not vulnerable ....

    thanks for creating panic....

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    kitsune361, Sep 6th, 2013 @ 7:12am

    Re:

    The most common key exchange method for VPNs (and WPA Enterprise wireless), MSCHAPv2, is laughable weakness that was outed last year in a presentation at Defcon last year by Moxie Marlinspike. (see: https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ )

    It would not surprise me in the slightest if such an obvious flaw as this (srsly, read the blog post) would be intentional.

     

    reply to this | link to this | view in thread ]

  35.  
    icon
    crade (profile), Sep 6th, 2013 @ 7:37am

    Re: Re:

    Obama, Bush, Clinton, Bush, Reagan, Carter, Ford, Nixen..
    Your in denial if you think switching presidents again is going to solve any problems. The problems are obviously somewhere that does not get cleaned up after an election.

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    Anonymous Coward, Sep 6th, 2013 @ 7:37am

    Re:

    Because Obama is a current president, and it's easy to paint opposition and criticism of him as politically charged/bent. A year ago, wouldn't you have let your eyes glaze over any time someone started talking about Obama's wrongdoing and how bad he is? All because there's been so much ridiculous mudslinging that you can't discern legitimate concerns from all that noise?

     

    reply to this | link to this | view in thread ]

  37.  
    icon
    crade (profile), Sep 6th, 2013 @ 7:40am

    Re:

    Unfortunately It's only words with no teeth.. They should have attached some bronze golem that awakens and comes out to kick people's asses when needed.

     

    reply to this | link to this | view in thread ]

  38.  
    icon
    crade (profile), Sep 6th, 2013 @ 7:46am

    Re: @everyone above

    Considering TOR's open source.. It would be pretty impressive to hide a backdoor in it well enough that no one would find it right away :)

     

    reply to this | link to this | view in thread ]

  39.  
    icon
    hybridpollo (profile), Sep 6th, 2013 @ 10:39am

    Re:

    Damn, that's the exact way I feel. I have lost an incredible amount of faith and respect for the US Govt and the clowns running it while those officials who strive for a better state of the entire country get shoved aside as outcasts in Washington while we are left with these people who I would not trust running my local subway with.

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    anon, Sep 6th, 2013 @ 11:10am

    Don't forget

    That Nixon was the only president that resigned, and only did so because he was going to be impeached. Maybe this is a subliminal message that other politicians need to be impeached...

     

    reply to this | link to this | view in thread ]

  41.  
    icon
    beltorak (profile), Sep 6th, 2013 @ 12:59pm

    Re: Re:

    well it was supposed to have teeth in the form of the 4th box backed by the 2nd amendment.... the reality is that a firehose wins against a squirt gun every time.

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    Twirrim, Sep 6th, 2013 @ 4:33pm

    The missed point?

    Interesting that the article only looks at the government perspective of this.

    What should be of similar concern, even if we take the naive route of trusting the government, is that if the weakness is there someone else very malicious might have discovered it and might be exploiting it; including the very types of people they're supposed to be protecting the nation from. It's arrogant and stupid at best to believe you're the only entity who'll be able to exploit it.

    In seeking to achieve surveilance capabilities, they've exposed billions of people to untold risk.

     

    reply to this | link to this | view in thread ]

  43.  
    identicon
    anonyguest, Sep 7th, 2013 @ 11:31am

    tor

    tor is not anonymous

     

    reply to this | link to this | view in thread ]

  44.  
    identicon
    anonyguest, Sep 7th, 2013 @ 11:34am

    voting

    anyone thinking this hasnt been implemented yet, is a fool

     

    reply to this | link to this | view in thread ]

  45.  
    identicon
    ricky, Sep 7th, 2013 @ 12:41pm

    Re: Re: @everyone above

    About TOR: might the OP be refering to the roumor I heard that the NSA has TOR exit nodes of their own?

     

    reply to this | link to this | view in thread ]

  46.  
    identicon
    Jeffrey Tatum, Sep 7th, 2013 @ 4:34pm

    The "but we have to keep you safe!" argument ought to be treated with the utmost derision.

    If you resort to such it is an indicator you are not being serious. If you say "it is all about your safety, citizen, and we cannot speak of why", then you immediately lose the debate.

     

    reply to this | link to this | view in thread ]

  47.  
    identicon
    john kabbi, Sep 9th, 2013 @ 12:40am

    best thing to do ....

    best thing to do ? do not use any US company's services.

     

    reply to this | link to this | view in thread ]

  48.  
    identicon
    anonymous crank, Sep 9th, 2013 @ 6:57pm

    Sorry Comrade

    That is an unfunded mandate. Don't like it, take it up with the guys with the SMGs at the MIRV launch sites.

     

    reply to this | link to this | view in thread ]

  49.  
    identicon
    Joe2, Sep 9th, 2013 @ 7:01pm

    Re:

    As many women can testify, Labour is painful!

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This