Open Letter From Security Researchers Explains How NSA Has Weakened Our Communications Infrastructure

from the read-it dept

Among the many problems with President Obama's weak statement concerning NSA surveillance was the fact that he didn't even address the serious issue of the NSA undermining cryptography with backdoors. The White House's task force had included a recommendation to end this practice, and the President appeared to ignore it entirely. Now, a large group of US computer security and cryptography researchers have sent a strongly worded open letter to the President condemning these efforts (and his failure to stop the program).
Indiscriminate collection, storage, and processing of unprecedented amounts of personal information chill free speech and invite many types of abuse, ranging from mission creep to identity theft. These are not hypothetical problems; they have occurred many times in the past. Inserting backdoors, sabotaging standards, and tapping commercial data-center links provide bad actors, foreign and domestic, opportunities to exploit the resulting vulnerabilities.

The value of society-wide surveillance in preventing terrorism is unclear, but the threat that such surveillance poses to privacy, democracy, and the US technology sector is readily apparent. Because transparency and public consent are at the core of our democracy, we call upon the US government to subject all mass-surveillance activities to public scrutiny and to resist the deployment of mass-surveillance programs in advance of sound technical and social controls. In finding a way forward, the five principles promulgated at http://reformgovernmentsurveillance.com/ provide a good starting point.

The choice is not whether to allow the NSA to spy. The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life. We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.
That ReformGovernmentSurveillance.com site is the one launched by a bunch of the biggest internet companies, so it's good to see these researchers and technologists lining up behind that effort as well.

One of the things that's been glaring about all of the investigations and panels and research into these programs is that they almost always leave out actual technologists, and especially leave out security experts. That seems like a big weakness, and now those security researchers are speaking out anyway. At some point, the politicians backing these programs are going to have to realize that almost no one who actually understands this stuff thinks what they're doing is the right way to go about this.


Reader Comments (rss)

(Flattened / Threaded)

  1. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 2:55pm

    "Indiscriminate collection, storage, and processing of unprecedented amounts of personal information chill free speech and invite many types of abuse, ranging from mission creep to identity theft."

    wow, then Facebook and Google are screwed !!!

    ok, I can understand 'identity theft', but "mission creep" ?
    of course, time being in one direction every day is "unprecedented", because of the amount of data that is around.

    "security researchers" ???? really...

    Lets all compare the amount of identity theft as a result of Facebook, to the amount as a result of NSA.

     

    reply to this | link to this | view in thread ]

  2. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 3:00pm

    "The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users."

    so Google and Facebook, are "intrinsically secure" in their own right?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    NAProtector, Jan 24th, 2014 @ 3:06pm

    Sad Part

    The sad thing about this is it will probably go ignored because they are computer techs and not politicians.

    Like techs telling their boss that there should be an off site backup of systems and the boss tells them to just back it up on the main server because its convient and cheaper and to make sure all users are admins.

     

    reply to this | link to this | view in thread ]

  4. This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Jan 24th, 2014 @ 3:13pm

    So where's ReformCorporateSurveillance.com?

    Because without closing ALL the doors, closing NSA's (few and vaguely justifiable) backdoors is meaningless.

    By the way, Mike, YOU ARE THE CUT-AND-PASTIEST BLOGGER EVER! Can't you LINK instead of blockquoting more than you write? It appears that you want a lot of text without doing the labor.

    Can Mike pass the Turing Test? Is he human or Mimeograph? Well, just try to pin him down on any point more complex than what he had for lunch! That's one of the sports here.

    11:12:53[m-145-8]

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 3:18pm

    It seems NSA's psy ops are in full take over mode, Mike. You might want to do some comment clean-up.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 3:32pm

    Re:

    I am amazed at the dedication though. It reminds me of religious fanatics. A dedication so powerful that it has created its own truth that logic and common sense cannot defeat. I am glad there is a report button though.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Applesauce, Jan 24th, 2014 @ 3:40pm

    NSA the enemy of security

    I'll make the point once again:
    NSA, by inserting backdoors in everything they can, has willfully and materially damaged (perhaps catastrophically) the USA's information security infrastructure.
    How is this not criminal?

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 3:49pm

    many tnx for the explanation guys but if you think for one second that Obama is going to take any notice, you're in cloud cuckoo land. and as for the NSA and it's proponents, their isn't a hope in hell! their main aim is to be able to track every single person, everywhere, every second and know exactly who they meet, talk to or message, both on and off line. the fact that this unrealistic and completely short sighted attitude is not only going to screw the internet further, it's going to fuck them up completely, seems to be irrelevant to them, just as it will probably mean they wont be able to track anyone, anywhere again. that will make things so much better for the people!

    if you can understand the mentality here, please go ahead and explain. i am sure there will be a captive audience!

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    John Fenderson (profile), Jan 24th, 2014 @ 3:53pm

    Re:

    Bringing the like of Facebook, Google, and the like into the discussion about the NSA (et al) is meaningless, and a distraction from the effort to fix the "NSA problem". People can make an informed choice about using the various social media sites. They cannot about the NSA. Therefor, the NSA is the bigger problem.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Beta (profile), Jan 24th, 2014 @ 4:14pm

    going off-message

    "One of the things that's been glaring about all of the investigations and panels and research into these programs is that they almost always leave out actual technologists, and especially leave out security experts."

    Remember what happened when they let Richard Feynman onto the Rogers Commission, investigating the Challenger disaster? One physicist on a panel full of astronauts and military brass, and he went and got to the bottom of things ("Feynman is becoming a real pain."). Ill say this much for politicians, they sometimes learn from really embarassing mistakes.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    krolork (profile), Jan 24th, 2014 @ 4:22pm

    We need a revolution.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 4:38pm

    i hope it's remembered that 3rd party companies and industries were in at the beginning of this surveillance crap and the main aim was supposedly to catch people sharing music and movie files. just think about the way that a government and it's security agencies can search through all the data, legally, when it's collected by these 3rd parties. they hand it over in return, again supposedly, for bringing in legislation that allows file sharers to be prosecuted, bankrupted and imprisoned. it doesn't stop the file sharing, it doesn't increase the earnings of the actors or musicians and it doesn't do the industries any good either. it sure as hell has never bankrupted any artists or musicians but it has certainly ruined the lives of ordinary people as well as costing the lives of some! and that is the society that these industries have developed, all in the name of stopping people from doing what they want with something they've bought! things are going great in what's supposed to be the best nation on the planet! i guess that depends which side of the fence you're at!

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Miles., Jan 24th, 2014 @ 4:51pm

    "We encourage..."

    I can dream, but no corrective action will be taken.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 5:22pm

    Re:

    "so Google and Facebook, are "intrinsically secure" in their own right?"

    Of course not, and that's the point. Google and Facebook have been repeatedly demonstrated to be "vulnerable to attack".

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 5:48pm

    If some kind of law passes that stops mass surveillance it needs to absolute with no "I agree to terms of privacy invasion" I don't use google or facebook products but those cockroaches are in every corner of the web waiting to catch the crumbs. no means no data rapists.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Jay (profile), Jan 24th, 2014 @ 7:30pm

    Let's think about this...

    At some point, the politicians backing these programs are going to have to realize that almost no one who actually understands this stuff thinks what they're doing is the right way to go about this.

    I just want us to be clear on this...

    President Obama takes a LONG time listening to a known liar that tries to make him look small and poorly informed. And yet, when people are telling the president that they want to inform him and make him smarter on how to make things better, he brushes them off.

    What kind of priorities does this man have?

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Jan 24th, 2014 @ 8:14pm

    Re: going off-message

    Wasn't his little demonstration with his glass of icy water the best public scientific chastising ever ?

    I'm glad you got me to recall that awesome moment !

    Thanks ! :)

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Jan 25th, 2014 @ 12:41am

    Re:

    Imagine if someone targeted Visa and Mastercard using these weaknesses in the cryptography algorithms, and escaped with many millions of dollars.

    This is a startlingly plausible scenario, given the NSA revelations.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Jan 25th, 2014 @ 3:57am

    Re:

    Be careful what you wish for. Stalin, Mao and Pol Pot amongst others were revolutionary leaders. The hazard with a revolution is it can replace bad with worse, and things may not improve for a generation or more when a counter revolution becomes possible. The wrong people coming to power now in the US would gain the tools to make 1984 look like an utopia.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Mike Gale (profile), Jan 25th, 2014 @ 2:08pm

    Taxpayer funding doing the opposite of what you'd expect?

    I expect taxpayer funded effort to be actively trying to help taxpayers.

    To me that means identifying problems, proactively working to fix those problems.

    This is the opposite of some of what's happening.

    It's been going on at least since they got as close to killing Zimmerman, for inventing PGP, as they dared.

    I don't believe government cryptographers have such a defeatist attitude that they want to prevent cryptography. So who made these decisions?

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Brian Dell, Jan 25th, 2014 @ 2:20pm

    How about talking about the Montevideo Statement, Mike?

    You guys realize what Techdirt has been pushing? The Balkanization of the Internet, and ultimately less freedom of access for millions around the world.
    Masnick has never mentioned the Montevideo Statement to my recollection which "warned against Internet fragmentation at a national level [and] expressed strong concern over the undermining of the trust and confidence of Internet users globally due to [Snowden's] revelations"

    Andrei Soldatov, who has been documenting Russian censorship, has pointed out that:
    "For journalists, human rights activists, and ordinary people, Snowden became a hero, eclipsing WikiLeaks founder Julian Assange. But in Russia, unfortunately, Snowden’s revelations led mainly to negative consequences. ...
    Snowden strengthened Russia’s position in the struggle to regulate the “global” Internet...
    For instance, the idea of placing global services under the control of the authorities is now supported in Germany. Such initiatives will not bring any benefit to users: in general, the creation of artificial borders will lead to the so-called Balkanization of the Internet, destroying the originally free structure of the exchange of information on the Internet and restricting the possibility of free access to information."

    This is the same Soldatov who has objected to the #SnowdenOp by objecting to the propaganda put out by Snowden's Russian lawyer in particular:
    "[Soldatov] said Kucherena's statements about concerns for Snowden's safety do not hold water.
    'We are all perfectly aware that Snowden, who has just received asylum, does not face any danger in Russia, Soldatov said. 'American intelligence does not kidnap or assassinate people in Russia, that's a fact. This is a just a pretext.'"

    But what has Masnick been doing? Hyping up the assassination threat to the point the Kremlin should give him a medal!

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    james, Jan 26th, 2014 @ 7:39pm

    obama

    the only way to teach obama anything is with a tall tree and a short rope.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    PRMan, Jan 26th, 2014 @ 7:59pm

    Re: Re:

    Religious fanatics typically get their truth from other sources like the Bible, books that billions of people over the centuries have found value in...

    OOTB is a truly unique case...

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Pragmatic, Jan 27th, 2014 @ 6:34am

    Re: Re: How about talking about the Montevideo Statement, Mike?

    Have you not noted the calls for Snowden's head and the trial by media Snowden has endured - with all the establishment figures calling him a traitor and the NSA apologists openly calling for him to be murdered?

    Don't waste our time. The internet never forgets.

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    John Fenderson (profile), Jan 27th, 2014 @ 8:13am

    Re: Re:

    This. Revolutions are much more likely to result in a worse situation than a better one.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This