Yes, The NSA Has Always Hated Encryption

from the like-kryptonite-to-spies dept

With the latest reports of the feds (both the NSA and the FBI) trying to get tech companies to cough up master encryption keys, Matt Novak of the awesome PaleoFuture blog (now a part of Gizmodo) notes that the NSA has a long history of hating civilians who use encription. While many of us lived through the crypto wars of the 90s, in which PGP was branded a weapon, and it was supposedly illegal to export it, Novak goes even further back to when the NSA flipped out about some of the early research on civilian cryptography in the 1970s:

As Jay Stowsky at UC-Berkeley notes in his 2003 paper “Secrets or Shields to Share?” the intelligence community fought tooth and nail against the private development of cryptography for computers. When the NSA got wind of the research developments at IBM, Stanford and MIT in the 1970s they scrambled to block publication of their early studies. When that didn’t work, the NSA sought to work with the civilian research community to develop the encryption. As Stowsky writes, “the agency struck a deal with IBM to develop a data encryption standard (DES) for commercial applications in return for full pre-publication review and right to regulate the length, and therefore the strength of the crypto algorithm.”

Naturally, in the Watergate era, many researchers assumed that if the U.S. government was helping to develop the locks that they would surely give themselves the keys, effectively negating the purpose of the encryption. Unlike IBM, the researchers at Stanford and MIT didn’t go along with the standard and developed their own encryption algorithms. Their findings were published (again, against the wishes of the NSA) in the late 1970s after courts found that researchers have the right to publish on the topic of cryptography even if it makes the government uncomfortable. According to Stowsky, the NSA retaliated by trying to block further research funding that Stanford and MIT were receiving through the National Science Foundation.

Of course, imagine an internet without the kind of encryption we have today. While it still doesn’t go nearly far enough it is one of the few things that really can significantly protect some aspects of privacy. Not only that, but it’s really been key to many of the things that we now take for granted online, including e-commerce and online money transactions. Of course, if the NSA had had its way, we might not have that today — or at least it wouldn’t be nearly as trustworthy, meaning there would be a lot less of it.

Think about that every time the NSA or FBI wants master keys, backdoors or weaker encryption. They hype up the FUD about how they need this to stop extraordinarily low probability events like terrorist attacks, but allowing that technology creates tremendous innovations and benefits. When we do a basic cost-benefit analysis, the NSA is going to lose, but they’ll try to scare the crap out of people so they don’t even get a chance to realize what they’re giving up.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Yes, The NSA Has Always Hated Encryption”

Subscribe: RSS Leave a comment
out_of_the_blue says:

Why, it's getting so can't even trust Microsoft!

Verdeckte Updates: Windows-Hintert?r gef?hrdet Internetverschl?sselung

Believe basically says that Microsoft has compromised SSL.

Take a loopy tour of! You always end up same place!
When you think surveillance, think Google!

John Fenderson (profile) says:

Re: Why, it's getting so can't even trust Microsoft!

It doesn’t say Microsoft has compromised SSL. It says that Microsoft has included functionality that allows them to change the root CA without you noticing (which could allow them to compromise SSL). It’s a fine, but important, distinction.

Of course, if your concern is spying, it has been known for over a decade that you should be avoiding Windows. Microsoft loves putting in backdoors for the NSA and other spy organizations.

G Thompson (profile) says:

Re: Why, it's getting so can't even trust Microsoft!

Again… why has this comment been flagged…

It’s either a reportable comment based on community (Techdirt) guidelines and mores or ISN’T..

Guess what? If this comment above by OOTB is reportable by breaching/skirting those unwritten guidelines then every single comment over the last few years should be too..

And the tagline that OOTB puts at the end? So freakin what.. It’s rhetorical opinion and basically some stories on TD have been loopy. That’s what makes the place great

Anonymous Coward says:

Re: Re: Why, it's getting so can't even trust Microsoft!

Its been flagged because the arbitrary number of people that are required to flag the comment has been reached. If you instead mean why have these people flagged this comment, it is not the content of the comment but rather the commentator. Imaging these hypothetically unwritten guidelines, I imagine there would be a clause in there to attempt to post on topic and contribute to the discussion at hand, a clause that OOTB would have breached an excessive number of times with his rants, to the point that the community don’t believe he’s worth giving another chance.

While I don’t really agree with the sentiment of flagging the comments just cause its OOTB, I can see where the desire for it comes from.

art guerrilla (profile) says:

Re: Re: Re: Why, it's getting so can't even trust Microsoft!

you will not find anyone against censorship more than i am; HOWEVER, OOTB has EARNED his auto-reporting over many, many, many slimy posts… i don’t agree with it, but he has no one to blame but himself for pissing off a large portion of the community repeatedly…

his signal to noise ratio is not worth the effort…

(oh, and i do call this a form of censorship, albeit about as inoffensive as can be imagined…)

i like the commenting/reporting system at slashdot, which not only downgrades the obvious trolls, but generally ‘rates’ the comments in a semi-fair manner, such that ALL the fluff (whether trollish, off-topic, repetitive, or simply stupid) can be ‘hidden’ if that is how you set your level of surfing slashdot…

art guerrilla
aka ann archy

Anonymous Coward says:

In the MMORPG reallife tech tree, encryption comes in the root of a lot of things.

Without it, you wouldn’t be able to do banking online, have virtual offices, telemedicine, privacy, private conversations, secure cars, secure medical equipment and implants.

Although terrorism and in general extremism of any kind(e.g.: religious, nationalistic, racial, etc) can and from time to time causes loss of life, if compared to what tech enables and how much lifes it saves and secure, there is just no contest to the benefits it brings against the bad it could cause and mostly is because most people are not after others, most people just want to live their lifes in peace.

Josh in CharlotteNC (profile) says:

Re: Re:

Barring the mythical and non-existant quantum computers or a serious breakthrough in factoring mind bogglingly large numbers, brute forcing a modern encryption scheme is not possible. What the NSA (or other people breaking encryption systems like DRM) rely on to break encryption schemes are flaws in how keys are managed or generated, attacks that depend on knowing what parts of the message already are, and other flaws that turn what is supposed to be a completely random encrypted message into something that is predictable instead of random.

Ninja (profile) says:

Amusingly by promoting and engaging in mass surveillance they are making people push for encryption standards and strengths that are much harder to crack. That along with anonymizing alternatives will breed very fertile grounds for criminals to work with very few hassles.

Why instead not do the very basic, narrowly focused investigative work in the first place? No encryption tool can prevent such work from uncovering the truth.

Hephaestus (profile) says:

“They hype up the FUD about how they need this to stop extraordinarily low probability events like terrorist attacks”

Over a ~thirty year period (1982 to 2012) these are the likelihoods of you dying of something other than terrorism.

heart disease 17,600 times
medical error 5,882 times
car accident 1048 times
falling 404 times
drown 87 times
railway accident 13 times
accidental suffocation in bed 12 times
choke to death on your own vomit 9 times
killed by a police officer 8 times
accidental electrocution 8 times
hot weather 6 times

And my favorite

Death by lightning strike 1 times

Nicholas Weaver (profile) says:

The strange thing is, DES was NOT weakened by the NSA!

A strange coda to the story however. DES was NOT weakened by the NSA. The design’s subtle tweaks by the NSA ended up being used to counter differential cryptanalysis, and although the key length was somewhat short, it was still uncrackable at the time of development (now its crackable in a day or less).

Uriel-238 (profile) says:

Poor encryption costs lives.

When I read Why, it’s getting so can’t even trust Microsoft! I read it as sarcastic. Microsoft’s never had secure encryption as a top priority.

PFS, people. It’s the new condom.

This just reminds me that our communications should be securely encrypted long before we have need for it (say, engaging in subject matters that might be regarded as seditionary.)

Interestingly, we’re closing in on the 100th anniversary of the Zimmerman Telegram.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...