Johns Hopkins Tells Security Researcher To Remove Blog Post About NSA Encryption Attacks From University Server
from the now-take-a-look dept
Last week, a great blog post by cryptographer and research professor Matthew Green was posted, providing some fantastic details about the likely attack vectors by the NSA to compromise encryption schemes. It’s a well written and detailed piece from someone who clearly knows what he’s talking about. Oh, and it kicks off with an amusing story about how the reporters working on the “NSA builds backdoors into encryption” story had contacted him for comments and, because they didn’t reveal too many details, he was concerned about coming off as too paranoid or too much of a “crank.” However, after the details came out, he realized he “wasn’t cranky enough.”
Oddness aside it was a fun (if brief) set of conversations, mostly involving hypotheticals. If the NSA could do this, how might they do it? What would the impact be? I admit that at this point one of my biggest concerns was to avoid coming off like a crank. After all, if I got quoted sounding too much like an NSA conspiracy nut, my colleagues would laugh at me. Then I might not get invited to the cool security parties.
All of this is a long way of saying that I was totally unprepared for today’s bombshell revelations describing the NSA’s efforts to defeat encryption. Not only does the worst possible hypothetical I discussed appear to be true, but it’s true on a scale I couldn’t even imagine. I’m no longer the crank. I wasn’t even close to cranky enough.
He then goes on to explain where the most probable attacks are coming from and what we should be most worried about and what’s likely still safe. I had hoped to write up something about the post in general, but today something new came up. Green noted that the Dean where he teaches, at Johns Hopkins, had asked him to remove the blog post from the university’s servers. The blog post was cross-posted both to a blog on the university’s servers, as well as to Green’s personal blog on Blogger. The personal blog post is still up (and now about to get that much more attention for the takedown). He also notes that this “isn’t my Dean’s fault” though plenty of folks are curious whose fault it might be. For what it’s worth, it appears that Hopkins has a close relationship with the NSA, and the school really isn’t that far from the NSA’s headquarters.
Either way, for a whole variety of reasons, demanding the blog post be taken down seems fairly pointless. Not only will it draw much more attention to the original post, it now creates additional scrutiny towards Johns Hopkins as to why it’s stifling the speech of one of its professors on a key topic of public interest.
Filed Under: censorship, cryptography, encryption, matthew green, nsa, nsa surveillance
Companies: johns hopkins
Comments on “Johns Hopkins Tells Security Researcher To Remove Blog Post About NSA Encryption Attacks From University Server”
Who’s to say that the NSA didn’t force financial leverage on Johns Hopkins?
I mean, given the revelations thus far, I wouldn’t put it past those rat bastards.
“Financial” nothing. After what we’ve learned, they might have the dean’s kids in a cell somewhere.
I think we’ve passed the point where there is something – some “red line” – that the NSA will not cross. Torture? Natch. Blackmail? You bet. Setting up a fatal “accident”? Almost certainly.
Our government has declared all of us the enemy.
There’s a whole lot of Secret Squirel Stuff going on at the Hop. It also has a ton of International faculty/students. This could get interesting.
Re: Not surprised
To the NSA, “International faculty/students” is code for “TERRORISTS!!!!” And “blogger” is code for “LITERATE TERRORISTS!!!”
Re: Re: Not surprised
They got that memo long ago.
At a glance, it looks like John Hopkins has NSA-sponsored programs that are pretty much training for future cyber-security employees (read: future NSA n00bs). I guess the NSA probably politely asked Hopkins to have their prof take down a blog post that would make hiring new recruits even more difficult. I doubt the NSA wants a repeat of what happened the last time they went out recruiting at a college on a campus that is a hell of a lot closer to home.
Of course, that’s just me making a harmless speculative guess. It would be interesting to find out the real reason though, if it’s ever revealed.
As the Zen Master says, “We’ll see.”
Don’t you already have a fairly complete dossier on the keywords “Streisand AND Effect”?
If so, please study ‘correlation and cause’ whilst holding up a hand mirror to your face.
NSA appears to be trying to bury everybody else head in the sand to make their revealed secrets secret again!
Ah the Streisand effect...
They just never will learn, will they?
All hail the "conspiracy kooks" who turned out to be RIGHT.
The tide is slightly turning, but took real courage before to go against the masses of placid dolts who just couldn’t believe that the gov’t is actively evil.
I’m not bragging personally because not one who’s done the work of publicizing info over the last three or so decades, but now clear that it’s almost impossible to be “cranky enough” with regard to the surveillance state. It has nearly unlimited money with which to buy research and people.
But I’m confident that what I believe about Facebook and Google as actual components of the NSA will soon be proven. That’s one of the items they really wish to protect, because gives the illusion of not only separation between gov’t and corporations, but that there’s some varied interests in the society, instead of all under ONE over-arching conspiracy.
Spying is the main ‘business model’ of the internet, especially for Google and Facebook.
Re: All hail the "conspiracy kooks" who turned out to be RIGHT.
Until the Guardian posts an article explicitly stating that Facebook and Google are actually part of the NSA (i.e. part of the government itself) and not just corporations that have been forced (to a certain extent, depending on the company involved.) to reluctantly cooperate with an intrusive government which can make their existence a living nightmare if they wanted, you are still making baseless claims.
Seriously blue, stop and think for a moment. How many people would have to know about this single giant conspiracy you keep saying exists? Thousands? Hundreds of thousands? The odds of everyone involved being able to keep their mouths shut, or no information leaking out onto the web, are very, very low.
Re: Re: All hail the "conspiracy kooks" who turned out to be RIGHT.
Hey, I’ve ALWAYS kept my mouth shut about how the ‘G’ in ‘USG’ stood for Goog….oh crap.
Re: All hail the "conspiracy kooks" who turned out to be RIGHT.
Can you explain for us just why you’re so worried about Google and Facebook? Why it is that you focus so much of your attention and the thrust of your comments towards them? Yes, we know Google and Facebook collect massive amounts of information, information that is WILLINGLY given to them by their users. No-one is worried about what those two corporations can do. They don’t have police. They don’t have prisons.
The government does. The government is who is demanding all this information, and will then, inevitably use that information to arrest people, indeed already has what with the DEA having laundered tips they get from the NSA.
If you’re so worried about Google and Facebook having your information and then passing it along, stop using them. Look to other services. There will doubtlessly be new services within the next year or two that have as part of their marketing campaign “Not based or have any ties to the US at all! Free from NSA spying!”
Maybe also motivated by clumsy DoD site-blocking policies
Another possibility: the DoD thinks the post is ‘dangerous viewing’ for troops. So, as when they blocked access to the entire Guardian website (http://www.techdirt.com/articles/20130627/22485123649/defense-department-blocks-all-web-access-to-guardian-response-to-nsa-leaks.shtml), they will be blocking any *.jhu.edu domains that host it.
But, those same domains may include other information that the DoD/troops need (and have “paid for” in research grants and joint programs). Hence, because (like early versions of China’s firewall) their censoring tech is crude and whole domain/IP-address oriented, they pressure JHU to segregate content for troop-friendliness.
Re: Maybe also motivated by clumsy DoD site-blocking policies
Hmm, that’s an interesting possibility. Unfortunately, having necessary military information and services sharing the same domain as self hosted websites is just a bad idea.
I’m aware that different subdomains can be completely separated, but the cost of a domain name is so cheap that it’s not worth the potential trouble. The largest reason to not go with a separate domain name is shared hosting. At that point domain names are the least of the universities security troubles.
“wasn’t even close to cranky enough.”
I have similar feelings when I see conspiracy nuts come by and claim something. Then I hit them with a newspaper and go
“Whatever you just said was less crazy than what’s being confirmed as true facts right now!”
NSA: Hey, if we can’t even find evidence of terrorists in all our data to prevent the Boston Bombings then there’s NO WAY the Internet will find Matthew Green’s posts criticizing us if we make him take it off the John Hopkins server.
You would think that an agency that has already hoovered up all of MIke’s email would be familiar with the Streisand Effect.
Ahh but they haven’t read Mike’s emails, now have they?
Dean, meet Barbra
As noted elsewhere, this sort of thing often turns out to be a ham-fisted attempt at CYA by a clueless academic administrator. They never learn. At a guess, someone in the upper reaches of Johns Hopkins is worried about the NSA money spigot, and decided to preemptively lean on the Dean. No specific NSA pressure needed. And of course, it promptly blew up in their face. As both the academic and the Dean in question perhaps hoped.
The internet was formerly darpanet. It’s purpose was to link .gov to .edu together (ie: to influence academia). So this is not surprising.
To censor is never a good thing! To bury, to create secrets… Safety and security are important but here it’s very exaggerated !
I think it is very difficult for human being not being under by other people or any organization but the most important is how to adapt yourself with the new situation .I found a site which gives the better web hosting .The site is http://www.internetbizwebpage.info
Coming from a former employee of JHH, it is true, I had DOD monitor my phone when I started going through trouble with Johns Hopkins and they continue to do so. They come into my home when I’m not there and my car. I was and still am under surveillance and it’s horrible. Believe it or not, do some research under Intelligent Decision who left their pen in my home while they did God knows what. I don’t trust my home or car not alone what I eat. Work for them at your own risk. Oh yes. They also monitor your phone and internet. Signed, tired of being watched and want my life back!