Johns Hopkins Tells Security Researcher To Remove Blog Post About NSA Encryption Attacks From University Server

from the now-take-a-look dept

Last week, a great blog post by cryptographer and research professor Matthew Green was posted, providing some fantastic details about the likely attack vectors by the NSA to compromise encryption schemes. It’s a well written and detailed piece from someone who clearly knows what he’s talking about. Oh, and it kicks off with an amusing story about how the reporters working on the “NSA builds backdoors into encryption” story had contacted him for comments and, because they didn’t reveal too many details, he was concerned about coming off as too paranoid or too much of a “crank.” However, after the details came out, he realized he “wasn’t cranky enough.”

Oddness aside it was a fun (if brief) set of conversations, mostly involving hypotheticals. If the NSA could do this, how might they do it? What would the impact be? I admit that at this point one of my biggest concerns was to avoid coming off like a crank. After all, if I got quoted sounding too much like an NSA conspiracy nut, my colleagues would laugh at me. Then I might not get invited to the cool security parties.

All of this is a long way of saying that I was totally unprepared for today’s bombshell revelations describing the NSA’s efforts to defeat encryption. Not only does the worst possible hypothetical I discussed appear to be true, but it’s true on a scale I couldn’t even imagine. I’m no longer the crank. I wasn’t even close to cranky enough.

He then goes on to explain where the most probable attacks are coming from and what we should be most worried about and what’s likely still safe. I had hoped to write up something about the post in general, but today something new came up. Green noted that the Dean where he teaches, at Johns Hopkins, had asked him to remove the blog post from the university’s servers. The blog post was cross-posted both to a blog on the university’s servers, as well as to Green’s personal blog on Blogger. The personal blog post is still up (and now about to get that much more attention for the takedown). He also notes that this “isn’t my Dean’s fault” though plenty of folks are curious whose fault it might be. For what it’s worth, it appears that Hopkins has a close relationship with the NSA, and the school really isn’t that far from the NSA’s headquarters.

Either way, for a whole variety of reasons, demanding the blog post be taken down seems fairly pointless. Not only will it draw much more attention to the original post, it now creates additional scrutiny towards Johns Hopkins as to why it’s stifling the speech of one of its professors on a key topic of public interest.

Filed Under: , , , , ,
Companies: johns hopkins

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Johns Hopkins Tells Security Researcher To Remove Blog Post About NSA Encryption Attacks From University Server”

Subscribe: RSS Leave a comment
PopeRatzo (profile) says:

Re: Re:

“Financial” nothing. After what we’ve learned, they might have the dean’s kids in a cell somewhere.

I think we’ve passed the point where there is something – some “red line” – that the NSA will not cross. Torture? Natch. Blackmail? You bet. Setting up a fatal “accident”? Almost certainly.

Our government has declared all of us the enemy.

Internet Zen Master (profile) says:


At a glance, it looks like John Hopkins has NSA-sponsored programs that are pretty much training for future cyber-security employees (read: future NSA n00bs). I guess the NSA probably politely asked Hopkins to have their prof take down a blog post that would make hiring new recruits even more difficult. I doubt the NSA wants a repeat of what happened the last time they went out recruiting at a college on a campus that is a hell of a lot closer to home.

Of course, that’s just me making a harmless speculative guess. It would be interesting to find out the real reason though, if it’s ever revealed.

As the Zen Master says, “We’ll see.”

out_of_the_blue says:

All hail the "conspiracy kooks" who turned out to be RIGHT.

The tide is slightly turning, but took real courage before to go against the masses of placid dolts who just couldn’t believe that the gov’t is actively evil.

I’m not bragging personally because not one who’s done the work of publicizing info over the last three or so decades, but now clear that it’s almost impossible to be “cranky enough” with regard to the surveillance state. It has nearly unlimited money with which to buy research and people.

But I’m confident that what I believe about Facebook and Google as actual components of the NSA will soon be proven. That’s one of the items they really wish to protect, because gives the illusion of not only separation between gov’t and corporations, but that there’s some varied interests in the society, instead of all under ONE over-arching conspiracy.

Spying is the main ‘business model’ of the internet, especially for Google and Facebook.

Internet Zen Master (profile) says:

Re: All hail the "conspiracy kooks" who turned out to be RIGHT.

Until the Guardian posts an article explicitly stating that Facebook and Google are actually part of the NSA (i.e. part of the government itself) and not just corporations that have been forced (to a certain extent, depending on the company involved.) to reluctantly cooperate with an intrusive government which can make their existence a living nightmare if they wanted, you are still making baseless claims.

Seriously blue, stop and think for a moment. How many people would have to know about this single giant conspiracy you keep saying exists? Thousands? Hundreds of thousands? The odds of everyone involved being able to keep their mouths shut, or no information leaking out onto the web, are very, very low.

Rikuo (profile) says:

Re: All hail the "conspiracy kooks" who turned out to be RIGHT.

Can you explain for us just why you’re so worried about Google and Facebook? Why it is that you focus so much of your attention and the thrust of your comments towards them? Yes, we know Google and Facebook collect massive amounts of information, information that is WILLINGLY given to them by their users. No-one is worried about what those two corporations can do. They don’t have police. They don’t have prisons.
The government does. The government is who is demanding all this information, and will then, inevitably use that information to arrest people, indeed already has what with the DEA having laundered tips they get from the NSA.
If you’re so worried about Google and Facebook having your information and then passing it along, stop using them. Look to other services. There will doubtlessly be new services within the next year or two that have as part of their marketing campaign “Not based or have any ties to the US at all! Free from NSA spying!”

gojomo (profile) says:

Maybe also motivated by clumsy DoD site-blocking policies

Another possibility: the DoD thinks the post is ‘dangerous viewing’ for troops. So, as when they blocked access to the entire Guardian website (, they will be blocking any * domains that host it.

But, those same domains may include other information that the DoD/troops need (and have “paid for” in research grants and joint programs). Hence, because (like early versions of China’s firewall) their censoring tech is crude and whole domain/IP-address oriented, they pressure JHU to segregate content for troop-friendliness.

Arthur Moore (profile) says:

Re: Maybe also motivated by clumsy DoD site-blocking policies

Hmm, that’s an interesting possibility. Unfortunately, having necessary military information and services sharing the same domain as self hosted websites is just a bad idea.

I’m aware that different subdomains can be completely separated, but the cost of a domain name is so cheap that it’s not worth the potential trouble. The largest reason to not go with a separate domain name is shared hosting. At that point domain names are the least of the universities security troubles.

Anonymous Coward says:

CYA screwup

As noted elsewhere, this sort of thing often turns out to be a ham-fisted attempt at CYA by a clueless academic administrator. They never learn. At a guess, someone in the upper reaches of Johns Hopkins is worried about the NSA money spigot, and decided to preemptively lean on the Dean. No specific NSA pressure needed. And of course, it promptly blew up in their face. As both the academic and the Dean in question perhaps hoped.

Anonymous Coward says:

Its True

Coming from a former employee of JHH, it is true, I had DOD monitor my phone when I started going through trouble with Johns Hopkins and they continue to do so. They come into my home when I’m not there and my car. I was and still am under surveillance and it’s horrible. Believe it or not, do some research under Intelligent Decision who left their pen in my home while they did God knows what. I don’t trust my home or car not alone what I eat. Work for them at your own risk. Oh yes. They also monitor your phone and internet. Signed, tired of being watched and want my life back!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...