Monday, September 9, 2013

A few thoughts on cryptography, the NSA, and institutional overreaction

Somebody at Johns Hopkins threw a fit and demanded that Green take down this post. They objected that he linked to now public, once secret information, then backed down. One wonders if this isnt because JHU feeds at the public trough more successfully than just about anyplace else. They also objected because he posted the NSA logo, which is really odd since there is no copyright protection for U.S. government works,so far as I know. - GWC

A Few Thoughts on Cryptographic Engineering: On the NSA:

by Matthew Green
cryptographer and research professor at Johns Hopkins University

Let me tell you the story of my tiny brush with the biggestcrypto story of the year.
A few weeks ago I received a call from a reporter at ProPublica, asking me background questions about encryption. Right off the bat I knew this was going to be an odd conversation, since this gentleman seemed convinced that the NSA had vast capabilities to defeat encryption. And not in a 'hey, d'ya think the NSA has vast capabilities to defeat encryption?' kind of way. No, he'd already established the defeating. We were just haggling over the details.
Oddness aside it was a fun (if brief) set of conversations, mostly involving hypotheticals. If the NSA could do this, how might they do it? What would the impact be? I admit that at this point one of my biggest concerns was to avoid coming off like a crank. After all, if I got quoted sounding too much like an NSA conspiracy nut, my colleagues would laugh at me. Then I might not get invited to the cool security parties.
All of this is a long way of saying that I was totally unprepared for today's bombshell revelations describing the NSA's efforts to defeat encryption. Not only does the worst possible hypothetical I discussed appear to be true, but it's true on a scale I couldn't even imagine. I'm no longer the crank. I wasn't even close to cranky enough.

No comments:

Post a Comment