> That used to be a tin-foil hat idea just a few months ago, and we know better now. If NSA comes carrying gifts, it warrant being very careful in accepting them from a party with such hostile priorities.
Well, not really.
The "tinfoil" idea is that NSA is breaking into crypto so that they can blackmail politicians, black-bag innocent citizens, etc.
But it was never widely assumed that NSA wasn't trying to break every bit of encryption they could. Besides the fact that such activities are literally their job, it's one of the few things they'd just as likely tell you directly if you asked them.
"Q: Are you trying to break cipher/cryptosystem FOO?" "A: Yes, we're trying to break all of them, to protect our SIGINT capability".
NSA has spent literally decades analyzing and breaking the military-grade ciphers of other nations. So I don't know where people got the idea that just because civilians obtained access to military-grade encryption, that NSA would suddenly stop with cryptanalysis efforts. But it has nothing to do with civilians per se; the military and national security opponents are using our civilian crypto too!
Is that inconvenient for civilian cryptography? Sure. But let's not act like people are having something chipped and taken away from them, that they've always had.
Before RSA and DH there was essentially no widely-known safe cryptosystems that we could use. You used DES, or you could make up your own Vigenère implementation perhaps (have fun with key exchange!).
And that's just discussing computer communications. Your phones were all tappable, international telegrams easily read if it suited NSA, and good luck if you used one of those new-fangled cell phones.
The claimed threat is that computers make NSA more capable of surveilling the people at large, but the evidence shows that systems like Tor are putting up an exceptional fight, and even cryptosystems like TLS with many known weaknesses mostly work against global passive surveillance.
You would have to get on NSA's specific shitlist to have to really worry, but being on that shitlist 20 years ago meant anything you said would be picked up... and now, even that is not so certain.
There is a difference between trying to break cryptography, and prioritizing breaking cryptography over protecting civilians.
This is true for almost everything in the world. I want for example that the police try to stop criminals, but I do not want them to go around with minigun's and spraying the street with bullets. I want the police to prioritize the safety of civilians.
Same goes for NSA. They are perfectly free to try break hostile entities encryption, but they should not sabotage US civilians security while doing so. When they sabotage standards, or keep vulnerabilities secret so they and criminals can break into peoples computers, then NSA is not prioritizing protecting civilians.
> When they sabotage standards, or keep vulnerabilities secret so they and criminals can break into peoples computers, then NSA is not prioritizing protecting civilians.
Even the standards that they have been shown to sabotage (Lotus Notes, Clipper, Dual_EC_DRBG), they have sabotaged it in a way that should have reduced the security of the system against NSA, but not in general. I'll note that I disagree with this concept (I'm not a mathematician but it seems to me that it is difficult to prove theoretically that the NSA private key could never be derived when you know the plaintext and ciphertext). However even on these NSA was trying to maintain the security of the cryptosystem itself, it's not as if they introduced a deliberate backdoor where the thing falls apart if you guess the right 8-letter password.
I see your point about knowing about software vulnerabilities and not acting on them. But the problem is that software will always have vulnerabilities, and the citizenry at large isn't exactly good at keeping always up-to-date. So if NSA divulges every 0-day they know, then they don't help the public that much, but do help the enemies of the public protect their software that much better.
You could almost argue that the NSA "buying up 0-days" is directly beneficial to the citizens, by ensuring that at least those vulns don't end up in the hands of someone who'd actually do something rotten with them.
They're doing it to spy on the rest of the world, which is something that they've done for their entire existence. It's one of the two major reasons they exist at all.
It happens that now the rest of the world is using the same crypto we're using, but that's not NSA's fault. Nor is it a major degradation over a status quo; the government has usually been able to "spy on us", it's only been a short time comparatively speaking that it was even possible for the average citizen to completely encipher their communications. Telegrams, for instance, were copied and read as a matter of course if they crossed international boundaries.
The NSA shouldn't just be an attacker it should also provide defence. If one of their many contractors can leak details to the press for idealogical ends it's pretty safe to assume that much worse secrets have already been leaked to other nation states (China, Russia etc....) for financial gain.
I think it's entirely reasonable to assume that a lot of exploits the NSA has discovered and not revealed (because it thinks they are "secret") have actually been sold to other governments by it's own contractors. By not revealing these exploits to citizens they are actually leaving them open to attack by foreign governments. Large companies trying to defend against industrial espionage are probably most at risk.
> The NSA shouldn't just be an attacker it should also provide defence.
Uh, it actually does exactly that. That is the second major mission objective of NSA, is to ensure that the USA's own communications are secure. For example, the SHA-1 hash standard that underpins much of our cryptosystems was developed wholly by NSA as an alternative to MD5 (which was apparently even at the time thought to be weak at NSA).
However there's a difference between ensuring that the theoretical underpinnings of COMSEC are adequate and releasing 0-days. There will always be exploits in web browsers used by people, so NSA is not "helping the citizens" by releasing each and every one of those secretly to browser developers. They can effectively only hamstring them own mission goals by doing that.
If one of their many contractors can leak details to the press for idealogical ends it's pretty safe to assume that much worse secrets have already been leaked to other nation states (China, Russia etc....) for financial gain.
Especially as the agency in question appears to have no compartments or levels of access. I've been wondering how a comparatively junior contract worker could access so much information...
But Snowden was a sysadmin and successfully managed to digitally impersonate persons actually in the right compartments, among other things, in order to get access to the data he wanted.
I suppose it's better to say that NSA is too reliant on contracted systems administrators to handle what should be inherently governmental functions, and that they don't properly compartment sysadmin functions. But then again, is it even possible to completely protect a computer network against an insider sysadmin threat?
Unfortunately it's politcians in 6 countries who try to dismantle the now totalitarian levels of surveillance who end up on this shit list too. Then soon it will be you and me.
The NSA gives a lot of advice to civilian cryptographers. It used to be tinfoil to assume the advice was deliberately bad. Now we know (some of) it is.
The NSA also has been found to give good advice sometimes, so just doing the opposite of what they say doesn't work either.
Well, not really.
The "tinfoil" idea is that NSA is breaking into crypto so that they can blackmail politicians, black-bag innocent citizens, etc.
But it was never widely assumed that NSA wasn't trying to break every bit of encryption they could. Besides the fact that such activities are literally their job, it's one of the few things they'd just as likely tell you directly if you asked them.
"Q: Are you trying to break cipher/cryptosystem FOO?" "A: Yes, we're trying to break all of them, to protect our SIGINT capability".
NSA has spent literally decades analyzing and breaking the military-grade ciphers of other nations. So I don't know where people got the idea that just because civilians obtained access to military-grade encryption, that NSA would suddenly stop with cryptanalysis efforts. But it has nothing to do with civilians per se; the military and national security opponents are using our civilian crypto too!
Is that inconvenient for civilian cryptography? Sure. But let's not act like people are having something chipped and taken away from them, that they've always had.
Before RSA and DH there was essentially no widely-known safe cryptosystems that we could use. You used DES, or you could make up your own Vigenère implementation perhaps (have fun with key exchange!).
And that's just discussing computer communications. Your phones were all tappable, international telegrams easily read if it suited NSA, and good luck if you used one of those new-fangled cell phones.
The claimed threat is that computers make NSA more capable of surveilling the people at large, but the evidence shows that systems like Tor are putting up an exceptional fight, and even cryptosystems like TLS with many known weaknesses mostly work against global passive surveillance.
You would have to get on NSA's specific shitlist to have to really worry, but being on that shitlist 20 years ago meant anything you said would be picked up... and now, even that is not so certain.