NSA Spying: Whom Do You Believe?

On Friday, Reuters reported that RSA entered into a secret contract to make DUAL_EC_PRNG the default random number generator in the BSAFE toolkit. DUA_EC_PRNG is now known to have been backdoored by the NSA.

Yesterday, RSA denied it:

Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.

[...]

We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.

We know from both Mark Klein and Edward Snowden -- and pretty much everything else about the NSA -- that the NSA directly taps the trunk lines of AT&T (and pretty much every other telcom carrier). On Friday, AT&T denied that:

In its statement, AT&T sought to push back against the notion that it provides the government with such access. "We do not allow any government agency to connect directly to our network to gather, review or retrieve our customers’ information," said Watts.

I've written before about how the NSA has corroded our trust in the Internet and communications technologies. The debates over these companies' statements, and about exactly how they are using and abusing individual words to lie while claiming they are not lying, is a manifestation of that.

Me again:

This sort of thing can destroy our country. Trust is essential in our society. And if we can't trust either our government or the corporations that have intimate access into so much of our lives, society suffers. Study after study demonstrates the value of living in a high-trust society and the costs of living in a low-trust one.

Rebuilding trust is not easy, as anyone who has betrayed or been betrayed by a friend or lover knows, but the path involves transparency, oversight and accountability. Transparency first involves coming clean. Not a little bit at a time, not only when you have to, but complete disclosure about everything. Then it involves continuing disclosure. No more secret rulings by secret courts about secret laws. No more secret programs whose costs and benefits remain hidden.

Oversight involves meaningful constraints on the NSA, the FBI and others. This will be a combination of things: a court system that acts as a third-party advocate for the rule of law rather than a rubber-stamp organization, a legislature that understands what these organizations are doing and regularly debates requests for increased power, and vibrant public-sector watchdog groups that analyze and debate the government's actions.

Accountability means that those who break the law, lie to Congress or deceive the American people are held accountable. The NSA has gone rogue, and while it's probably not possible to prosecute people for what they did under the enormous veil of secrecy it currently enjoys, we need to make it clear that this behavior will not be tolerated in the future. Accountability also means voting, which means voters need to know what our leaders are doing in our name.

This is the only way we can restore trust. A market economy doesn't work unless consumers can make intelligent buying decisions based on accurate product information. That's why we have agencies like the FDA, truth-in-packaging laws and prohibitions against false advertising.

We no longer know whom to trust. This is the greatest damage the NSA has done to the Internet, and will be the hardest to fix.

EDITED TO ADD (12/23): The requested removal of an NSA employee from an IETF group co-chairmanship is another manifestation of this mistrust.

Posted on December 23, 2013 at 6:26 AM • 75 Comments

Comments

SomeoneDecember 23, 2013 7:02 AM

This is especially cruel to those who grew up on the Internet. Those who the Internet has been their escape. Their refuge. And now the trust in that has been shaken greatly...

WmDecember 23, 2013 7:03 AM

"Rebuilding trust is not easy, as anyone who has betrayed or been betrayed by a friend or lover knows, but the path involves transparency, oversight and accountability."

From personal experience with family and relative betrayals, no one should ever consider 'rebuilding' trust once it has been breached. My experience has been that a betrayal is a line that is beyond the point of return. Infidelity in a marriage can possibly be repented of and fixed, but when it comes to greed for money or power, that will be the point of no return. Only punishment and shame will stop such endeavors, with further barring the guilty from getting into a position from which they can again commit their evil. If this is not done, they will always come back to do it all over again.

MuffinDecember 23, 2013 7:21 AM

"We do not allow any government agency to connect directly to our network to gather, review or retrieve our customers’ information," said Watts.

Note he does not deny it's happening with this statement, or even that AT&T is being aware of it: he just says they're not allowing it, i.e. that the government didn't come and ask if they could and AT&T said yes, please go ahead.

He also talks only about "direct" connections, whatever that means. And he talks about all this for the purpose of gathering, reviewing or retrieving, and specifically their customers' information at that.

A very specific and thus very weak denial.

Michael PDecember 23, 2013 7:24 AM

RSA's response looks to me like a carefully crafted non-denial. Isn't it exactly the kind of thing one would say if one accepted a juicy contact to make a key generator the default if only the contacting agency, and not the contractor, knew the key generator was flawed?

steveDecember 23, 2013 7:28 AM

I sent this to bruce and thought a post might generate some good educated discussion on this issue for educational purposes and free speech only.
==================
I have scoured the internet and various forums null-byte.wonderhowto.com, hackers clubs etc. but cannot find a decision tree or step by step listed guide how to remain almost anonymous on the internet or close to it. Please post to you blog for discussion as I think it is timely given all the news on collection!

I have seen others ask the question but its never addressed for educational purposes/freedom of speech. Is this because it would be providing details for nefarious people ( like they dont already know ) or inciting or will the FBI try to lock you down for providing such info?

For instance, I would like you and you readers to define it.

Question: I want to hack my friends gmail account ( with his permission ) and remain untraceable. Lets start with the first step

1) I have to buy a laptop--- Do I purchase on online? or do I do a cash buy at a flee market for a used laptop?

2) I have read that chip makers have hard coded ident info that goes out over the internet to ident that computer--any truth?

3) Will changing the MAC address aid?

4) Disable wifi card that is internal and buy some disposable usb wifi's with cash of course--easier said then done

5) I need to download Backtrak or kali -- do this from ?? free wifi

6) Does Backtrak or Kali have any indent info that is sent out to ident the location or computer

7)Are they any other signatures that are transmitted by the devices used? How can you monitor such or know at all ( yes there is healthy paranoia in the security business )

8) If I am able to brute force the gmail email account- wont the captcha kick in and stop the attack? I suspect it will also recognize coming from another location -- use TOR

9) It appears in you latest blog TOR can be used as a ident if they are a few using it

10) Then I would also guess that if your doing this from a cafe wifi then there might be cameras that can be used to see who was in the area at that tie and using it??

What other issues can you or your readers identify??

SteveDecember 23, 2013 7:50 AM

> No more secret rulings by secret courts about secret laws.

Are there secret rulings from secret courts about secret laws that make it legal for civilian law enforcement agencies to lie to civilian courts to conceal leakage of NSA national defense intelligence to civilian law enforcement?

I don't understand why "parallel construction" isn't far ahead of privacy among reasons for concern about the loss of trust you highlight. I did "Get over it" with respect to privacy long ago, but parallel construction is plain evidence of subversion as far as I'm concerned. Were I an activist I'd be particularly worried.

CuriousDecember 23, 2013 7:52 AM

"We do not allow any government agency to connect directly to our network to gather, review or retrieve our customers’ information,"

With the danger of not having read the source article (I just checked the quotation), when I read this I am wondering:

• How about connecting indirectly? Whatever that might mean.
• Is the word 'gather' perhaps intended to possibly come to mean something other than 'collect' perchance?
• If they do not "allow", did they "let" someone do something anyway?
• Conditionally qualified suppositions of the kind "to gather, review or retrieve" might as well be ironic distancing and a white lie for all I know.
• What is meant by "customers' information" here? Is it about every one customer or simply about all customers? Is there any other use of meaning to the word "customers" other than the one obvious use or meaning? Notice the ' sign indicating a possessive at the end of a 's'. (Might be a typo of sorts) And what distinctions is to be made about the use of the word "information" there? Is perchance any 'metadata' not understood as being 'information' for them?

NickDecember 23, 2013 8:25 AM

I'm keen to see the source material from Snowden. The denial from RSA uses strong words but I think we are all looking of how they can be interpreted to allow the deal with the NSA.

Overall the whole recently discovered saga with the NSA dissolved trust both in the oversight processes but in commercial operations in the US. I think in the near future, whether the risks are real or imagined, it will significantly affect the growth of US based cloud services particularly in the EU.

We all expect our national security agencies to spy and work to discover the secrets of the other players in our international affairs, but what is different here is the disregard for the oversight requirements. The trust here can be rebuilt with reform, accountability and appropriate oversight.

Unfortunately I think the implications of the RSA story, if true, are a lot more serious. It shows a disregard for what is the ultimate goal of technology, the betterment of civilisation. It is this trust in particular that will hard to regain.

William EntrikenDecember 23, 2013 8:26 AM

Why should we trust Reuters?
Where is the original leaked document or any sources, because Reuters does not link to anyone?
Which end-user products are using BSAFE in them?

SkepticalDecember 23, 2013 8:57 AM

Re: RSA & NSA:

Based on the numbers cited in the article (that $10 million is more than 1/3rd the annual revenue received by the division of RSA selling BSAFE in the year before the contract), and that $310 million is the total revenue received by RSA that year, the contract with the NSA would have been signed in 2006. Anyone interested can look up RSA's 10-K for 2006 or 2005 (they were purchased by EMC in 2006, I believe).

The Reuters article notes that the contract with NSA set the default ("the default" as in the function used to return a random number would use DUA_EC_PRNG if no other algorithm were specified?) in BSAFE to the DUA_EC_PRNG. However, the article does not state the purpose of the contract.

That is, the contract could well be the sale of a license to NSA, a part of which included the promise to set the default for a function to DUA_EC_PRNG.

If so, then this is considerably at odds with the impression given by the article, which is that the NSA paid $10 million specifically in exchange for the implementation of a particular feature in a product.

This would also fit with the NSA's view at the time that EC should begin to be preferred. One of the ways that the NSA made their case to NIST was by noting how widely used the algorithm was within the government.

It is still compatible with the hypothesis that the NSA knew of a way to compromise it, but that only the NSA would be capable of doing so. Indeed it would reflect a very high level of confidence on NSA's part that only it could do so.

However, this does NOT fit as well with the hypothesis that the NSA believed DUA_EC_PRNG to be susceptible to compromise by other actors.

Worth noting that RSA, at the time, touted the availability of the algorithm in its advertising (among the several others it made available). This wasn't a hidden feature of the software.

Additional questions not answered by the article:

1 - does the contract specify characteristics for the product to be licensed to the NSA, or the US Government, for its use, or does the contract specify that RSA will change the default for the product for all customers?

2 - the sources used by the article claim that no one remarked on this part of the contract at the time because only business, and no technical personnel, were involved. Is it really the case that no technical personnel were asked about a technical change that NSA asked to be made to the product as part of the contract? That doesn't quite pass the smell test.

3 - do the former employees who served as sources to this article now work for, or have any financial interest in, competitors of EMC or in products that compete with those of EMC?

4 - (to repeat) was the $10 million paid simply in exchange for the setting of a default to the EC algo, OR was the primary purpose of the contract to license the use of BSAFE for the federal government (in which the $10 million was not simply in exchange for the setting of the default)?

Joe MaltDecember 23, 2013 9:02 AM

From one of the replies on that mailing list:

I would raise the possibility of offering the co-chair position to Bruce Schneier instead, if he is willing, and in a position to, accept. His talk at IETF 88 was exactly the right thing, at the right time, and he is an extremely well-known and respected civilian researcher in the crypto community, as I'm sure you're aware.

65535December 23, 2013 9:05 AM

I don’t trust them!

Given, Clappers “least untruthful” response to Congress and the NSA’s statement that they had stopped “52 terrorists acts” and then back-tracking down to a “dozen” and then down to “one maybe two” and finding that the real number to be close to zero - I don’t trust the companies who jump in bed with the NSA (for $10 million or any other sum).

RSA is the USA's premier encryption Security provider. Carefully worded statements from NSA lawyers and Corporate lawyers do not impress me.

[RSA last bullet]

“When NIST issued new guidance recommending no further use of this algorithm in September 2013, we adhered to that guidance, communicated that recommendation to customers and discussed the change openly in the media.”

http://blogs.rsa.com/news-media-2/rsa-response/

I see a lot of weasel words. What RSA fails to mention is the media’s suggestion of $10 million dollar payment by NSA to "backdoor" their default Random Number Generator (RNG) making spying much easier.

Further, they only reason RSA came clean was media coverage of said back door. RSA could not stand the heat in the kitchen and did a 180 degree turn on their default product.

The same mistrust applies to AT&T. The press has indicated AT&T purposely accumulated a data base of USA customer’s phone “meta-data” stretching 30 years – for sale to a buyer with price lists to buyers - including the NSA. This is in conjunction with “Room 641A” with splitters diverting telecommunication traffic directly to the NSA.

I was skeptical of these press stories in the passed 10 years. But, seeing actual documents of that very type of mass collection of data by the NSA changed my mind. Mass government spying on its citizens leaves a bad taste in my mouth.

I don’t trust RSA, AT&T, BT, Google, Apple, Microsoft, and other telecommunication/internet companies within the legal jurisdiction of the NSA. The term “National Security” seems to be stretched to cover any type of mass domestic and foreign spying.

I have now started to follow Bruce Schneier’s advice of using open source security software and encryption items to make me more secure and make the NSA’s mass spying harder and more expensive. When possible I use foreign products not subject to USA/NSA tampering.

Frankly, I am fed-up with so called "Secret Courts" which operate under the ruse of “National Security.” It tramples the Fourth Amendment and causes horrible mistrust in our system of laws.

And, I am very disappointed at Obama for promising to shut down these secret courts and curtail the NSA.

Obama has done nothing but strengthen the NSA and shield these Secret Courts. This is a gross misuse of political power. It's also a heinous misuse of public trust!

Nick PDecember 23, 2013 9:27 AM

Let's also remember they're legally allowed to lie if it's national security or a black program. So, they might be stretching the technical meaning of words and they might just be lying straight. They have options haha.

"We no longer know whom to trust. This is the greatest damage the NSA has done to the Internet, and will be the hardest to fix."

I agree it's the largest damage but I disagree with the rest. It will be true for the majority of companies that trusted the huge proprietary solutions and infrastructures. Those companies using OSS, Open/Alternative DNS, etc. have an easier path ahead of them. For them, they can just acquire some non-American made hardware, install BSD/Linux, and put a different service/application on each machine with POLA/hardening. Routers & DNS especially.

This wouldn't solve the problem but it eliminates a huge swatch of potential backdoors. Most of the code is already open for auditing and made by volunteers in many countries with different motivations. One can even pick lightweight apps or apps written in safer languages to make auditing easier. There's even open firmware and TPM stacks available. Most key protocols have at least one good implementation in the BSD's.

Plenty of options for someone using the open source approach. Everyone else is f***ed. Haha.

zDecember 23, 2013 9:52 AM

Security companies are really unique in that trust is the most important thing they have. I can use AT&T, Google, etc., without trusting them. I don't like it, but I can assume that they have no interest in my privacy or security and still use it.

Security is different. If RSA made gun safes for example and was found to have been paid $10 million by a criminal organization to give them a master combination, they would be out of business so fast their heads would spin.

Companies like RSA essentially sell trust. Your goal is to secure data from anyone but its intended recipient, so you pay them money and they give you a supposedly proven set of products that you trust to do that. If they violate that trust by allowing people access that you did not approve of or know about, they have ruined their product.

Bob TDecember 23, 2013 10:04 AM

Bruce said, "And if we can't trust either our government or the corporations that have intimate access into so much of our lives, society suffers."

I don't trust either one. Forty years ago, the crimes that are committed today by our government and corporations, particularly in the banking industry wouldn't have been tolerated and people would go to prison. Today, they wait it out a couple weeks until the next headline and everyone forgets about the previous crimes.

vopoiDecember 23, 2013 10:20 AM

Voting is your answer Bruce? Voting is the suggestion box of slaves. Ticking a box every 4 years never will and never has lead to freedom.

The NDAA was just renewed on the 19th dec 2013. This all by elected congress people. Just to show politics never leads to freedom.

HoraceDecember 23, 2013 10:30 AM

Anyone who thinks greed is good cannot be trusted.
Anyone who covets power cannot be trusted.
Anyone who puts himself up for election cannot be trusted.

Most of these people were already disqualified from trust before their duplicity became apparent, what then now?

Bob S.December 23, 2013 10:32 AM

Re: Recent press coverage has asserted that RSA entered into a “secret contract” ..."

Secret in quotes ...may ... simply mean there was no secret about it...

I read up on the NSA employee asked to leave the IETF board. I was left with the impression he is a shill and operative for NSA corruption of internet security.

When they do the movie about today's NSA, a good title might be:

NATURAL BORN LIARS

Stan RobinsDecember 23, 2013 10:42 AM

I want to add my complete agreement with Steve regarding secret legal rulings. The FISA court is an abomination and should be closer to the center of attack civil libertarians are making on the surveillance regime imposed by the Patriot Act. How can a nation function as a democracy if ANY legal opinions or rules promulgated by the DOJ or agencies or the President are secret? What kind of due process tolerates a Star Chamber in which only the government is heard on an issue, the rulings are secret, and process served on citizens of the United States is classified? Speaking as a lawyer, it is entirely possible for a tribunal to make a ruling, setting out the legal basis and holding, without disclosing those parts of the record describing procedures, activities or identities that would harm national security if disclosed.

FelixDecember 23, 2013 10:49 AM

Bruce, I don't agree.

For any given system, I'd just as soon not be required to trust anyone, government or the big companies. They have demonstrated century after century that they aren't trustworthy. We as IT people and members of civil society need to design systems that don't require anyone trust the government or big companies. They're not trustworthy now, and they never have been ever in history. I don't expect that to change in my lifetime.

The US government was initially designed with that very premise in mind - a built-in mistrust and lack of power for the government. That has changed over the centuries from individual's compulsion for more power, and well-intentioned fools adding "feature functionality". Now we're running the Windows 95 of government unpatched right into a wall.

I'm sure it will all turn out just fine...

Ion IonescuDecember 23, 2013 11:11 AM

Trust is irrelevant. Whole societies were based on lie and distrust behind the Iron Curtain. You were left with the dream that on the other side somehow it must be better. Nothing new.

Michael RobinsonDecember 23, 2013 11:11 AM

RSA denies that they were aware of weaknesses in DUAL_EC_PRNG, but the Reuters article does not suggest that they were.

RSA denies that they were paid to make the flawed PRNG the default, but the Reuters article does not suggest that either:

"Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract." (Reuters)

What the article does suggest, and what RSA does not deny, was that the decision to make DUAL_EC_PRNG the default in BSAFE was a consequence of a $10 million contract with the NSA.

In fact, the RSA non-denial denial says this:

"We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption." (RSA)

The only reason to include both these sentences under a single bullet point is if the NSA had a role in their decision to make DUAL_EC_PRNG the default, which effectively confirms the key point claimed in the Reuters article.

Mr. PaulDecember 23, 2013 11:26 AM

Reading between the lines of the RSA press release, my interpretation would be that they accepted a sum, likely something like the $10 Million, but definitely some money, from the NSA as an NRE fee. They were unaware they were being duped. If you want to be every so slightly more generous, they were unaware what they were accepting was weak, intentional or not.

One thing that is overlooked is that the NSA is also responsible, in part, for making sure government networks/gear is secure. It was generally believed at the time (I was very active in crypto during that period) that the NSA was trying to bump up security recommendations to protect government and civilian networks/gear to protect against outside attack. Maybe not doing the *best* they could, but making sure it was very good, against even high capability agents. People generally did not believe that the NSA would recommend things that would undermined their own government.

If, in fact, the NSA made recommendations and decisions which undermined their own countries security, it leaves some interesting questions.

send.away.the.mad.puppeteerDecember 23, 2013 11:40 AM

@vopoi "Voting is your answer Bruce? Voting is the suggestion box of slaves."

Economic sanctions could be effective. Voting with the wallet.

Fight intermediation with disintermediation. Cut out the middlemen where ever possible.

Minimize the use of telecommunications. Use cash instead of banks. Bitcoin instead of credit cards. Gold instead of savings accounts. Build your own computers instead of buying subverted systems. Buy non-US tech. Encrypt everything. Use Tor and VPN's.

The sum total of many people exerting that kind of pressure could result in positive political changes to the U.S. fascist regime.

jacksonDecember 23, 2013 11:52 AM

You keep beating up the NSA, and maybe they deserve it. But this is MUCH BIGGER, the issue of trust. Technology is not incidental either. The Target breach has everyone really, really upset. But why? It's not even close to the size of other breaches.

The reason people will be more upset than ever with the Target breach is because this occurred when expectations of security were high. Years ago companies were caught off-guard and so everyone thought 'well, they better get their act together.' It's like being told you're stupid because you didn't lock the front door and someone broke in, but then you installed an alarm system and made sure the door was locked at all times but then someone broke in anyway.

So, what if everyone get upset about gov't overreach and new legislation is enacted, but then it gets worse???

NobodySpecialDecember 23, 2013 11:53 AM

>If, in fact, the NSA ...undermined their own countries security,
>it leaves some interesting questions.
what's the worst that could happen though?

So Lockheed-Martin/Boeing protected some vital parts of a US military product with this tech which was broken by China/Russia.
Who now sells anti-aircraft/anti-ship missiles which are able to evade this defensive technology.
And some country in the middle east next door to Iraq happens to buy these, and America decides to democratize them - and discovers its $Bn stealth toys aren't as stealthy as all that

I mean, how likely is any of that?

DanielDecember 23, 2013 12:27 PM

I agree Bruce. The ATT statement is exactly on point: " "We do not allow any government agency to connect directly to our network ". The whole meaning of the message depends on what is meant by the word "directly". Directly is a nice PR word because it sounds strong and convincing but in fact can be massaged to mean anything. What is direct? How does it contrast to indirect? The statement is silent.

Besides, is ATT really saying that if given a legitimate wire tap warrant they will refuse to cooperate with the government? No, of course not.

People often scorn Machiavelli but he was an insightful man. And one thing he stressed was that "by misdirection we find directions out." So true. If the company is trying to misdirect you, you then know what direction they are taking--and it isn't in your favor.

Wild BillDecember 23, 2013 12:28 PM

I categorically deny the accusation that I am allowed to directly post comments to this blog.

Instead I type comments on a browser, which on my behalf posts the comment, which is then routed through multiple routers sometimes working on my behalf, sometimes working for vaguely related partners, before ever reaching the blog in question.

RSA deserves the Internet Death Penalty whether they sold their customers for $10M or gave them away for free. Either one is a relationship-ending event.

Mr. PaulDecember 23, 2013 12:30 PM

If, for example, AT&T port mirrored all traffic through a diode to an agency, then it could be fairly said that they do not have a direct connection.

M MorrisseyDecember 23, 2013 2:03 PM

' Interesting coincidence or just parallel thinking? Stieglitz essay in the NYT: http://nyti.ms/1bmJz33
The loss of trust is widespread, across the financial sector, education, regulators etc., at an immeasurable cost to society.

SteveLaudigDecember 23, 2013 5:01 PM

"We no longer know whom to trust." True enough and the corollary "Trust no one" is, it seems, the essence of the USG's version of 'free market' and "don't believe a thing we say" flows from it. It 'seems' that historically lying was only manifest during wars e.g. the lies to get pretext to invade Mexico; invade the Hawaiian Islands; Spain; WWI; Vietnam; Iraq II... now government lying is the default approach for 'just about everything'. I guess it means we are in the 'war of all on all' stage of the market economy now. Sounds puerile, almost. In someways living in China is refreshing since there's no foolishness about either trusting or liking or believing the government. Behavior is the only truth.

RomerDecember 23, 2013 6:45 PM

@Stan Robins 10:42 AM "The FISA court is an abomination and should be closer to the center of attack civil libertarians are making."

Agree wholeheartedly. Not only is FISC a secret court making secret rulings and issuing secret warrants (each of these alone is anathema to the Constitution), but many of its horrid and anti-Constitutional warrants are **general warrants**, which were made illegal in England in **1765** and were a proximate cause of the American Revolution (the British march on Lexington and Concord was undertaken to exercise a general warrant).

General warrants (also called "writs of assistance") were hence the direct and unambiguous target of James Madison in constructing the 4th Amendment to the U.S. Constitution.

MingoVDecember 23, 2013 6:46 PM

The trust issue with governments and corporations differs from trust issues among individuals. In the latter, events that break trust are clear-cut: refusal to pay back a private loan, adultery, failure to keep a promise, failure to fulfill a responsibility, etc.

Governments and corporations break trust in little nibbles: a complexly worded statute giving more spying powers, a reworded EULA that lessens rights of buyers, a change to a six-page terms of agreement for a social media site, etc. Few people notice the small changes, and they eventually add up to something very big and very undesirable. Some people notice this quickly, some notice it slowly, and some don't notice it at all. Therefore, the affected people don't act in synchrony, and that makes it nearly impossible to generate effective protests.

Dirk PraetDecember 23, 2013 7:12 PM

@ Skeptical

Is it really the case that no technical personnel were asked about a technical change that NSA asked to be made to the product as part of the contract? That doesn't quite pass the smell test.

Oh, yes it does. You have obviously never worked for a large tech company that has the USG as an important customer. When a 10 million dollar contract is at stake, sales and management will always overrule engineering, no matter what they say. In this case, it is highly likely that engineering was briefed about the requested change - after all, they have to implement it - , but the decision was pretty much made for them the moment the 10 million dollar figure came on the table. It's called a business case, and any large enough customer can ask for any feature they want when they're willing to cough up sufficient dinero. What engineering thinks about it at that point becomes pretty much irrelevant.

It is still compatible with the hypothesis that the NSA knew of a way to compromise it, but that only the NSA would be capable of doing so. Indeed it would reflect a very high level of confidence on NSA's part that only it could do so.

Deliberately compromising or weakening any product is short-sighted and in the end a recipe for disaster. Even if you're the only party able to exploit it at a particular moment, it is just a matter of time before others catch up too. I once more refer to my former colleague Susan Landau's "The Large Immortal Machine and the Ticking Time Bomb". Assumption is the mother of all fuck-ups. It doesn't matter how strongly the NSA - or any other organisation, for that matter - believes they are on top of the game and ahead of everybody else. That's hybris, or Arthur Anderson-syndrome, and sooner or later it blows up right in your face. As one Edward Snowden made painfully clear to them.

someone_from_EUDecember 23, 2013 7:45 PM

The main issue lies within our societies all around the globe. The majority of all the citizens doesn't care much about what's going on and how does that affect them.

They're brainwashed every single day.
All the fucking commercials (press, tv, radio,...), corrupted politicians (as an elected parliamentarian: if you get paid far more in your 'side job', which side of interest would you choose?), the damn passive mode of so many... We deserve nothing better.

Has anyone of you heard about the TTIP / TAFTA treaty?

Behind closed doors, EU / USA together plan to strengthen corporations to such a level that they have the same status as governments. ...

That the world we live in is just a giant playground to cash in. If a corporation claims to loose money (reason irrelevant) then any sued government will have to compensate the loss,... Guess who is paying... ?! Yeah, the poor ones, the honest tax payers, so corporate profit keeps climbing up.

Why is the company Apple Inc. worth more money than the entire country Switzerland?! ...

Democracy as we know it in its most idealest way, never worked. It just worked for a very short term (just election), than back to the usual betrayal...


What we all agree upon is that the 'Open Source' model is the only trusted model ever conceived.


Now imagine our so beloved democracies would mirror the 'Open Source' model behaviour.


Trust could be restored.


Richard Stallman, as the greatest visionary of all times, is now our savior in our darkest technology hours.

It is mandatory that we all act now.

Active mode on
GPL we thank you
Open Source in my name
We all appreciate it

dqDecember 23, 2013 8:23 PM

@Daniel:
>People often scorn Machiavelli but he was an insightful man. And one thing he stressed was that "by misdirection we find directions out."

http://www.shakespeare-navigators.com/hamlet/Hamlet_Quotes.html

Your bait of falsehood takes this carp of truth:
And thus do we of wisdom and of reach,
With windlasses and with assays of bias,
By indirections find directions out
— Polonius has been advising Reynaldo in devious conversational strategies to find out what Laertes is up to while he is out of the country. Polonius concludes his directions by telling Reynaldo that any lies he may tell about Laertes will only enhance the likelihood that others will reveal truths about Laertes, assuring him that wise and powerful men like himself use these roundabout tactics.

@steve:
>I have scoured the internet and various forums null-byte.wonderhowto.com, hackers clubs etc. but cannot find a decision tree or step by step listed guide how to remain almost anonymous on the internet or close to it.

...
>Question: I want to hack my friends gmail account ( with his permission ) and remain untraceable. Lets start with the first step

>1) I have to buy a laptop--- Do I purchase on online? or do I do a cash buy at a flee market for a used laptop?

This is an interesting series of questions.

I am not qualified to give an opinion, but you could start by asking professional penetration testers whether they use VPNs rather than TOR. I suspect a VPN would circumvent a bunch of difficulties if used correctly. Unfortunately I know nothing about VPNs.

JPDecember 23, 2013 9:02 PM

"In its statement, AT&T sought to push back against the notion that it provides the government with such access. "We do not allow any government agency to connect directly to our network to gather, review or retrieve our customers’ information," said Watts."

If I am not the one writing the check for the specific connection, I am the product, not the customer.

If it is collected from an ATT backbone connection, they can collect all the info they want and not violate their statement.

If the direct connection is by a sub for the government, they don't have a direct connection, they can collect all the info they want and not violate their statement.

If ATT is the one tapping the line under contract with the government, they can collect all the info they want and not violate their statement.

Etc, etc, etc...

MGCyberSMEDecember 23, 2013 11:57 PM

...But who will be the answer to the Answer Man?

This is all nice and rosy, but reality, history and physics tell us that a body in motion will remain in motion, a body at rest, will stay at rest. Metaphorically meaning that once the deed has been done, it's very hard to roll it back. As Mr. Schnier correctly points out the requirements to realign the wheel, the question is what reason is there to do so? Who's interest will it best serve? Who's agenda is in play here? The litmus test is essentially looking back and seeing if these outcomes of today were in place before the threat was present? Yes, they have been eroding over the years, as a fault of our own, being perhaps overly copacetic. I can take this back to JFK, but looking at and discussing past history demonstrates that about 250 years ago, some very wise folks put together this nation and developed some good supporting documents. Problem is that these did not align with some agendas and making a long story short, we are where we are today. Do we really have any rights left? Virtually perhaps. Is privacy really that important? Depends? Should it matter? I guess Janis Joplin had it right that "Freedom's just another word for nothing left to lose...". - Selah

rdmDecember 24, 2013 12:55 AM

Here are a few thoughts:

First, if the NSA does indeed have the broad observational powers that they seem to have, a simple look at the statistics having to do with various forms of criminality and misconduct and law enforcement in this country seems to suggest that they are being very careful to not obstruct such failure modes. A more general issue here is that you cannot lead people where they do not want to be lead.

Second, given that there is significant evidence that other countries have been engaged in spying on members of this country, it's not at all clear that the relatively small population of the NSA constitutes even a majority of the monitoring that is going on.

Third, given the growth curve of moore's law and the price curve on cameras and other observational gear, I think that this whole set of issues is mostly something to get old people to thinking. And I am not sure we are doing a good job of that thinking, yet. We've got laws which probably made sense when cameras were a rich person's toy but which probably need to be rethought when cameras are a "free in every cereal box" toy.

Fourth, the infamous question posed by Ron Wyden - the one where Clapper is being dinged for lying - seems to have been a double question. Wyden asked whether Clapper could answer a question. Much has been made of the fact that Clapper had a full day to consider his answer, but what exactly was it that he had a full day to consider? It might be worth thinking through the logic of this.

Or, you know, we can go on blindly asserting things without thinking logically. That's probably a lot of fun or something?

Also, as to trust... ultimately it's not so much that we need to trust technology. It's people. Can we trust people? Personally, I tend to bet that we can. So far, at least, they have done me right (albeit, quite often saying no when I ask about things I care about - but not always).

Anyways, a lot of computer security seems to me to be like installing bank vault doors on picket fences. And we can do that easily enough because of economies of scale. But perhaps putting more emphasis on double checking when dealing with important issues - trading some convenience for resilience - might go a long way?

rdmDecember 24, 2013 1:10 AM

p.s. now the cybercommand? That's maybe a different matter...? but maybe harder to talk about, also.

we probably also need to get used to the idea that government itself has conflicting directives and people working at cross purposes to each other?

FigureitoutDecember 24, 2013 1:15 AM

rdm
given that there is significant evidence that other countries have been engaged in spying on members of this country, it's not at all clear that the relatively small population of the NSA constitutes even a majority of the monitoring that is going on.
--I honestly don't care what country you're from, if you're spying on me (AKA attacking me) then you're fair game for me to unleash some attacks on you that you won't detect (you think I'm joking...). Over time, of course I'm not alone in my feelings nor intelligence, others will respond; sometimes to falsehoods, sometimes to real attacks, which then lead to more attacks.

Eventually there will be so many hidden attacks that for the purpose of sanity one would have to limit their potential and go back to pencil/paper and books. Hand calculations...

Basically all the technology is rendered worthless b/c of the severe lack of trust; that's just such a terrible thought to me...

PlunkyDecember 24, 2013 7:00 AM

All of the above can be traced back to 9/11 and the patriot act. Trust was a victim, can we ever get it back?

jason sewellDecember 24, 2013 8:25 AM

I would be interested in knowing more about the supposed flaw.

Presumably, any flaw inserted into a random number generated would be designed to decrease entropy / randomness in the output. Wouldn't this be easy to confirm by experiment? Simply generate a few billion random numbers and plot them. Any skew would be immediately apparent. Has this been done yet?

e-sushiDecember 24, 2013 8:34 AM

@jason The problem with an RNG backdoor is, that you're not supposed to be able to identify it that quickly… it's less about a *skew* but more about a hidden *predictability*. As a result, well-implemented backdoors are not that simple to visualize. What might look perfectly random to you, could simply be a known and easy to reconstruct and/or identify RNG period that could/would be exploited by an attacker who implemented (or at least knows about) the backdoor.

vas pupDecember 24, 2013 10:12 AM

Could other than NSA Law Enforcement Agency or prosecutors use in court (as base of incarceration) or illegal pressure for plea bargain any information obtained by unconstitutional surveilance conducted by NSA (meta data or detailed)? The point is NSA does not have its own enforcement arm/unit. If the answer is 'no', then your privacy is the the victim if such information is leaked publicly or secretly (through gag orders like stop by your employer, flash the badge and talk bullshit about you when you have zero chance to challenge such input), and you should have right to sue for such activity, but if the answer is 'yes' - that is real problem aka 1984 paradigm or Kafka's Trial.
If the answer is 'no, but' meaning information (pattern extracted out of meta data) could only be used to provide proper direction of further investigation and collection admissible in the court of law evidence, then this tool has its merits only.

AdjuvantDecember 24, 2013 2:37 PM

@It'sTheParallelConstruction,Stupid; @Plunky "All of the above can be traced back to 9/11 and the patriot act. Trust was a victim, can we ever get it back?"

Emphatically not, until Congress reviews the present State of Emergency of which the Patriot Act is but an external manifestation, which has been quietly reauthorized every year since 9/11. This review is in fact REQUIRED by public law (50 U.S.C. 1622), but seems simultaneously to be prohibited by "secret" law. I shall explain.

It's very good that we're now openly discussing the phenomenon of "parallel construction" in criminal cases. There remains, however, a far more fundamental problem that very few people have had the intestinal fortitude to address. This might be called, by extension, "parallel constitutionalism."

The "parallel constitution" presently in effect is rooted in emergency Continuity of Government plans which were originally developed for application in the event of a global thermonuclear conflict, but which have been cynically repurposed. These were put into effect on 9/11 and have been annually reauthorized without Congressional review in direct contravention of (public) law. Project Censored provides details in this fine summary from 2010. A poignant excerpt:

"9/11 met the conditions for the imposition of COG measures, and we know for certain that COG planning was instituted on that day in 2001. The 9/11 Report confirms this twice, on pages 38 and 326. ... What few have recognized is that, nearly a decade later, some aspects of COG remain in effect. COG plans are still authorized by a proclamation of emergency that has been extended each year by presidential authority..."

[see: http://www.projectcensored.org/supplanting-the-united-states-constitution-war-national-emergency-and-continuity-of-government/ ]

The original item Project Censored cites is an essay by the redoubtable Prof. Peter Dale Scott, originally published here:
http://japanfocus.org/-Peter_Dale-Scott/3448
and based on an address to the Commonwealth Club of San Francisco which may be heard here:
http://www.commonwealthclub.org/node/60744

From the Japan Focus article (footnotes removed for clarity in this format):
"The National Emergencies Act, one of the post-Watergate reforms that Vice-President Cheney so abhorred, specifies that: “Not later than six months after a national emergency is declared, and not later than the end of each six-month period thereafter that such emergency continues, each House of Congress shall meet to consider a vote on a joint resolution to determine whether that emergency shall be terminated” (50 U.S.C. 1622, 2002).The law does not permit Congress to review an emergency; it requires Congress to review it.

Yet in nine years Congress has not once met to discuss the State of Emergency declared by George W. Bush in response to 9/11, a State of Emergency that remains in effect today. Appeals to the Congress to meet its responsibilities to review COG have fallen on deaf ears, even during periods when the Congress has been dominated by Democrats."

And in this we may glimpse the de facto ascendancy of "secret" law. Please indulge me in reproducing two more excerpts (footnotes removed):

First:
"There is no way to determine how many of the constitutional changes since 9/11 can be traced to COG planning. However we do know that new COG planning measures were still being introduced in 2007, when President Bush issued National Security Presidential Directive 51 (NSPD-51/HSPD-20). This Directive set out what FEMA later called “a new vision to ensure the continuity of our Government,” and was followed in August by a new National Continuity Policy Implementation Plan.

Under pressure from his 911truth constituents, Congressman Peter DeFazio of the Homeland Security Committee twice requested to see these Annexes. When his request was denied, DeFazio made a second request, in a letter signed by the Chair of his committee. The request was denied again."

Second: "Former Congressman Dan Hamburg and I appealed publicly in 2009, both to President Obama to terminate the emergency, and to Congress to hold the hearings required of them by statute. But Obama, without discussion, extended the 9/11 Emergency again on September 10, 2009, and again a year later. ... One Congressman explained to a constituent that the provisions of the National Emergencies Act have now been rendered inoperative by COG. If true, this would indicate that the constitutional system of checks and balances no longer applies, and also that secret decrees now override public legislation as the law of the land."

By now the klaxons in any thinking person's brain should require no further amplification. Allow me nonetheless to juxtapose this basic observation from Lawrence Lessig:
"A “free society” is regulated by law. But there are limits that any free society places on this regulation through law: No society that kept its laws secret could ever be called free. No government that hid its regulations from the regulated could ever stand in our tradition. Law controls. But it does so justly only when visibly. And law is visible only when its terms are knowable and controllable by those it regulates, or by the agents of those it regulates (lawyers, legislatures)." [ from: http://www.gnu.org/philosophy/lessig-fsfs-intro.html ]

Until these fundamental matters are tackled and the rule of public law is restored in this country, all attempts to bring the TLAs to heel will remain mere window dressing. If my post here constitutes your first exposure to the full extent of this sad state of affairs, that should in and of itself be terrifying: before these matters can be addressed at all, they must be public knowledge and a focus of public indignation. I believe I have pointed to the [extra-]constitutional nest from which this army of legal cockroaches proceeds. I would be most obliged if this submission were to become a focus of further discussion and dissemination.

WinterDecember 24, 2013 2:51 PM

@Jason
The classical example of a "broken" PNRG is the decimal sequence of Pi.

There seems to be no known statistical test that can show this sequence is non-random. But it is easy to predict.

If you want to know more, I believe Algorithmic Complexity theory can show that randomness cannot be proven, only disproved.

A DaveDecember 24, 2013 9:30 PM

Adjuvant while I agree with what you are saying I cannot help but think of honey when I read your post :)

AdjuvantDecember 24, 2013 10:48 PM

@A Dave: If you were making a specific reference I'm afraid it's lost on me. If your comment was directed at my prose style, so be it, as long as my message gets across.

Clive RobinsonDecember 25, 2013 3:36 AM

@ Alex Jones,

You forgot to mention,

    Boycot RSA Conferance

If EMC / RSA see their flagship self promotion set piece boycoted it will send not just them a message but one or two other companies who have "taken the NSA shilling" of which I'm sure there are several.

Which also brings forward the idea of "outing NSA suppliers and colaborators" (of which EMC is just but one of many).

RichardDecember 25, 2013 3:58 AM

As customers and shareholders of telephone companies we need to request they stop collecting phone call metadata they don't need. If they don't collect it then they can't turn it over to the NSA when the NSA requests, which is in the best interests of their customers and shareholders.

Where I work the document retention policy might be paraphrased as "Don't keep what you don't need. Then it can't be used against your employer or you."

I have Verizon FiOS including unlimited free local and domestic calling. They don't need to collect metadata on those calls to bill me. Do they collect it because they are used to collecting it or perhaps because they are used to sharing it with the NSA, from the 2000's and before?

It's hard to believe they need the data to know when to expand their network. Voice calls use very little bandwidth. If they do need it then just record the call came from or went to the phone building in the next town; the dedicated fiber optic line from there to my house will not be a bottleneck for voice calls for the foreseeable future.

Request the phone companies you own or are a customer of now stop recording call metadata where they don't need it for billing. Or at least provide an option to opt out of collection. Or encrypt it with the customer's public key so on the customer can decrypt their call history.

As Bruce Schneier wrote before, it is time for companies to look at NSA as the adversary and handle their data accordingly. Google, Yahoo, and Microsoft understand that. We need to shake the telephone companies awake.

It'sTheParallelConstruction,StupidDecember 25, 2013 11:04 AM

Adjuvant, I didn't get the honey reference either, but it may have had to do with sticky traps. Sucked me in for a while anyway...

> ...; @Plunky "All of the above can be traced back to 9/11 and the patriot
> act. Trust was a victim, can we ever get it back?"

Adjuvant responded,
> Emphatically not, until Congress reviews the present State of Emergency of
> which the Patriot Act is but an external manifestation, which has been quietly
> reauthorized every year since 9/11. This review is in fact REQUIRED by public
> law (50 U.S.C. 1622), but seems simultaneously to be prohibited by "secret" law.

The part of 50 USC § 1622 - National emergencies that seems to require Congress to review the emergency every six months is section (b), Termination review of national emergencies by Congress. I will write to my Senators and Representatives for clarification regarding how this requirement has been met down the years. The wording, however, that "each House of Congress shall meet to consider a vote on a joint resolution to determine whether that emergency shall be terminated", doesn't seem to require a vote, just consideration of a vote. Maybe they satisfy the requirement every six months with yeas and nays.

Meanwhile, section (c), Joint resolution; referral to Congressional committees; conference committee..., deals with how the joint resolution, once voted into being, will be processed. Since they don't vote a joint resolution terminating the state of emergency into being, section (c) just doesn't apply.

Again meanwhile, section (d) Automatic termination of national emergency; continuation..., allows the Administration to keep the state of emergency in effect by a simple publication and notice to Congress. Probably takes five minutes.

So, I don't know if there needs to be any secret law prohibiting the twice-yearly Congressional review called for in section (b). Depends on what "is" is, I guess.

At this point, I think I may see too many other reasons to justify amending your "Emphatically not, until..." to read, "Emphatically not. Period."

Dr. I. Needtob AtheDecember 25, 2013 3:57 PM

I bought a few packets of ramen noodle soup mix today as a gesture of solidarity with Edward Snowden. It's actually not bad, and you can't beat the price.

SpikeDecember 25, 2013 8:32 PM

@Nick:

I'm keen to see the source material from Snowden.

The only thing I want to hear from Snowden is that he's decided to come home and face the music for what he did; I also want to see most of the emotarians admit the they were duped and stop believing him and whatever bullshit he spewed.

Here's an unpleasant truth about Snowden:

In 2009, Ed Snowden said leakers “should be shot.” Then he became one

Some other stuff about this fool that everybody missed (partially due to Obama Derangement Syndrome, the Magic Negro meme and the way that emotarians behave):

How the Professional Left's Blind Obama Hatred Got them Played by a Far-Right Nutjob

Snowden's Russia Connection Confirmed by Putin

I'm also sorry to say this, but I think this whole affair smells of ratfucking by libertarians and the right-wing in an effort to cause shit for progressives generally. And I think that its going to backfire eventually.

AdjuvantDecember 25, 2013 10:04 PM

@It'sTheParallelConstruction,Stupid
Occam's razor is often a useful heuristic, providing a robust defense against being "sucked in," as you say, to various intellectual time-sinks and halls-of-mirrors. I'm afraid, though, that you have misapplied it here.

Your reference to "the joint resolution, once voted into being..." betrays an elementary misunderstanding of the legislative process. Joint resolutions are in no sense "voted into being" qua joint resolutions; rather, they are introduced by one or more legislative "sponsors" in either the House or the Senate and subsequently become matters to be dealt with, working their way through the various relevant subcommittees and committees according to the standing rules of the relevant legislative bodies and governing statutes.

Here is a fine overview of this process:

I am neither a lawyer nor a parliamentarian, but in my reading this statute mandates implicitly that a joint resolution be introduced, this being an absolute precondition for considering a vote on said joint resolution. Your dismissal, therefore, of section (c) as inapplicable would seem to be incorrect. Rather, it seems to specify the special legislative procedure by which the joint resolution mandated in section (b) should be processed.

A complete list of all joint resolutions and bills introduced in each Congress may be found HERE
It should therefore be trivial to identify any joint resolution(s) which have been introduced in fulfilment of the statutory requirement in 50 USC § 1622.

Thoughtful input and discussion from the legally trained would be most welcome, but I hope we will not be overly distracted from the larger context of these Continuity of Government measures. As much as we may wish it were otherwise, the elephant remains in the room,

Rather than a linkdump -- that's what search engines are good for -- I'll refer you to the Congressional Record: August 2, 2007 (House) [Page H9548] and let Congressman DeFazio, cited above, speak for himself. It's only a one-minute speech:

"Mr. DeFAZIO. Most Americans would agree that it would be prudent to have a plan to provide for the continuity of government and the rule of law in case of a devastating terrorist attack or natural disaster, a plan to provide for the cooperation, the coordination and continued functioning of all three branches of the government.
The Bush administration tells us they have such a plan. They have introduced a little sketchy public version that is clearly inadequate and doesn't really tell us what they have in mind, but they said, don't worry; there's a detailed classified version. But now they've denied the entire Homeland Security Committee of the United States House of Representatives access to their so-called detailed plan to provide for continuity of government. They say, trust us. Trust us, the people who brought us Katrina, to be competent in the face of a disaster? Trust us, the people who brought us warrantless wiretapping and other excesses eroding our civil liberties? Trust us?
Maybe the plan just really doesn't exist and that's why they won't show it to us. I don't know. Or maybe there's something there that's outrageous. The American people need their elected representatives to review this plan for the continuity of government."

And there, in 2007, the matter seems to have died. I think it's high time it was re-visited. If I've been "sucked in,"I consider myself to be in good company.

It'sTheParallelConstruction,StupidDecember 26, 2013 7:07 AM

Adjuvant, sorry if my reference to getting "sucked in" came across as negative. Not at all - it's what happens when a topic is compelling, as this one.

I didn't consciously apply Occam's Razor, which I think is a good tool to use when alternatives are fairly well-defined. In this case, though, the entire business remains opaque to me, even after going back and re-reading 50 USC § 1622 - National emergencies.

It's true, as you say, that I don't have a good understanding of the legislative process. What I have is a strong impression of that process being, largely, window dressing. But what do I know other than that my eyes glaze over and I retreat, as from a wall I've run into more than once.

Yesterday I wrote to both my Senators and to my Representative, asking how Congress has complied with the apparent requirement for Congress to act every six months that a state of emergency continues. Thanks for the prompt.

vas pupDecember 26, 2013 10:31 AM

@It'sThe ParallelConstruction, Stupid.
Thank you for both links provided.
Based on their content the answer is 'not, but' because 'parallel construction' required to follow leads out of NSA input to find own legitimate evidence. EFF:"Hiding the source of information used by the government to initiate an investigation or make an arrest means defendants are deprived of the opportunity to challenge the accuracy or veracity of the government's investigation, let alone seek out favorable evidence in the government's possession". Yes, good point, but when source of intial lead/information is CI(confidential informant) or undecover officer, then same pattern for defendant exists for many years before invention of the Internet and NSA activity related. It should be clearly separated: facts (and methods) obtained as investigating intelligence versus derivative facts admissible in the court obtained using for prosecution. That does imply those methods should be within requirements of Bill of Rights. General remark: the 'sharper' tool LE Agency provided the stricter oversight is required, but for intelligence data collection Court oversight is more feaseable for targeted surveilance. I guess we do not have Court oversight for CI activity. Do we?

Mark WoodingDecember 27, 2013 10:24 AM

I used to work for a vendor of hardware security modules. Before I left, maybe two years ago, we were contacted by RSA, who (as many customers do) asked us about our random number generation. At that time, we used the AES counter-mode DBRG, and I said so. They asked whether we'd implement the Dual-EC DRBG, and told us that this was a requirement from a DOD customer of theirs. I explained that the Dual-EC generator was (a) hideously slow, (b) slightly biased, and (c) possibly hiding a particularly poorly concealed back door; and that, as someone responsible for security review of module firmware, I couldn't possibly let out a module which used the Dual-EC generator unless (a) it was strictly opt-in; (b) key-generation certificates were enhaced to report the use of non-default random number generators; and (c) the certificate checking tool was modified to report the use of the Dual-EC generator with a scary warning. I didn't hear any more about it after that. So: RSA were actively trying to encourage adoption of the Dual-EC DRBG fairly recently, on behalf of a `DOD customer'. All of this would have made me rather suspicious, but RSA had already lost whatever trust I'd ever given them by managing to let hackers at the enormous database of SecurID keys they should never have had in the first place.

TomDecember 28, 2013 11:14 AM

As others have said:

Whether RSA knew of the flaws with the algorithm is irrelevant. They ought to have known? What else would NSA be paying for!?

Viet-NamDecember 30, 2013 3:45 AM

There was never any reason to trust you american scumbags. All this talk about trust is laughable nonsense. You fucking americans need to be bombed to the ground like you do to other countries. And sooner or later you will, scum.

Andrew SullivanDecember 31, 2013 6:33 AM

Just a point of information: that research group is _not_ an IETF group, but IRTF (r for research). It matters here because IRTF does not produce standards, and doesn't work by the usual IETF rough consensus. (This is not to comment on the case at all.) Full disclosure: I'm a sitting IAB member, and organizationally the IRTF Chair is appointed by the IAB. As usual, I speak for nobody but myself.

RussJanuary 1, 2014 1:50 PM

Could someone here who fully understands the math comment on this recently-posted proof-of-concept?

http://blog.0xbadc0de.be/archives/155

The author states he hasn't broken 'the default NIST implementation' as he doesn't have access to the secret sauce used to derive the Q value used there; but that the math shows anyone who does have that info can break the PRNG with only 32 bytes of input. That sounds like a smoking-gun demonstration of a backdoor.

NicoleJanuary 2, 2014 1:39 PM

In order to protect digital information companies need to start educating their employees on how data breaches can occur. Of course, the NSA is going to exploit backdoors when they can be infiltrated so easily due to average employees not understanding the implications of digital footprints. It should be required for any employee to have a fundamental understanding of IT security and hacking in order to protect company/client digital rights.

Mark WoodingJanuary 3, 2014 10:54 AM

Russ: The possible existence of a backdoor of this type, as demonstrated in that link, has been known for years. This is precisely what, e.g., Shumow and Ferguson were saying in their Crypto 2007 rump session talk, linked from http://www.theregister.co.uk/2007/11/16/random_number_backdoor_fears/ -- and they described exactly the theory behind the `proof of concept' in that article.

This technical stuff is old. What's new (ish) is that Snowden confirmed that indeed (a) NSA generated the parameters in such a way as to give themselves this back door (whereas there are well-known techniques for generating these parameters which wouldn't provide a back door, and would convince third parties that this had been done properly and honestly), and (b) encouraged vendors to adopt this pre-compromised algorithm. And it looks to me like RSA were attempting to get more companies to adopt it on NSA's behalf.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..