DOCSLIB.ORG

Researchers Split Over NSA Hacking

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Researchers Split Over NSA Hacking NEWS IN FOCUS cold atoms, which can form the basis of the qubits of information in quantum computers. He notes that he is free to publish in the open literature, and he has no problems with the NSA research facilities in physical sciences, telecommunications and languages that sit SEMANSKY/AP PATRICK on his campus. Monroe is sympathetic to the NSA’s need to track the develop­ment of quan- tum computers that could one day be used to crack codes beyond the ability of conventional machines. “I understand what’s in the news- papers,” he says, “but the NSA is funding seri- ous long-term fundamental research and I’m happy they’re doing it.” Dena Tsamitis, director of education, outreach and training at Carnegie Mellon University’s cybersecurity research centre in Pittsburgh, Pennsylvania, also wants to main- tain the relationship. She oversees visitors and recruiters from the NSA but her centre gets no direct funding. She says that her graduate stu- The National Security Agency is the largest employer of mathematicians in the United States. dents understand the NSA’s public surveillance to be “a policy decision, not a technology deci- SECURITY sion. Our students are most interested in the technology.” And the NSA, she says — echoing many other researchers — “has very interest- ing technology problems”. Researchers split The academics who are professionally uneasy with the NSA tend to lie on the applied end of the spectrum: they work on computer security and cryptography rather than pure over NSA hacking mathematics and basic physics. Matthew Green, a cryptographer at Johns Hopkins Uni- versity in Baltimore, Maryland, says that these Cryptographers condemn US National Security Agency’s researchers are unsettled in part because they tapping and tampering, but mathematicians shrug. are dependent on protocols developed by the US National Institute of Standards and Tech- nology (NIST) to govern most encrypted web BY ANN FINKBEINER is the United States’ largest maths employer, traffic. When it was revealed that the NSA had and Samuel Rankin, director of the Washing- inserted a ‘back door’ into the NIST standards he US National Security Agency (NSA) ton DC office of the American Mathemati- to allow snooping, some of them felt betrayed. has upset a great many people this year. cal Society, estimates that the agency hires “We certainly had Since June, newspapers have been 30–40 mathematicians every year. The NSA “I understand no idea that they Tusing documents leaked by former intelli- routinely holds job fairs on university cam- what’s in the were tampering with gence worker Edward Snowden to show how puses, and academic researchers can work at newspapers, products or stand- the secretive but powerful agency has spied on the agency on sabbaticals. In 2013, the agency’s but the NSA is ards,” says Green. He the communications of US citizens and foreign mathematical sciences programme offered funding serious is one of 47 technolo- governments. Last month, the media reported more than US$3.3 million in research grants. long-term gists who on 4 Octo- that the NSA, which is based in Fort Meade, Furthermore, the NSA has designated more fundamental ber sent a letter to the Maryland, had undermined Internet security than 150 colleges and universities as centres of research and I’m director of a group standards. The revelations have sparked inter- excellence, which qualifies students and faculty happy they’re created last month by national outrage at the highest levels — even members for extra support. It can also fund doing it.” US President Barack the president of Brazil cancelled a visit to the research indirectly through other agencies, and Obama to review United States because of the spying. so the total amount of support may be much NSA practices, protesting because the group Yet amid the uproar, NSA-supported math- higher. A leaked budget document says that does not include any independent technolo- ematicians and computer scientists have the NSA spends more than $400 million a year gists. remained mostly quiet, to the growing frus- on research and technology — although only Edward Felten, who studies computer secu- tration of others in similar fields. “Most have a fraction of this money might go to research rity at Princeton University in New Jersey, says never met a funding source they do not like,” outside the agency itself. that the NSA’s breach of security standards says Phillip Rogaway, a computer scientist at Many US researchers, especially those means that cryptographers will need to change the University of California, Davis, who has towards the basic-research end of the spec- what they call their threat model — the set of sworn not to accept NSA funding and is critical trum, are comfortable with the NSA’s need for assumptions about possible attacks to guard of other researchers’ silence. “And most of us their expertise. Christopher Monroe, a physi- against. Now the attacks might come from the have little sense of social responsibility.” cist at the University of Maryland in College home team. “There was a sense of certain lines Mathematicians and the NSA are certainly Park, is among them. He previously had an that NSA wouldn’t cross,” says Felten, “and now interdependent. The agency declares that it NSA grant for basic research on controlling we’re not so sure about that.” ■ 152 | NATURE | VOL 502 | 10 OCTOBER 2013 © 2013 Macmillan Publishers Limited. All rights reserved.
Load more

Recommended publications
  • A Critique of the Digital Millenium Copyright Act's
    THINKPIECE ACRITIQUE OF THE DIGITAL MILLENIUM COPYRIGHT ACT’S EXEMPTION ON ENCRYPTION RESEARCH: IS THE EXEMPTION TOO NARROW? VICKY KU I. INTRODUCTION.................................................................. 466 II. PART I: WHAT IS ENCRYPTION RESEARCH? ABRIEF HISTORY470 III. PART II: OVERVIEW OF SECTION 1201(A)(1) OF THE DMCA474 A. WHAT DOES IT SAY?.................................................... 474 B. WHAT WAS ITS INTENDED PURPOSE? .......................... 474 C. WHAT IS THE PURPOSE OF 1201(G)? ........................... 475 IV.PART III: IMPACT OF SECTION 1201(G) OF THE DMCA ON ENCRYPTION RESEARCH .................................................. 485 A. WHO IN THE ACADEMIC COMMUNITY HAS BEEN AFFECTED? .................................................................................. 485 V. PART IV: PROPOSED CHANGES TO THE DMCA.................. 488 VI.CONCLUSION ..................................................................... 489 Jointly reviewed and edited by Yale Journal of Law & Technology and International Journal of Communications Law & Policy. Author’s Note. 466 YALE JOURNAL OF LAW &TECHNOLOGY 2004-2005 ACRITIQUE OF THE DIGITAL MILLENIUM COPYRIGHT ACT’S EXEMPTION ON ENCRYPTION RESEARCH: IS THE EXEMPTION TOO NARROW? VICKY KU Section 1201(g) of the Digital Millennium Copyright Act (DMCA) is offered as an exemption for encryption research.1 However, the drafting of the exemption contradicts the purpose of copyright legislation under the terms of the Constitution, which is based upon the idea that the welfare
    [Show full text]
  • 1 in the SUPERIOR COURT of FULTON COUNTY STATE of GEORGIA DONNA CURLING, an Individual; ) ) COALITION for GOOD ) GOVERNANC
    IN THE SUPERIOR COURT OF FULTON COUNTY STATE OF GEORGIA DONNA CURLING, an individual; ) ) COALITION FOR GOOD ) GOVERNANCE, a non-profit corporation ) organized and existing under Colorado ) Law; ) ) DONNA PRICE, an individual; ) ) JEFFREY SCHOENBERG, an individual; ) ) LAURA DIGGES, an individual; ) ) WILLIAM DIGGES III, an individual; ) ) RICARDO DAVIS, an individual; ) ) Plaintiffs, ) ) v. ) CIVIL ACTION ) FILE NO.: 2017cv292233 BRIAN P. KEMP, in his individual ) capacity and his official capacity as ) Secretary of State of Georgia and ) Chair of the STATE ELECTION BOARD; ) DEMAND FOR ) JURY TRIAL DAVID J. WORLEY, REBECCA N. ) SULLIVAN, RALPH F. “RUSTY” ) SIMPSON, and SETH HARP, in their ) individual capacities and their official ) capacities as members of the STATE ) ELECTION BOARD; ) ) THE STATE ELECTION BOARD; ) ) RICHARD BARRON, in his individual ) capacity and his official capacity as ) 1 Director of the FULTON COUNTY ) BOARD OF REGISTRATION AND ) ELECTIONS; ) ) MARY CAROLE COONEY, VERNETTA ) NURIDDIN, DAVID J. BURGE, STAN ) MATARAZZO and AARON JOHNSON ) in their individual capacities and official ) capacities as members of the FULTON ) COUNTY BOARD OF REGISTRATION ) AND ELECTIONS; ) ) THE FULTON COUNTY BOARD OF ) REGISTRATION AND ELECTIONS; ) ) MAXINE DANIELS, in her individual ) capacity and her official capacity as ) Director of VOTER REGISTRATIONS ) AND ELECTIONS FOR DEKALB ) COUNTY; ) ) MICHAEL P. COVENY, ANTHONY ) LEWIS, LEONA PERRY, SAMUEL ) E. TILLMAN, and BAOKY N. VU ) in their individual capacities and official ) capacities as members of the DEKALB ) COUNTY BOARD OF REGISTRATIONS ) AND ELECTIONS; ) ) THE DEKALB COUNTY BOARD OF ) REGISTRATIONS AND ELECTIONS; ) ) JANINE EVELER, in her individual ) capacity and her official capacity as ) Director of the COBB COUNTY ) BOARD OF ELECTIONS AND ) REGISTRATION; ) ) PHIL DANIELL, FRED AIKEN, JOE ) PETTIT, JESSICA BROOKS, and ) 2 DARRYL O.
    [Show full text]
  • The Anti-Circumvention Amendments to the Hong Kong Copyright Ordinance
    Learning the Hard Way: The Anti-Circumvention Amendments to the Hong Kong Copyright Ordinance Robert S. Rogoyski* The 2007 Hong Kong Copyright Amendment Ordinance was passed as part of continuing efforts to balance the interests of copyright owners with the public benefits that flow from the use of copyrighted works. The anticircumvention provisions in the ordinance, closely modeled on the U.S. Digital Millennium Copyright Act (DMCA), create a complex new regime that regulates the circumvention of copy and access controls to copyrighted works, and contains a set of narrow exceptions for some scientific research. Both the specific text of the amendments, and U.S. experience with similar provisions in the DMCA give rise to serious concerns about the potential effects of this legislation. The anticircumvention amendments threaten fair dealing rights in Hong Kong because they unduly expand the power of copyright owners to control the actual use of their works, rendering fair dealing rights moot. Although the amendments provide exceptions for cryptography and security testing, the wording of the exceptions is problematic, and U.S. experience with very similar provisions in the DMCA shows that they will nevertheless chill legitimate research and harm consumers. I. INTRODUCTION ................................................................................... 36 II. THE CO ANTICIRCUMVENTION AMENDMENTS POSE A SERIOUS THREAT TO FAIR DEALING RIGHTS IN HONG KONG ............ 37 A. How Can This Be? ...................................................................
    [Show full text]
  • 1 Comment Of
    Comment of: Edward W. Felten Professor of Computer Science and Public Affairs J. Alex Halderman Department of Computer Science 35 Olden Street Princeton, NJ 08544 Princeton University Represented by: Deirdre K. Mulligan Director Aaron Perzanowski Law Clinic Intern Samuelson Law, Technology & Public Policy Clinic Boalt Hall University of California 346 North Addition Berkeley, CA 94720-7200 Office of the General Counsel U.S. Copyright Office James Madison Memorial Building, Room LM-401 101 Independence Avenue, SE. Washington, DC 20559-6000 December 1, 2005 Re: RM 2005-11 – Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies I. Proposed Class Of Works We respectfully request an exemption to § 1201(A)(1)(a) for sound recordings and audiovisual works distributed in compact disc format and protected by technological measures that impede access to lawfully purchased works by creating or exploiting security vulnerabilities that compromise the security of personal computers. The creation of security vulnerabilities includes running or installing rootkits or other software code that jeopardize the security of a computer or the data it contains. The exploitation of security vulnerabilities includes running or installing software protection measures without conspicuous notice and explicit consent and failing to provide a permanent and complete method of uninstalling or disabling the technological measure. 1 II. Summary of Argument Technological measures protecting works distributed on Compact Discs have been found to pose unreasonable security risks to consumers’ personal computers, corporate and government networks and the information infrastructure as a whole. Vulnerabilities inherent in widely distributed CD protection measures create the potential for a frightening range of abuses.
    [Show full text]
  • Case 1:13-Cv-03994-WHP Document 26 Filed 08/26/13 Page 1 of 48
    Case 1:13-cv-03994-WHP Document 26 Filed 08/26/13 Page 1 of 48 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK AMERICAN CIVIL LIBERTIES UNION; AMERICAN CIVIL LIBERTIES UNION FOUNDATION; NEW YORK CIVIL LIBERTIES UNION; and NEW YORK CIVIL LIBERTIES UNION FOUNDATION, Plaintiffs, v. No. 13-cv-03994 (WHP) JAMES R. CLAPPER, in his official capacity as ECF CASE Director of National Intelligence; KEITH B. ALEXANDER, in his official capacity as Director of the National Security Agency and Chief of the Central Security Service; CHARLES T. HAGEL, in his official capacity as Secretary of Defense; ERIC H. HOLDER, in his official capacity as Attorney General of the United States; and ROBERT S. MUELLER III, in his official capacity as Director of the Federal Bureau of Investigation, Defendants. MEMORANDUM OF LAW IN SUPPORT OF PLAINTIFFS’ MOTION FOR A PRELIMINARY INJUNCTION Case 1:13-cv-03994-WHP Document 26 Filed 08/26/13 Page 2 of 48 TABLE OF CONTENTS TABLE OF AUTHORITIES .......................................................................................................... ii Introduction ..................................................................................................................................... 1 Legal and Factual Background ....................................................................................................... 2 I. The Foreign Intelligence Surveillance Act ......................................................................... 2 II. The Mass Call-Tracking Program ......................................................................................
    [Show full text]
  • The Impossibility of Technology-Based Drm and a Modest Suggestion
    040 BLACK 04 9/18/2006 4:32 PM THE IMPOSSIBILITY OF TECHNOLOGY-BASED DRM AND A MODEST SUGGESTION JOHN BLACK∗ INTRODUCTION When I was a teenager in the late 1970’s, there was no World-Wide Web, no Internet, and no IBM PC. But I, along with a small group of friends, became obsessed with computers: the TRS-80 and the Apple were the targets of our passion. Each time a new computer game was announced, we awaited its release with great anticipation: not because we wanted to kill the dragon or get to level 37, but because we wanted to see how hard it was this time to remove the copy protection from the software. In those early days of personal computing, game manufacturers made perhaps one million dollars per year, and there were only a handful of companies. Few had ever heard of Microsoft, and there were no such things as CD burners or high-speed networks. So trying to control illegal copying (or “pirating” as it was already called back then) was a concern limited to just a few small companies. Today there are software companies with tens of billions of dollars in gross revenues, each with a strong vested interest in overseeing the legal distribution of their products. Additionally, media companies (in particular, music and film producers and distributors) continue their fight to control illegal distribution of their content, especially now in the presence of the $50 CD burner. To address these problems, media companies have turned to technology such as Digital Rights Management (DRM) to prevent copying and enforce protection of copyright.
    [Show full text]
  • Free Software, Free Society: Selected Essays of Richard M
    Free Software, Free Society Selected Essays of Richard M. Stallman Third Edition Richard M. Stallman This is the third edition of Free Software, Free Society: Selected Essays of Richard M. Stallman. Free Software Foundation 51 Franklin Street, Fifth Floor Boston, MA 02110-1335 Copyright c 2002, 2010, 2015 Free Software Foundation, Inc. Verbatim copying and distribution of this entire book are permitted worldwide, without royalty, in any medium, provided this notice is preserved. Permission is granted to copy and distribute translations of this book from the original English into another language provided the translation has been approved by the Free Software Foundation and the copyright notice and this permission notice are preserved on all copies. ISBN 978-0-9831592-5-4 Cover design and photograph by Kyle Winfree. iii Table of Contents Foreword to the Third Edition ::::::::::::::::::::::::::::::::::::::: iv Foreword to the First Edition :::::::::::::::::::::::::::::::::::::::: vi Preface ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: x Part I: The GNU Project and Free Software 1 What Is Free Software? :::::::::::::::::::::::::::::::::::::::::::: 3 2 The GNU Project :::::::::::::::::::::::::::::::::::::::::::::::::: 9 3 The Initial Announcement of the GNU Operating System ::: 26 4 Free Software Is Even More Important Now ::::::::::::::::::: 28 5 Why Schools Should Exclusively Use Free Software::::::::::: 34 6 Measures Governments Can Use to Promote Free Software :: 36 7 Why Free Software Needs Free Documentation::::::::::::::::
    [Show full text]
  • Separation of Ownership and the Authorization to Use Personal Computers: Unintended Effects of EU and US Law on IT Security Lukas Feiler
    Santa Clara High Technology Law Journal Volume 27 | Issue 1 Article 4 2010 Separation of Ownership and the Authorization to Use Personal Computers: Unintended Effects of EU and US Law on IT Security Lukas Feiler Follow this and additional works at: http://digitalcommons.law.scu.edu/chtlj Part of the Law Commons Recommended Citation Lukas Feiler, Separation of Ownership and the Authorization to Use Personal Computers: Unintended Effects of EU and US Law on IT Security, 27 Santa Clara High Tech. L.J. 131 (2012). Available at: http://digitalcommons.law.scu.edu/chtlj/vol27/iss1/4 This Article is brought to you for free and open access by the Journals at Santa Clara Law Digital Commons. It has been accepted for inclusion in Santa Clara High Technology Law Journal by an authorized administrator of Santa Clara Law Digital Commons. For more information, please contact [email protected]. SEPARATION OF OWNERSHIP AND THE AUTHORIZATION TO USE PERSONAL COMPUTERS: UNINTENDED EFFECTS OF EU AND US LAW ON IT SECURITY Lukas Feilert Abstract It used to be that owners ofpersonal computers typically hadfull and exclusive authorization to use their computers. This was primarily due to the open architecture introduced with the IBM PersonalComputer in the 1980s andproliferated in the 1990s. Recent developments bear evidence of an increasing disconnection between the concept of ownership and that of authorization to use a personal computer (including mobile devices such as notebooks, sub- notebooks, cell phones, smartphones, and PDAs): interference with the closed architecture employed by Apple's iPhone is claimed to constitute a violation under 17 U.
    [Show full text]
  • Statement on Legal Impediments to Cybersecurity Research May 1, 2015 (Updated May 21, 2015)
    Statement on Legal Impediments to Cybersecurity Research May 1, 2015 (updated May 21, 2015) Cybersecurity is an urgent national priority. Vulnerabilities in a wide range of digital devices, systems, and products, including critical infrastructures, can and have been exploited to undermine national security, economic prosperity, and personal privacy. The rapid emergence of the Internet of Things heightens the risk, as consumer products widely used in daily life, ranging from automobiles to medical devices to thermostats and home appliances, become connected to the Internet and thus vulnerable to remote manipulation, exploitation, and attack. The growing complexity and interdependencies among devices and networks compounds the risks, making it increasingly important to assess, and address, vulnerabilities in technically and socially complex real world settings. In this environment, cybersecurity research is vital. Security by obscurity – the notion that vulnerabilities can be kept hidden from adversaries – has failed in the past and is particularly poorly suited to today’s interconnected environment. Corporate, governmental, academic, and independent cybersecurity researchers all contribute to identifying and remediating cybersecurity vulnerabilities. However, there are serious legal impediments today to cybersecurity research. The Digital Millennium Copyright Act, the Computer Fraud and Abuse Act, and the web of statutes amended by the Electronic Communications Privacy Act all impose uncertain and potentially catastrophic liability on good-faith security research and the disclosure of security vulnerabilities. We, the undersigned, warn of the negative impact of these impediments, and we urge policymakers to address and mitigate them. Even in the face of these barriers, cybersecurity research has advanced the security, trustworthiness, and resilience of systems ranging from cyberphysical, to voting systems, to medical devices.
    [Show full text]
  • Anti-Circumvention Law: Harm to Expression, Self-Determination, Competition, and Access to Knowledge
    Anti-Circumvention Law: Harm to Expression, Self-Determination, Competition, and Access to Knowledge Statement of Kit Walsh Senior Staff Attorney Electronic Frontier Foundation September 10, 2020 As a senior attorney for the Electronic Frontier Foundation, I am grateful for this opportunity to share EFF’s experience with the damaging effects of US anti-circumvention law. For 30 years, EFF has represented the public interest in ensuring that law and technology support human rights and innovation. We have been involved in key cases and regulatory proceedings interpreting the anti-circumvention law in the United States. In the US and abroad, we have worked to ensure that copyright policy, legislation, and technological measures appropriately balance the rights of artists, authors, and the general public. As a legal services organization, we also counsel users whose legitimate, noninfringing activities are threatened by US anti-circumvention law. I am not, of course, an expert on Mexican law. But I hope this information on the US experience will be helpful. Summary: Anti-Circumvention Law Harms An Astonishing Breadth of Legitimate and Essential Activities In the United States, we have seen decades of chilling effects on security research, with students discouraged from pursuing the field because of threats of litigation. Companies are rarely pleased to learn about defects in their products and frequently want to conceal them or control the message – to the detriment of the public. Anti-circumvention law gives them a legal tool to intimidate researchers. We have seen educators hamstrung in their ability to teach media literacy and other topics that engage with popular culture.
    [Show full text]
  • Getting Ripped Off by Copy-Protected Cds;Note
    Journal of Legislation Volume 29 | Issue 1 Article 6 1-1-2003 Getting Ripped off yb Copy-Protected CDs;Note Ida Shum Follow this and additional works at: http://scholarship.law.nd.edu/jleg Recommended Citation Shum, Ida (2003) "Getting Ripped off yb Copy-Protected CDs;Note," Journal of Legislation: Vol. 29: Iss. 1, Article 6. Available at: http://scholarship.law.nd.edu/jleg/vol29/iss1/6 This Note is brought to you for free and open access by the Journal of Legislation at NDLScholarship. It has been accepted for inclusion in Journal of Legislation by an authorized administrator of NDLScholarship. For more information, please contact [email protected]. GETTING "RIPPED" OFF BY COPY-PROTECTED CDs Ida Shum * Without much fanfare, copy-protected compact discs ("CDs") found their way next to regular music CDs in record stores last year. On May 15, 2001, Charley Pride released the first commercial CD to use technology de- veloped by SunnComm called MediaCloq.' The technology prevents con- sumers from burning2 the CD or ripping3 tracks and compressing music into digital audio formats such as MP3.4 Record companies hope that copy- protected CDs can suppress the insidious effects of digital music piracy spurred by Napster and CD burners. Copy-protected CDs utilize technology aimed at protecting copyrights by disabling the burning and ripping of CDs. Copy-protected CDs prevent copying and strive to limit the means of sharing digital music files over the Internet. In September 2001, a consumer filed a suit against an independent record label and program manufacturer for embedding technology that blocked the listening of the CDs on a computer.' The disc's packaging car- ried a disclaimer warning that the CD could not be played with a DVD player6 and by extension, a computer with a DVD-ROM drive.
    [Show full text]
  • Prof. Ed Felten and Prof. J. Alex Halderman Prof
    Item A. Commenter Information Commenter: Prof. Ed Felten and Prof. J. Alex Halderman Prof. Felten is a computer scientist whose research interests include computer security and privacy, and public policy issues relating to information technology—specifically, software security, Internet security, electronic voting, cybersecurity policy, technology for government transparency, network neutrality, and Internet policy. Prof. Halderman is a computer scientist whose research focuses on computer security and privacy, with an emphasis on problems that broadly impact society and public policy, including software security, network security, data privacy, anonymity, electronic voting, censorship resistance, computer forensics, ethics, and cybercrime. Representative: Samuelson-Glushko Technology Law & Policy Clinic Colorado Law Blake E. Reid, Director Elizabeth Field and Justin Manusov, Student Attorneys Counsel to Prof. Felten and Prof. Halderman [email protected] 303-492-0548 Robert & Laura Hill Clinical Suite, 404 UCB Boulder, CO 80309-0404 Table of Contents Item A. Commenter Information ................................................................................... i Item B: Proposed Class Addressed—Computer Programs—Security Research ......... 1 Item C: Overview ........................................................................................................... 3 Item D: Technological Protection Measures and Methods of Circumvention ............ 6 Item E. Asserted Adverse Effects on Noninfringing Uses ..........................................
    [Show full text]