Skip to the Main Content

Note:These pages make extensive use of the latest XHTML and CSS Standards. They ought to look great in any standards-compliant modern browser. Unfortunately, they will probably look horrible in older browsers, like Netscape 4.x and IE 4.x. Moreover, many posts use MathML, which is, currently only supported in Mozilla. My best suggestion (and you will thank me when surfing an ever-increasing number of sites on the web which have been crafted to use the new standards) is to upgrade to the latest version of your browser. If that's not possible, consider moving to the Standards-compliant and open-source Mozilla browser.

February 4, 2015

More on the AMS and NSA

Posted by Tom Leinster

Just a quickie. This month’s Notices of the AMS ran an article by Michael Wertheimer, recently-retired Director of Research at the NSA, largely about the accusation that the NSA deliberately created a backdoor in a standard cryptographic utility so that they could decode the messages of anyone using it.

Wertheimer’s protestations garnered an unusual amount of press and a great deal of scepticism (e.g. Le Monde, Ars Technica, The Register, Peter Woit, me), with the scepticism especially coming from crypto experts (e.g. Matthew Green, Ethan Heilman).

Some of those experts — also including Bruce Schneier — are writing to the Notices pointing out how misleading Wertheimer’s piece was, with ample historical evidence. And crucially: that in everything Wertheimer wrote, he never actually denied that the NSA created a backdoor.

If you support this letter — and if more broadly, you think it’s important that the AMS reconsiders its relationship with the NSA — then you can add your signature.

Update:   The letter from Green, Heilman and Schneier has just appeared in the June/July 2015 issue of the Notices of the AMS, under the title “Misleading mathematicians”.

Posted at February 4, 2015 2:37 AM UTC

TrackBack URL for this Entry:   https://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/2802



21 Comments & 0 Trackbacks

Re: More on the AMS and NSA

Having signed this letter, I can’t help but want to add to it. Of course I can’t, since that would invalidate all the current signatures–and I think it is quite effective at making important points the way it is.

My usual mode of operation is avoid shaming and accusing until I am convinced that I can discern the motives and the ethical (or unethical) decision making process of the people I’m criticizing. I may often err badly in this reticence. Of course the NSA is a large agency and thus probably contains people acting altruistically as well as selfishly. Problem is, it might be hard to tell which is which with all the secrecy.

And that’s what I would add. It seems that there comes a point at which the secrecy can have diminishing returns. It begins with “at all costs, keep the enemy in the dark about our true capability.” This can be an important tactic in defeating mortal enemies: witness the willful deceptions that took place after Enigma was broken. However the intelligence agencies have got to figure out how to transition from that mindset to a more civilian one, or else the freedom won in wartime will have a short shelf life.

We like to hear about the Allies winning with clever obfuscations of the truth about their surveillance capabilities. Sure beats inhumane treatment of captives! If it comes out tomorrow that Boko Haram, ISIS or Al Queda are hindered from bloodshed and torture with the help of back-doored encryption I’ll applaud. Maybe the key is to a) periodically go transparent and shine the light on intelligence tactics, followed by b) recruiting the best minds to develop new ones. I don’t know how that period can be optimized (assuming the parallel goals of protecting life and civil liberties), but it sure seems less than optimal just now.

Posted by: stefan on February 4, 2015 4:10 PM | Permalink | Reply to this

Re: More on the AMS and NSA

To be clear about my above sentiments: I’d be happy for the fact that people were spared a horrible fate, not that freedoms suffered in the process. Quite aside from whether secret back-doors can be ethical themselves is the fact that any public deception is deeply problematic for another reason–in this case, the freedom that suffers is more than just privacy, press or speech. When elected officials or their appointees mislead the voters, the very foundation of democracy–an informed choice–is threatened.

Posted by: stefan on February 9, 2015 2:50 AM | Permalink | Reply to this

Re: More on the AMS and NSA

Not to worry, I think your meaning was entirely clear all along!

I agree, the subversion of democracy is a very worrying feature of all this. One aspect is the curtailment of democratic freedoms for activists, which I’ve written about before. But another, as you point out, is the very fact that these massive programmes became operational without the slightest hint of a popular mandate — because the public was entirely ignorant of their existence.

Posted by: Tom Leinster on February 13, 2015 3:25 AM | Permalink | Reply to this

Re: More on the AMS and NSA

Thanks, added.

Posted by: Bruce Bartlett on February 11, 2015 12:32 PM | Permalink | Reply to this

Re: More on the AMS and NSA

Breaking: Kaspersky Exposes NSA’s Worldwide, Backdoor Hacking of Virtually All Hard-Drive Firmware

Posted by: Zoran Skoda on February 17, 2015 5:43 PM | Permalink | Reply to this

Re: More on the AMS and NSA

There is a detailed report on the relationship between the NSA and the AMS in January’s Science magazine. (Unfortunately paywalled unless you are at a University library.) However there are summaries and discussion at slashdot and Not Even Wrong by Peter Woit. Lots to think about.

Posted by: stefan on February 21, 2015 2:29 PM | Permalink | Reply to this

Re: More on the AMS and NSA

Hi Stefan, the first link goes to your home page rather than the paywalled article. Fortunately I saved it when it came out. As it’s only three pages, maybe no one will mind if I put it up: here it is.

Posted by: Tom Leinster on February 21, 2015 3:59 PM | Permalink | Reply to this

Re: More on the AMS and NSA

In case you haven’t noticed, there’s an ad for the NSA right at the end of an article about the 20 years of the Morgan Prize in the april issue of the Notices http://www.ams.org/notices/201504/rnoti-p395.pdf

Posted by: a_remark01 on March 21, 2015 8:26 AM | Permalink | Reply to this

Re: More on the AMS and NSA

Thanks! The same issue has this comprehensive critique of both mass surveillance policies and back-doored encryption standards. Also there is a letter to the editor, which goes over some more details on the latter theme.

The longer article by Bart Preneel I just linked makes a call to action, for mathematicians and computer scientists as well as social and legal scholars to work out ways of “reconcil[ing] these conflicting requirements” of privacy, security, and transparent oversight of the security agencies. Sounds like a good goal, for mathematicians both inside and outside of these security agencies.

Posted by: stefan on March 22, 2015 3:52 PM | Permalink | Reply to this

Re: More on the AMS and NSA

A couple of time-sensitive items about the NSA, especially government bulk collection of phone records in the US.

First, for those who are interested in the topic and would like to learn more and perhaps take action, this is a crucial time. Since the PATRIOT Act is due to expire at the end of this month Congress will be debating and likely acting on its most controversial portion, section 215. This is the section that is used to justify bulk collection of telephone call records. You may have heard that this collection was recently ruled to be illegal, but that the court stopped short of saying “unconstitutional” and is allowing Congress to rewrite the law either way it likes.

Definitely learn more about the options, by reading about the Freedom Act passed by the House and coming up for a vote in the Senate. There is a lot of criticism. The links I’ll provide next are automated ways to weigh in as Congress decides both on the Freedom Act and the extension of the Patriot Act. They are all on the side of letting Section 215 expire, and on the side of holding out for legislation that is more comprehensive than the Freedom Act. Here is a petition to sign posted by the ACLU. Here is a place to send email to Representatives and Senators, hosted by the EFF. From AmnestyUSA another petition. Finally a link from FFTF where you can again sign a petition/send email, and see a breakdown of how Senators are leaning, state by state.

Secondly, a little update about my own research support through the NSA’s Mathematical Science program. In a previous post I asked for advice on this issue, and got lots of great suggestions which I have been trying to implement. One of the ideas suggested, and reiterated in the ensuing conversation, was to include a disclaimer of some kind in any paper produced by this research project. I now have a paper on the arXiv and submitted for publication, which includes as part of my acknowledgements a pointed comment and a reference to my earlier published opinion piece. Feel free to comment on the appropriateness–there is still time to adjust the wording!

Posted by: stefan on May 22, 2015 12:58 PM | Permalink | Reply to this

Re: More on the AMS and NSA

The letter from Matthew Green, Ethan Heilman and Bruce Schneier has just appeared in the Notices, and very good it is too.

Posted by: Tom Leinster on June 10, 2015 12:22 AM | Permalink | Reply to this

Re: More on the AMS and NSA

Incidentally, the Notices of the AMS has an excellent record of publishing opinions and debate on this topic. But it’s a shame the AMS leadership hasn’t been equally responsive.

For instance, back in February, the Notices published my letter entitled “The AMS must justify its support of the NSA”. Has the AMS justified its support of the NSA? No. Or at least, in no way that I’ve noticed.

Those who run the AMS may have reasoned motives for continuing to work with the NSA on the running of grants, publishing NSA job ads, and so on. I don’t think they should do these things, but doubtless others disagree. What seems to me to be beyond debate, however, is that the AMS leadership should publicly set out its reasons for continuing to collaborate with the NSA.

I’m disappointed that it hasn’t done so, and slightly surprised. It spoils my impression of the AMS as an open and responsive members’ organization.

Posted by: Tom Leinster on June 10, 2015 12:38 AM | Permalink | Reply to this

Re: More on the AMS and NSA

I am surprised by your surprise. Or maybe I am misunderstanding what you are saying.

If you are an organization that is carrying out a policy that’s hard to justify, would you try to justify it and risk looking ridiculous? Or would you just carry on and pretend that nothing is amiss?

Posted by: Eugene on June 10, 2015 7:25 PM | Permalink | Reply to this

Re: More on the AMS and NSA

I think you correctly understood me. Maybe I’m just naive. I had a positive impression of the AMS as communicative and responsive, but this is now being contradicted by the evidence.

Posted by: Tom Leinster on June 11, 2015 12:58 PM | Permalink | Reply to this

Re: More on the AMS and NSA

Eugene wrote:

If you are an organization that is carrying out a policy that’s hard to justify, would you try to justify it and risk looking ridiculous? Or would you just carry on and pretend that nothing is amiss?

I’d like to give the AMS the benefit of the doubt and say something like,

If you are a large organization that has been carrying out a policy which appeared reasonable in the past but which seems less justifiable in light of newly available information, it is reasonable to take some time to consider the situation carefully before making policy changes or definitive public statements.

Some number of months ago I might have indeed said something like that, but the amount of time the AMS has already taken is, as Tom says, disappointing and surprising. As far as I can tell the AMS leadership haven’t so much as said, “We need to consider the situation carefully and we’ll get back to you in due time.”

Posted by: Mark Meckes on June 12, 2015 8:39 AM | Permalink | Reply to this

Re: More on the AMS and NSA

Right, Mark’s expressing what I wanted to say more clearly than I did.

I was suspicious of the intelligence agencies pre-Snowden: as I mentioned before, in 2003 I applied for a postdoc position at Cambridge that would have involved summers at GCHQ, and even back then I had serious misgivings. But clearly the Snowden revelations have both:

  1. vastly increased our knowledge of what the agencies do, and

  2. caused serious concern among many mathematicians, and in particular members of the AMS.

So it’s disappointing that the AMS leadership seems to have made no public statement — nor their UK equivalents, the LMS, for that matter.

It’s similarly disappointing that British mathematics departments heavily involved with GCHQ haven’t engaged. It’s common knowledge among British mathematicians that places such as Bristol, Cambridge and London supply a lot of mathematicians to GCHQ. Why are the heads of department staying silent? Are they frightened of public debate?

Posted by: Tom Leinster on June 12, 2015 12:41 PM | Permalink | Reply to this

Re: More on the AMS and NSA

Tom, Mark,

I suppose you are right. A more plausible (and less harsh) explanation for the silence is that the leadership of the AMS (and of the LMS) simply cannot agree on what to say.

Posted by: Eugene on June 13, 2015 2:34 PM | Permalink | Reply to this

Re: More on the AMS and NSA

I think it’s natural for people and organizations who have a long-established relationship with these intelligence agencies to hope “it will all blow over”. There’s actually a good chance it will.

Posted by: John Baez on June 15, 2015 12:30 PM | Permalink | Reply to this

Re: More on the AMS and NSA

I’m sure the mathematicians who continue to work for/with the NSA et al. do hope that it will “blow over”.

But they’re mistaken if they think that this “blowing over” is an innocent, passive process. E.g. here’s the start of a recent news article:

A bipartisan group of Washington lawmakers solicited details from Pentagon officials that they could use to “damage” former NSA contractor Edward Snowden’s “credibility in the press and the court of public opinion.”

(Exclusive: inside Washington’s quest to bring down Edward Snowden. Vice, 4 June 2015.) See also this extraordinary piece of smearing.

It’s hardly surprising that agencies specializing in deception and concealment should engage in underhand tactics. But mathematicians who continue to collaborate with them shouldn’t be under any illusion about it.

Posted by: Tom Leinster on June 15, 2015 12:57 PM | Permalink | Reply to this

Re: More on the AMS and NSA

There’s a bit of progress. With logjam we now have a better idea about the vulnerabilities that the NSA was (likely) exploiting. This is within reach of other states and criminals too. With type theory we are now getting to the state that we can prove that such bugs are absent by formalizing the process from abstract crypto all the way to machine code.

Perhaps, the recent leak of 14 million SF 86 records will give the responsible government employees some sense of perspective (Federal employees and contractors who want government-security clearance have to disclose virtually every aspect of their lives via an SF 86 questionnaire, which is then stored on OPM’s largely unencrypted database.) This may induce them to focus more on defence. We are all using the some technology.

Posted by: Bas Spitters on June 15, 2015 9:31 PM | Permalink | Reply to this

Re: More on the AMS and NSA

People may be interested to know that NIST has droppped Dual_EC_DRBG. This was pointed out by a commenter on Peter Woit’s blog.

Posted by: David Roberts on June 29, 2015 9:04 AM | Permalink | Reply to this

Post a New Comment