<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Jul 12, 2014 at 9:29 AM, John Kelsey <span dir="ltr"><<a href="mailto:crypto.jmk@gmail.com" target="_blank">crypto.jmk@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=""><br>
> On Jul 11, 2014, at 7:20 AM, ianG <<a href="mailto:iang@iang.org">iang@iang.org</a>> wrote:<br>
><br>
>> On 9/07/2014 17:18 pm, John Kelsey wrote:<br>
>> To the extent clearances do what they're supposed to do, they should indicate less risk of compromise to the project--less blackmail or bribery potential, for example.<br>
><br>
><br>
> Well, there are clearances that we do on our people, and the clearances<br>
> that our enemy does on his people. We're talking about the latter, so<br>
> following your train of thought, we are dealing with (a) a signal of<br>
> something, and (b) people who are already compromised ... by the issuer<br>
> of the clearance, aka, the enemy.<br>
<br>
</div>There isn't *one* enemy sitting in Ft Meade (or Mordor). There are hundreds of potential enemies. Blackmail and bribery are generic techniques that can be used to compromise people--they can be used by the US government, foreign governments, private criminals, activists, *anyone*. If the security clearance investigation excludes the people who would have been most susceptible to those techniques, then having passed it adds some value. How much? That, I don't know.</blockquote>
<div><br></div><div>What it is meant to do is to discourage the worst security risks from applying in the first place. It also ensures that an enemy attempting blackmail has to dig deeper than the positive vetting process. And in the pre-electronic age that would be difficult to do without making a lot of noise.</div>
<div><br></div><div><br></div><div>The possibility of subversion by government agencies is always going to be there, if not Ft Meade then the Kremlin, IRG, etc. The only difference with Ft. Meade is that we do actually have a possible defense in moral suasion.</div>
<div><br></div><div>Snowden defected because he believed that the NSA had crossed the line and became a threat to democracy in the US. So the question needs to be asked where the line should be drawn. And this is an issue I have discussed with ex-Directors of the NSA so don't dismiss my analysis out of hand as overly left wing/libertarian. </div>
<div><br></div><div><br></div><div>Ft. Meade isn't the enemy.</div><div><br></div><div>Its the people inside and only some of them that are the concern. One of the first things I learned in politics was that everyone has their own agenda and that almost none of the people who get to the top give a hang about patriotism or the good of the country. They like to think that they do but they find excuses and pretexts for considering their own self interest the national interest.</div>
<div><br></div><div>The US government is not the enemy but its agencies are the only threat. Yes Putin is a dictator slowly turning Russia into a Fascist regime. They have done Communism and it is discredited, Fascism is the only political model they have left. But at the end of the day Russia has 750K men under arms and most of their equipment is from the 70s at best. Russia can barely keep hold of Crimea and has been forced to abandon attempts to annexe East Ukraine. Their least awful noncontiguous ally is Iran (!) China has deliberately entangled its economy with the US so that a war between the two would destroy both, it is thus not a threat either.</div>
<div><br></div><div><br></div><div>The problem with Ft Meade is that (1) it is a military organization that is spying on the bulk of the civilian population (2) Until the mid 1970s a country was far more likely to suffer a coup by treasonous colonels than an external invasion. (3) Most of those coups, including many against democracies were engineered with the help of the Enigma type decryption capabilities performed at Fort Meade.</div>
<div><br></div><div>Given the volume of anti-constitutional chatter on the right in the US and the marked preference of the NSA/CIA for suppressing elected governments they consider to be intolerably left wing, I see Fort Meade as a real threat. So did President Eisenhower, quite possibly because the coup in Iran was organized without his advance knowledge.</div>
<div><br></div><div><br></div><div>At the moment we have a lack of balance and too much concentration of power in the hands of the NSA generals. Deploying strong civilian cryptography is a necessary counterbalance but so is developing a set of norms for cyber-engagement.</div>
<div><br></div><div>I have been pushing for the adoption of a norm that we consider cyber attacks of all types against civilian infrastructure in the same class as terrorism. This is of course anathema to people who have built their careers around attacking things and blowing them up.</div>
<div><br></div><div>I do not of course expect the adoption of such a norm to be immediately observed by any side. But I do think that we can put a stop to NSA attempts to sabotage civilian cryptography efforts. And if that happens it will be in their interest to make sure nobody else is doing the same thing.</div>
<div><br></div><div><br></div><div>For years, I have been arguing that open source code is no more secure than proprietary, it is only the small subset of open source code that has been extensively reviewed that is more secure. I still stick to that analysis except that there is now a caveat: Any code base that is widely used is now going to be scrutinized for potential vulnerabilities by foreign and domestic spy agencies. In the past the NSA assumed it was the only party doing this analysis and kept schtum when it discovered something. What is the NSA going to do now when it knows that the Russian, Iranian and Chinese intelligence services are looking at least as hard as they are?</div>
<div><br></div><div><br></div></div></div></div>