[Cryptography] TAO, NSA crypto backdoor program

John Kelsey crypto.jmk at gmail.com
Mon Dec 30 16:26:19 EST 2013 

It's not "have you no decency," it's "have you no limits?"  The answer is apparently no.  The Snowden dlsclosures and related disclosures have shown NSA attacking:

a.  US government standards
b.  US companies' networks
c.  US companies' products
d.  US citizens' computers and private communications
d.  Allied governments
e.  Foreign companies' networks
f.   Foreign companies' products
g.  Foreigners communicating inside their own countries
h.  The UN and other NGOs

etc.  The justification for this was terrorism, but apparently there's not much evidence that it stopped any terrorism (kinda like the TSA), and it looks like it's been used for all kinds of other stuff--fighting the drug war, tracking down whistleblowers, spying on journalists, economic espionage, spying on negotiators before hammering out treaties on stuff like intellectual property, etc.  

At some point, probably ultimately originating in 9/11, they seem to have gotten the message that there *were* no limits on what they were permitted to do--at the very least, that message seems to have gotten to NSA and CIA.  We have seen open violation of the written laws in domestic spying scandals and torture scandals, and nobody faced any legal consequences but the whistleblowers.  

The first response to this needs to be to send the message to them that there are limits, that rules and laws apply to them.  That message needs to have teeth--subpoenas, drastic budget cuts, congressional hearings, the whole bit.  

That isn't going to happen anytime soon--the leadership of the two big parties has zero interest in reiniing this stuff in.  Whether that's because of their genuine belief in the need for unlimited power for the spy agencies, or the *really detailed* files the spy agencies have on key members of both parties, I don't know.  But every time the spy agencies show that they can get away with *anything* and nobody faces any consequences, it becomes more plausible that there's something more than good salesmanship by the intelligence agencies going on.  

The only way I see this happening is for there to be a popular movement against unlimited unaccountable intelligence agencies doing whatever they please in the US.  I would love to see this happen.  I'm kind-of worried that the way our media works, any such movement will be black-holed or marginalized or channeled into more acceptable-to-the-powerful issues.  

And that only deals with the first step that's needed.  The US is certainly not the only government doing this crap.  Figuring out how to resist nation-state level attackers will be hard even if we can ever get our own government not to be among the attackers.  

--John

More information about the cryptography mailing list