[Cryptography] how could ECC params be subverted & other evidence

Tue Sep 10 18:03:58 EDT 2013

On Sep 10, 2013, at 5:45 PM, Perry E. Metzger <perry at piermont.com> wrote:
>> [DBRG] seemed like a really weird place to put a backdoor, because
>> it was insanely slow, and it seemed unlikely to get any significant
>> use.
> As an aside, this is just the instance we know about, partially
> because they screwed up, partially because the New York Times saw fit
> to let us have confirmation of what was suspected in public....
Also keep in mind that we're not seeing the full documents exfiltrated by Snowden.  Snowden may have marked some material as "not for public release" when he gave it to the papers; the papers themselves go over it; and the papers have told us that they also talk to the government and sometimes are asked not to release certain material - though they may ignore the request.  I would also assume that the newspapers have gotten some technically competent people involved to advise them as well.

It's possible that the original documents hinted at other places that the the NSA mounted such attacks.  This is getting very close to "means and methods", and the government may have requested that none of this be released.  But the newspapers could well have pushed back and decided that the fact of such attacks is too important to suppress completely, so they compromised by only mentioning an attack with little practical import.

                                                        -- Jerry

PS  After the harassment of David Miranda in the UK, Glenn Greenwald responded that in retaliation he would now release even more material than he had previously planned.  And, in fact, there's been some recent trend for the material leaked to be more specific.  I have my doubts that personal pique should have a role in the journalistic process, but Greenwald is only human. 

We're in an unprecedented situation - though one much discussed in many spy thriller and science fiction books in the past - where a small group of individuals has (apparently well protected) access to information that can do really serious damage to a large organization.  One wonders if the intelligence community has quite come to grips with what a dangerous position they have found themselves in.