[Cryptography] Some bits from the 1981 NSA COMSEC Guide

ianG iang at iang.org
Sun Dec 27 09:36:14 EST 2015


In 1981, NSA wrote:

On 19/12/2015 01:48 am, Moritz Bartl wrote:
> https://www.fredericjacobs.com/blog/2015/12/18/COMSEC/

>      Another wedge, which as yet has not been driven with an appreciable
> force, is the fact that - overwhelmingly - the money underwriting
> serious unclassified academic research in cryptography comes from the
> Government itself. Among them are the National Science Foundation (NSF),
> the Office of Naval Research (ONR) and the Defense Advanced Research
> Projects Agency (DARPA). NSA supplies a little itself. The wedge is
> blunted because Government officials administering grants from most of
> these institutions have been drawn largely from the academic community
> who believe strongly in the value of research performed outside
> Government, and are sympathetic to concerns about abridgement of
> Academic Freedom.
>
> In following paragraphs, the author explains that NSA has tried to make
> more bridges with academia and convince them to be “reasonable”.



In 2015, Phil Rogaway wrote:
http://web.cs.ucdavis.edu/~rogaway/papers/moral-fn.pdf



In the United States, it would seem that the majority of extramural 
cryptographic funding may now come from the military.155 From 2000 to 
2010, fewer than 15% of the papers at CRYPTO that acknowledged U.S. 
extramural funding acknowledged DoD funding.156 In 2011, this rose to 
25%. From 2012 to 2015, it rose to 65%.157 Nowadays, many cryptographers 
put together a large patchwork of grants, the largest of which are 
usually DoD. The following funding acknowledgment isn’t so very atypical:

      This work was supported by NSF, the DARPA PROCEED program,
      an AFOSR MURI award, a grant from ONR, an IARPA project
      provided via DoI/NBC, and by Samsung.158

The military funding of science invariably redirects it159 and creates 
moral hazards.160 Yet suggesting to someone that they might want to 
reconsider their taking DoD funding may anger even a placid colleague, 
for it will be perceived as an assault both on ones character and his 
ability to succeed.

No matter what people say, our scientific work does change in response 
to sponsor’s institutional aims. These aims may not be one’s own. For 
example, the mission of DARPA is "to invest in the breakthrough 
technologies that can create the next generation of [U.S.] national 
security capabilities." Having begun in the wake of Sputnik, the agency 
speaks of avoiding technological surprise—and creating it for America’s 
enemies.161 In the USA, the NSA advises other DoD agencies on 
crypto-related grants. At least sometimes, they advise the NSF. Back in 
1996, the NSA tried to quash my own NSF CAREER award. I learned this 
from my former NSF program manager, Dana Latch, who not only refused the 
NSA request, but, annoyed by it, told me. An internal history of the NSA 
reports on the mistake of theirs that allowed funding the grant leading 
to RSA.

NSA had reviewed the Rivest [grant] application, but the wording was so 
general that the Agency did not spot the threat and passed it back to 
NSF without comment. Since the technique had been jointly funded by NSF 
and the Office of Naval Research, NSA’s new director, Admiral Bobby 
Inman, visited the director of ONR to secure a commitment that ONR would 
get NSA’s coordination on all such future grant proposals.162
People are often happy to get funding, regardless of its source. But I 
would suggest that if a funding agency embraces values inconsistent with 
your own, then maybe you shouldn’t take their money. Institutions have 
values, no less than men. Perhaps, in the modern era, they even have more.

Large organization have multiple and sometimes conflicting aims. 
Military organizations with offensive and defensive roles in 
cybersecurity have COIs built into their design. Individuals are wrong 
to assume that their work is non-military work errantly funded by the 
military.

In his farewell address of 1961, President Dwight D. Eisenhower 
introduced the phrase, and concept, of the military-industrial complex. 
In an earlier version of that speech, Eisenhower tellingly called it the 
military-industrial-academic complex.163 If scientists wish to reverse 
our complicity in this convergence of interests, maybe we need to step 
away from this trough.

None of this was clear to me when I first joined the university. A few 
years ago I joined in on a DoD grant proposal (fortunately, unfunded), 
which I would not do today. It took me a long time to realize what 
eventually became obvious to me: that the funding we take both impacts 
our beliefs and reflects on them.

In the end, a major reason that crypto-for-privacy has fared poorly is 
that funding agencies don’t want to see progress in this direction,164 
and most People will of course point to Tor as a counterexample; it has 
received funding from DARPA, ONR, the State Department. I don’t think 
there’s much to explain. Even companies don’t want progress here, 
either. Cryptographers have internalized this. Mostly, we’ve been in the 
business of helping business and government keep things safe. 
Governments and companies have become our “customers,” not some ragtag 
activists, journalists, or dissidents, and not some abstract notion of 
the people. Crypto-for-privacy will fare better when cryptographers stop 
taking DoD funds and, more than that, start thinking of a very different 
constituency for our output.

◃ Think twice, and then again, about accepting military funding.165

◃ Regard ordinary people as those whose needs you ultimately aim to 
satisfy.

-- 
end.


More information about the cryptography mailing list