[Cryptography] Some bits from the 1981 NSA COMSEC Guide
iang at iang.org
Sun Dec 27 09:36:14 EST 2015
In 1981, NSA wrote:
On 19/12/2015 01:48 am, Moritz Bartl wrote:
> Another wedge, which as yet has not been driven with an appreciable
> force, is the fact that - overwhelmingly - the money underwriting
> serious unclassified academic research in cryptography comes from the
> Government itself. Among them are the National Science Foundation (NSF),
> the Office of Naval Research (ONR) and the Defense Advanced Research
> Projects Agency (DARPA). NSA supplies a little itself. The wedge is
> blunted because Government officials administering grants from most of
> these institutions have been drawn largely from the academic community
> who believe strongly in the value of research performed outside
> Government, and are sympathetic to concerns about abridgement of
> Academic Freedom.
> In following paragraphs, the author explains that NSA has tried to make
> more bridges with academia and convince them to be “reasonable”.
In 2015, Phil Rogaway wrote:
In the United States, it would seem that the majority of extramural
cryptographic funding may now come from the military.155 From 2000 to
2010, fewer than 15% of the papers at CRYPTO that acknowledged U.S.
extramural funding acknowledged DoD funding.156 In 2011, this rose to
25%. From 2012 to 2015, it rose to 65%.157 Nowadays, many cryptographers
put together a large patchwork of grants, the largest of which are
usually DoD. The following funding acknowledgment isn’t so very atypical:
This work was supported by NSF, the DARPA PROCEED program,
an AFOSR MURI award, a grant from ONR, an IARPA project
provided via DoI/NBC, and by Samsung.158
The military funding of science invariably redirects it159 and creates
moral hazards.160 Yet suggesting to someone that they might want to
reconsider their taking DoD funding may anger even a placid colleague,
for it will be perceived as an assault both on ones character and his
ability to succeed.
No matter what people say, our scientific work does change in response
to sponsor’s institutional aims. These aims may not be one’s own. For
example, the mission of DARPA is "to invest in the breakthrough
technologies that can create the next generation of [U.S.] national
security capabilities." Having begun in the wake of Sputnik, the agency
speaks of avoiding technological surprise—and creating it for America’s
enemies.161 In the USA, the NSA advises other DoD agencies on
crypto-related grants. At least sometimes, they advise the NSF. Back in
1996, the NSA tried to quash my own NSF CAREER award. I learned this
from my former NSF program manager, Dana Latch, who not only refused the
NSA request, but, annoyed by it, told me. An internal history of the NSA
reports on the mistake of theirs that allowed funding the grant leading
NSA had reviewed the Rivest [grant] application, but the wording was so
general that the Agency did not spot the threat and passed it back to
NSF without comment. Since the technique had been jointly funded by NSF
and the Office of Naval Research, NSA’s new director, Admiral Bobby
Inman, visited the director of ONR to secure a commitment that ONR would
get NSA’s coordination on all such future grant proposals.162
People are often happy to get funding, regardless of its source. But I
would suggest that if a funding agency embraces values inconsistent with
your own, then maybe you shouldn’t take their money. Institutions have
values, no less than men. Perhaps, in the modern era, they even have more.
Large organization have multiple and sometimes conflicting aims.
Military organizations with offensive and defensive roles in
cybersecurity have COIs built into their design. Individuals are wrong
to assume that their work is non-military work errantly funded by the
In his farewell address of 1961, President Dwight D. Eisenhower
introduced the phrase, and concept, of the military-industrial complex.
In an earlier version of that speech, Eisenhower tellingly called it the
military-industrial-academic complex.163 If scientists wish to reverse
our complicity in this convergence of interests, maybe we need to step
away from this trough.
None of this was clear to me when I first joined the university. A few
years ago I joined in on a DoD grant proposal (fortunately, unfunded),
which I would not do today. It took me a long time to realize what
eventually became obvious to me: that the funding we take both impacts
our beliefs and reflects on them.
In the end, a major reason that crypto-for-privacy has fared poorly is
that funding agencies don’t want to see progress in this direction,164
and most People will of course point to Tor as a counterexample; it has
received funding from DARPA, ONR, the State Department. I don’t think
there’s much to explain. Even companies don’t want progress here,
either. Cryptographers have internalized this. Mostly, we’ve been in the
business of helping business and government keep things safe.
Governments and companies have become our “customers,” not some ragtag
activists, journalists, or dissidents, and not some abstract notion of
the people. Crypto-for-privacy will fare better when cryptographers stop
taking DoD funds and, more than that, start thinking of a very different
constituency for our output.
◃ Think twice, and then again, about accepting military funding.165
◃ Regard ordinary people as those whose needs you ultimately aim to
More information about the cryptography