Cryptography

The History and Mathematics of Codes and Code Breaking

Tag: NSA Page 1 of 3

How Much Should We Hide?

In the least controversial way possible, I believe this can be related to arguments for and against the second amendment. In a sense, cryptography, similar to guns, can be easily weaponized. If a person encrypts a message it is because it contains something extreme that they do not want to get out to the public. The key is the word ‘extreme’. For instance, I wouldn't want the world to know if I had cheated on my S.O., however I would not encrypt an email to my friend discussing the incident considering my everyday acquaintances would not take the time to decipher it, and the people that could decipher it would find no use in the information. On the contrary, if I was planning an event that impedes on national security I would most likely encrypt it considering the U.S. government would probably take special interest in its content. In this case, I understand why the everyday person should not be able to encrypt their messages.

Encryption could also, however, be used to save us in the future. For instance, if for some reason the government turned against the people, we should be able to use cryptography to fight back. If the NSA has full knowledge of our lives they could easily control us or keep us contained in the extreme case of a large uprising. 

 

For The Greater Good

The National Security Agency has been criticized for decades due to the very nature of its purpose; no one likes the idea that someone can read their emails, listen to their phone calls, or act as an observant third-party on any private two-way communication. But, at the end of the day, so long as the government in and of itself is not a bad actor, the NSA's sole purpose is to facilitate the protection of the citizenry.

Enter the Data Encryption Standard, a new cipher for the computer age and employed up to 16 enciphering keys to encode blocks of text, designed as a joint venture between IBM and the NSA. While simple enough on the surface, the technique created billions upon billions of possible permutations, so many that the even the most state-of-the-art computers of the time would have trouble cracking it. So what's the problem? Wouldn't it be a good thing that after so many years, civilians finally had access to perfect privacy? Well, not if its the height of the Cold War; not if Russian agents could use that very same ultra-secure network to plot attacks or demonstrations to undermine western democracy.

The NSA, vigil as ever, took notice of this inherent risk of the system, and handicapped the DES, leaving it susceptible to brute force attack from their machines, but relatively impervious to commercially available computers. This way, the NSA could still intercept messages sent over private networks, monitoring their content while still allowing a degree of security from unwanted prying eyes. In this sense, the NSA's decision to handicap the DES was justified, as their reasoning to do so was in line with their cardinal purpose: facilitate the safety and security of the citizenry. In allowing the DES to remain too complicated for commercial computers to crack, the NSA even allowed for the enhancement of civilian privacy while not contradicting their inherent purpose. To this end, the NSA was justified in their actions, as their building in a weakness was not to completely destroy the concept of digital purpose, but rather to better enable their ability to intercept and act on potentially malicious communications; their decision was ultimately for the greater good.

The NSA is okay ... Technically.

The NSA seeks to act in its best interests. Therefore the release of the DES should come as no surprise to anyone. Though technically created by IBM, NSA was heavily involved in the creation process. At the center of the encryption are the substitution S-tables, the part where the NSA had the most involvement. Naturally this created suspicion that the NSA put a backdoor in the tables with which they were able to decode every message in seconds. However the NSA also intended the algorithm to be used for its own classified documents. Motivated by historical examples of supposedly perfectly secure ciphers, NSA knew that if it put in a logical caveat into the algorithm eventually it would be found. Therefore the only logical idea was to make it so that ONLY the NSA could break the cipher. One thing that the NSA had above every genius individual or organization was resources. Therefore it made the DES only solvable with brute force attacks, hoping that for the foreseeable future, only the NSA would have the necessary technology to conduct such an attack. Though potentially a moral grey area, the NSA did not do anything wrong technically, as a senate committee which investigated the project found. Making DES a government standard did not force any one business to use it. Interestingly, it seems that the NSA did not learn its lesson from all the backlash it received, as during 1987 it implemented the Capstone project which primarily created the SHA-1 hash function to use as a standard for password encryption. Though it has yet to be determined whether the NSA created a backdoor, SHA-1 is no longer considered secure, and just as the DES has been updated through a public competition.

With an advance in technology, the use of computers for encryption technology wasn't just limited to the military and government. Increasingly, civilian businesses began using encryption and cryptography to encode their messages. In an attempt to standardize encryption across the United States, the National Bureau of Standards looked to Lucifer. This encryption system developed at IBM was so strong that it offered the possibility of cryptography that couldn't be broken even by the NSA. The NSA didn't want civilians to use encryptions that it couldn't break, so the NSA successfully lobbied to weaken Lucifer by reducing the number of possible keys. The adoption of this weakened Lucifer meant that the civilian world had access to strong but not optimal security, meaning that the NSA could still break their encryptions if it needed to do.

The NSA was justified in pushing for the adoption of a mechanism that they could break even if it meant less security for the civilian world. Allowing civilians and businesses to gain strong encryption mechanisms that no one but them could decipher would have meant an increase in criminal activity that governments couldn't even begin to monitor. This would have reduced the safety of the populace as a whole. When living in a society we often give up some rights for the greater good, and it should be noted that no right is absolute - my right to free speech doesn't allow me to yell fire in a crowded theater for example. Thus by merely knowing that the NSA can still decrypt messages that businesses send can often be a deterrence to secretive or illegal activity.

Critics like to point out that giving the NSA the ability to decrypt any message they would like would be giving the government far too much power. But it should be noted that even while the NSA has the means to decipher an encryption, that doesn't necessarily mean it will. There are billions of texts, emails, and calls exchanged each day in our world - the NSA has neither the means nor the resources to monitor every single message. Thus the NSA must prioritize by possible criminal activity: criminal activity they cannot detect and stop without the use of decryption. Thus, it is not only important but essential that the NSA be able to decrypt the messages of the business world in order to deter criminal activity and better protect our society.

 

Arguments Favouring Privacy

The debate between privacy and surveillance has been thoroughly explored over the course of this semester. I would like to point out some points I believe haven't received due importance. In Citizenfour, it was revealed that the US government withheld information regarding the several programs which involved spying on its people, actively invading their privacy. This blatant disregard shows that the NSA doesn't view the right to privacy as the paramount and essential right it is. By giving them the right to use electronic surveillance, we reinforce this wrong belief and the abuses to the people's privacy will only intensify.

Secondly, I believe that the phrase "in the interest of national security " is extremely ambiguous and while it seems fairly obvious what counts as national security, it can be easily misused since it will be used to justify hypothetical crimes. Also, if the primary reason for electronic surveillance is national security, it won't be very effective since most situations involving national security are by foreign parties who would be aware of the locations with which the US has surveilling authority.

Lastly, it is important to consider the role played by privacy in our lives. Since privacy is primarily a natural right, it is hard to build legislation around it. In such cases, it is important to not give due importance to how it feels to lose privacy. People often argue that privacy is not as important as safety because they tend to poorly estimate the immense role played by their private space in their day to day life.

 

 

A Higher Moral Purpose

The Chancellor's Lecture series featured guest General Michael V. Hayden, the former NSA and CIA director interviewed by Chancellor Zeppos and Professor Jon Meacham. A topic General Hayden addressed was the morality and ethicality of his past work. He acknowledged “We (intelligence agencies) operate in a grey space...It (the work of the CIA and NSA) only has a moral justification because it is attached to a higher moral purpose. If you believe a higher moral does not exist, it undercuts your job.” He said for those employees of intelligence agencies who question the ethics of their work, they should ask question such as “ Am I still part of the good thing? Does this matter? Does what I do make a difference?

My interpretation of his words were: it is acceptable to invade people’s privacy if it reaps a greater benefit for the people. This is a similar stance to the one I took in my first paper: protection of life justifies the means. However, after hearing his words, I realized the analysis of the existence of a higher moral purpose is very subjective. For example, person A may believe invading the privacy of 20 people to capture one criminal may be morally acceptable. However, person B may value privacy more and believes the benefit is worth the cost if only ten people's privacy are invaded. This lead me to wonder, how do you define a higher moral purpose if morals differ from person to person? What self-regulating policies are in place for central intelligence agencies to ensure every single action which invades the privacy of a citizen or foreigner is serving a higher moral purpose? 

"The Assault on Intelligence"

General Michael Hayden, the former NSA and CIA director for the United States, was interviewed by Professor Jon Meacham and Chancellor Nicholas Zeppos. Questions regarding national security and the current direction of the U.S. were proposed to Gen. Hayden.

To kick off the interview, Meacham proposed the question, "Does political partisanship and national security have a relationship?" This is when I realized that the debate was entirely a critique of Donald Trump's presidency. I was hoping to gain more insight into some actual non-biased perceptions of national security and their current relationship with the public. Nonetheless, I did find his answer to this question to be interesting. Gen. Hayden likes to classify political figures into groups such as the Hamiltons, Jacksonians, Wilsonians, or Jeffersonians. This allows him to align current political figures with a person that best represents them from history. For instance, according to him, Trump is a Jacksonian; he is not fully for isolation, but most of Trump's policy reflects separation from other nations. Later, he also states that Trump is trying to execute industrial policy in a post-industrial era. He contrasts Trump's Jacksonian characteristics with Obama's Jeffersonian views of nation-building. Whether his portrayal of these two figures is accurate or not, I do like the concept of pairing iconic historical figures with those of the present. It allows me to create a frame of reference for current politics and connect them to the past and see how they worked then and can be translated to the present.

Another interesting point Gen. Hayden made was that the three most important aspects that make the United States what it is are: immigration, trade, and alliances. He then states that since Donald Trump has taken office each one of these areas has seen a sharp decline and citizens will eventually see the effects of their decline. I do not claim to be a master of foreign or domestic policy. I do not even claim to be extremely knowledgeable in the subject. However, after doing some base-level research, such as viewing graphs and reading some statistics, I could not find any solid grounds to which this claim could be absolutely true. Trade, for instance, had a slight increase in the trade deficit. However, in the grand scheme of things, it was really not anything critical based on current and past trends. Also, with the current state of employment in the United States, I believe that this increase makes sense. This was very rushed research though, and to make a more sound counter, I would need to do far more research.

I am sure General Hayden is able to provide wonderful insight into the surveillance versus privacy debate, however, this interview missed that mark. While it may have been his intention to focus only on President Trump, I feel like there was much more to be said on the topic of "The Assault on Intelligence."

A Dissection of the Round Table with the General and the Chancellor

I thought that this lecture was very interesting, although it didn't really focus on what I thought it was going to focus on. Instead of talking about the debate between surveillance and privacy, they mainly focused on political issues as well as the art of on the ground surveillance. The general was the former director of the CIA, and he talked a lot about how the new presidency has shaped intelligence gathering. I thought he made an interesting point when he categorized the presidents by "archetypes," and showed that most presidents fit into one of a few categories. He characterized President Trump as a "Jacksonian" and President Obama as "Jeffersonian." By this, he meant that Trump was a populist that was holding America back from the inevitable. He compared Trump to William Jennings Bryan who ran in an election where he pushed that the US currency should be based on silver and not gold and how the US should be more agrarian and less industrialized. Now, he said he believes that industry as we know it is changing and that the US needs to adapt to these changes.  He said that industry that Trump is only delaying this process. It was also interesting how the General thought that Trump was going to change intelligence gathering. He said that as of right now, the US relies on a lot of liaisons for intel gathering and that in the future, due to the America first policy, it may be necessary to have more autonomy when it comes to on the ground surveillance. Although this debate didn't focus on the idea of privacy vs. surveillance, the General did talk about the work that the CIA does on the ground and how the President and the government, in general, can influence the way that this has to be carried out. Although this lecture was not what I was expecting and didn't really relate to our class that much, it was still very interesting.

Newseum Privacy vs Security Debate

I thought that this photo was very interesting since it captured a lot of the same thoughts that was as a class had after reading Big Brother. It also reminded me a lot of those word maps/clouds that show the frequency of words in a given text. I saw the word privacy pop up a lot, but I didn't see so much about Security. Another very interesting thing on the board that was kind of hard to read was the Benjamin Franklin quote. He said that "those who give up essential liberty for a little bit of security deserve neither security nor Liberty." I thought that this was a very powerful quote that relates to the topic, and I also think that Cory Doctorow would very much agree with it. I think that the governmental agencies that collect data get a bad reputation to a certain extent. I think that it is very unlikely that I have an FBI agent devoted to monitoring my life. What is more likely is that my data is being used to create a large sample of data which may be helpful to them. I forget the name of the trick, and I can't find it online, but I know that in accounting if the number of 1's that start the numbers in the books is off by a few standard deviations, then it is likely that someone has cooked the books. Terrorism may be much more difficult, but there may be situations like these where it is useful to have metadata.

Cryptography by the People for the People

The passage that stuck out to me the most from the novel was Marcus’ description of the use and benefits of cryptography from page 57. Even though it’s at the beginning of the book, this passage gets to the core of how cryptography works for us today. Cryptography is used by everyone because is as accessible to everyone. Thankfully, our government does not have a monopoly on cryptography; “the math behind crypto is good and solid, and you and me get access to the same crypto that banks and the National Security Agency use” (Westerfeld 57). Because it is so widely used, we can be sure of its effectiveness.
The quote continues to discuss how cryptography is useful to us today. Even if we do not have anything to hide, “there’s something really liberating about having some corner of your life that’s yours, that no one gets to see except you.” This reminds me of the article I read regarding the actions of the National Security Agency and invasion of civilian privacy due to bulk data collection. The fact that personal information as well as government intelligence is encrypted using the same means shows that the government has access to all of our information as well. This is not a bad thing; access to this information can be useful in ensuring peace. The question still remains: when does government access of individual data cross the line from protection to trespassing?

Page 1 of 3

Powered by WordPress & Theme by Anders Norén