NSA’s Corruption of Cryptography and Its Methods of Coercion

Just one more day to give as part of Emptywheel’s fundraising week.

I want to return to last week’s Edward Snowden related scoop (Guardian, ProPublica/NYT) that the NSA has corrupted cryptography. Remember, there are several reasons the story was important:

  • NSA lost the battle for the Clipper Chip and turned instead to achieve the same goals via means with less legal sanction
  • NSA broke some companies’ encryption by “surreptitiously stealing their encryption keys or altering their software or hardware”
  • NSA also worked to “deliberately weaken[] the international encryption standards adopted by developers”

One key result of this — as Rayne and Julian Sanchez have emphasized — is to make everyone more exposed to hackers.

This is a bit like publishing faulty medical research just to prevent a particular foreign dictator from being cured. It makes everyone on the Internet more vulnerable, increasing the chances that dissidents will be uncovered by despotic regimes and that corporations will fall victim to cybercriminals.

[snip]

Bear this in mind the next time you see people on Capitol Hill wringing their hands about the threat of a possible “Digital Pearl Harbor”—especially if they think the solution is to give more data and authority to the NSA. Because the agency is apparently perfectly happy to hand weapons to criminals and hostile governments, as long as it gets to keep spying too.

And since then, the NSA has responded to rampant cyberattacks and threats of them against targets it cares about by demanding yet more access to those targets’ data, as explained by Shane Harris in a Keith Alexander profile.

Under the Defense Industrial Base initiative, also known as the DIB, the NSA provides the companies with intelligence about the cyberthreats it’s tracking. In return, the companies report back about what they see on their networks and share intelligence with each other.

Pentagon officials say the program has helped stop some cyber-espionage. But many corporate participants say Alexander’s primary motive has not been to share what the NSA knows about hackers. It’s to get intelligence from the companies — to make them the NSA’s digital scouts. What is billed as an information-sharing arrangement has sometimes seemed more like a one-way street, leading straight to the NSA’s headquarters at Fort Meade.

“We wanted companies to be able to share information with each other,” says the former administration official, “to create a picture about the threats against them. The NSA wanted the picture.”

After the DIB was up and running, Alexander proposed going further. “He wanted to create a wall around other sensitive institutions in America, to include financial institutions, and to install equipment to monitor their networks,” says the former administration official. “He wanted this to be running in every Wall Street bank.”

That aspect of the plan has never been fully implemented, largely due to legal concerns. If a company allowed the government to install monitoring equipment on its systems, a court could decide that the company was acting as an agent of the government. And if surveillance were conducted without a warrant or legitimate connection to an investigation, the company could be accused of violating the Fourth Amendment. Warrantless surveillance can be unconstitutional regardless of whether the NSA or Google or Goldman Sachs is doing it.

“That’s a subtle point, and that subtlety was often lost on NSA,” says the former administration official. “Alexander has ignored that Fourth Amendment concern.”

With all that as background, I want to return to a post I did months ago, laying out the methods the Presidential Policy Directive on Cyberwar envisioned for getting cooperation from private companies. It defines four kinds of access to private computer networks:

  • Network defense, which is what network owners do or USG (or contractors) do at their behest to protect key networks. I assume this like anti-virus software on steroids.
  • Cyber collection that, regardless of where it occurs, is done in secret. This is basically intelligence gathering about networks.
  • Nonintrusive Defensive Countermeausres, which is more active defensive attacks, but ones that can or are done with the permission of the network owners. This appears to be the subset of Defensive Cybereffects Operations that, because they don’t require non-consensual network access, present fewer concerns about blowback and legality.
  • Defensive Cybereffects Operations, which are the entire category of more active defensive attacks, though the use of the acronym DCEO appears to be limited to those defensive attacks that require non-consensual access to networks and therefore might cause problems. The implication is they’re generally targeted outside of the US, but if there is an imminent threat (that phrase again!) they can be targeted in the US.

In the area of cyberdefense or offense (remember, this is an overlapping part of NSA’s mission with cryptography) the government envisions collecting information (because cryptography overlaps with this mission, this might be included in that secret data collection) without a network owner’s consent, conducting defensive measures with a network owner’s consent, or conducting defensive measures without a network owner’s consent (the latter is only supposed to happen in the US with the President’s authorization).

Thus far, the way the government envisions cooperating with private entities seems to parallel how, according to the Snowden leak, it deals with cryptography: it gets it through open cooperation, persuasive “cooperation,” stealing, and more intrusive access onto private networks (though it’s unclear whether the latter, in the cyrptography context, requires Presidential approval).

Then there’s the PPD section on partnerships to conduct cybersecurity, which also appear to involve carrots and sticks (including of the regulatory kind).

The United States Government shall seek partnerships with industry, other levels of government as appropriate, and other nations and organizations to promote cooperative defensive capabilities, including, as appropriate, through the use of DCEO as governed by the provisions in this directive; and

Partnerships with industry and other levels of government for the protection of critical infrastructure shall be coordinated with the Department of Homeland Security (DHS), working with the relevant sector-specific agencies and, as appropriate, the Department of Commerce (DOC). (S/NF)

[snip]

The United States Government shall work with private industry — through DHS, DOC, and relevant sector-specific agencies — to protect critical infrastructure in a manner that minimizes the need for DCEO against malicious cyber activity; however, the United States Government shall retain DCEO, including anticipatory action taken against imminent threats, as governed by the provisions in this directive, as an option to protect such infrastructure. (S/NF)

The United States Government shall — in coordination, as appropriate, with DHS, law enforcement, and other relevant departments and agencies, to include sector-specific agencies — obtain the consent of network or computer owners for United States Government use of DCEO to protect against malicious cyber activity on their behalf, unless the activity implicates the United States’ inherent right of self-defense as recognized in international law or the policy review processes established in this directive and appropriate legal reviews determine that such consent is not required. (S/NF) [my emphasis]

Again, this is an overlapping mandate, not coextensive with cryptography. But this does show what kind of relationships NSA envisions to combat security problems that NSA exacerbated. And it provides some idea of what carrots and sticks it might use to get companies to cooperate on cryptography (the biggest difference is that DHS would almost certainly not be involved in cryptography discussions).

If the relationships are similar, it suggests the government would,

  • Ask for voluntary cooperation in the name of national defense (most companies would have even less incentive to cooperate to compromise their cryptography, which may explain the financial companies unwillingness to let NSA on their networks, though this is the kind of cooperation AT&T seems happy to offer for a fee)
  • Ask for cooperation with the involvement of sector-specific agencies that also happen to be regulators
  • Involve Department of Commerce
  • Invoke the inherent right to self defense (which is Article II authority) and take what is necessary without telling

There’s a lot that is troubling in application of cybersecurity but would be at least as troubling if applied in the name of cryptography (remember, as with the Clipper Chip, Congress has refused to authorize this kind of broad access legislatively). But you can see how inherent self defense, applied to crytography in the same way it might be for cybersecurity, might be invoked to just take or steal.

But I keep coming back to the role of the Commerce Department. What role would the Commerce Department have that regulatory agencies specific to an industry would not?

While I don’t think it begins to scratch the surface of any role that Commerce might have, remember that the standards body that NSA used to weaken an international encryption standard, National Institute of Standards and Technology, is part of Commerce. They’ve released a statement reopening public comment on the standard NSA weakened, but also explaining that they consult with NSA because they are required to by statute. (See more on NIST’s efforts to restore confidence here.)

NIST has a long history of extensive collaboration with the world’s cryptography experts to support robust encryption. The National Security Agency (NSA) participates in the NIST cryptography development process because of its recognized expertise. NIST is also required by statute to consult with the NSA.

Recognizing community concern regarding some specific standards, we reopened the public comment period for Special Publication 800-90A and draft Special Publications 800-90B and 800-90C to give the public a second opportunity to view and comment on the standards.

Again, I don’t think mandated consultation with NSA would provide leverage to force a company to accept NSA’s cybersecurity “help,” but I find the possibility that the government is using these standards as pressure interesting.

In any case, it’s sort of moot. So long as the President can invoke the inherent right to self defense to go thwart a cyberattack or (if that’s the authority used) take some keys, it gives private companies little protection.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

9 replies
  1. jerryy says:

    This may also explain why online securities for various infrastructures has not been significantly upgraded (or at all) — gotta let the spooks be able to watch over their shoulders. I wonder is some companies are suddenly getting waivers on liability claims ala the telecom industry immunity deals.

    Educational Achievement Disclaimer: aww, screw it, if what I type only works via appeal to authority we are in baaaaad shape.

  2. scribe says:

    Don’t forget: the Patent office is part of the Department of Commerce. Most of the value in these tech companies (at least in contrast to the telecoms) is in their patent portfolio.

    it’d be a real shame if something were to happen to … result in some new technology being denied a patent.

    Likewise, for a lot of tech that requires export licensing, it’s Commerce that does the licensing.

  3. Jonathan says:

    Today’s word is “ceremony”.

    So what if the NSA presence on your network doesn’t offer any real, actual protection? That’s just not why you join that kind of partnership. You join that kind of partnership because you’re among the .01% and the .01% run a private gift economy amongst themselves at the 99.99%’s expense. You join it because if you do get hacked you can claim standing to influence the direction of the inevitably screw-tightening response. Finally, you join it as a costly signal of allegiance to incumbent institutional power (it’s probably working out well for you anyway, so not all that costly other than hearing all the bitching).

    That said, a hack does tend to involve several target-dependent steps. Each successful step generally exposes a new surface for the next step, a bit like traversing a maze. It’s totally plausible that NSA is patrolling these networks for the sort of early-access information that only a popular target could provide, and plausible that they have an alert system for network weather (if only to protect the sanctity of the relationships between haves and have-nots, lest some well-meaning kid replace Facebook with a call for a general strike). But it’s more likely that TAO is the driver for this mission — they undoubtedly would welcome the use of social networking sites as honeypots, and the designated winners’ train of courtiers definitely want to protect the designated winners’ digitally attested title to wealth.

    And speaking of digitally attested title to wealth, let me just say MERS…

  4. lefty665 says:

    Nice post EW. A lot of what you’re describing flows forward from the 90’s.

    Under the heading of we can’t know where we’re going if we don’t know where we’ve been: By the late 90’s NSA was in trouble. Technology was changing. Comm was coming off RF, satellite, old fashioned wire, and onto fiber they could not easily intercept. Encryption was getting stronger, making it harder to decrypt what they could copy. They lost the Clipper Chip battle.

    NSAs mission exploded from two major targets to over a hundred scattered world wide. They did not have linguists to translate much of the shrinking volume they could copy and decrypt. The “peace dividend” cut their budget so they had fewer resources to retool technically and broaden their language talent. It was a pretty sobering time for a bunch that had pretty much been on top on its mission (external) for more than 50 years. Things were looking bleak for the spooks.

    Then came 9/11 and Hayden vigorously seized the opportunity to get back in the game. He got money and he embraced mission that was not picky about domestic collection. He also got a successor in Keith Alexander who has seemed to know no limits.

    Over a decade the old NSAers adage that turning their tools inward enabled tyranny increasingly went in the crapper. The folks who swore they would never let it happen were long retired, and mostly dead. Gen Odom and a few others lingered and carried the flame, but they too have mostly faded.

    Much of what you are describing in your post seems to be the outcome of NSAs fears of becoming obsolete 15 years ago. That does not make what they are have done, are doing now, and are planning, right. How profoundly wrong they are is demonstrated by technologies that could have collected the data they needed while protecting domestic privacy. Thin Thread is one example.

    We owe Snowden a huge debt, along with Drake, Binney, Weibe et al for enabling us to be aware of the issues, and for having the personal courage to tell us.

    Having this public discussion, assembling and petitioning is the only hope we have of changing course back to an agency, and a government, that protect us in a hostile world while preserving our constitutional freedoms at home.

    A first step is in helping Gen. Alexander DIRNSA retire. NSA will not change course until he is gone.

    Thank you for what you do. It is a pleasure to be able to support this site.

  5. C says:

    Most of this can be put quite simply:

    The NSA does not distinguish between friend and foe. They know only NSA and everyone else.

  6. SpanishInquisition says:

    “And since then, the NSA has responded to rampant cyberattacks and threats of them against targets it cares about by demanding yet more access to those targets’ data, as explained by Shane Harris in a Keith Alexander profile.”

    Also I wonder about ‘parallel construction’ going on. This to me sounds like a case where the NSA may have been using a company in some way or another…it just seems strange:
    http://techcrunch.com/2013/08/01/employer-tipped-off-police-in-pressure-cookerbackpack-gate-not-google/
    Per this article the given reason isn’t true as the reporter says it was the wife who searched for ‘backpacks’ on her own computers, but the police press release says otherwise:
    http://www.theatlanticwire.com/national/2013/08/government-knocking-doors-because-google-searches/67864/
    However, there’s all sorts of back-on-forth on that but the ex-employer was from April of last year and they only now searched his computer over a year after he left?:
    http://news.yahoo.com/-police-and-fbi-deny-alleged-search-of-new-york-home-stemming-from-journalist%E2%80%99s-web-searches–200309173.html

  7. orionATL says:

    here is the harvard law professor that obama should have named to his nsa oversight board:

    yochai benkler

    and here is his suggestion for dealing with nsa:

    http://www.theguardian.com/commentisfree/2013/sep/13/nsa-behemoth-trampling-rights

    benkler is right.

    the only reasonable approach to dealing with the nsa as an out-of-control, never-properly-supervised government bureaucracy is to entirely dismantle it.

    i prefer cutting nsa into 3-4 pieces –

    – a military cyber branch strictly limited to needs of dod and forbidden to spy.

    – a protect-the-internet civilian agency focusing on protecting privacy and protecting internet access for all, even at the expense of policing institutions,

    – an entirely civilian controlled agency permitted to engage in defensive spying on non-citizens outside the u.s. under public judicial review,

    – an fbi spy agency permitted to engage in domestic electronic spying only under public judicial review ordering/allowing limited surveillance of specific, named individuals.

  8. Thomas Nephew says:

    I hope you return to this topic, especially the first reason you mentioned for considering this an important topic: the fact that it was an end run on a specific Congressional decision. Doesn’t that put these NSA actions at the wrong end of Jackson’s Youngstown Sheet and Tube commentary in that SCOTUS case? Ie, exec. authority surely at least ends where Congress has specifically said it does?

Comments are closed.