Slashdot Mirror

← Back to Stories (view on slashdot.org)

John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC

Posted by timothy on from the many-fingers-many-pots dept.

New submitter anwyn writes "In a recent article posted on the cryptography mailing list, long time civil libertarian and free software entrepreneur John Gilmore has analyzed possible NSA obstruction of cryptography in IPSEC. He suggests that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones."

8 of 362 comments (clear)

  1. From Yesterday. by bmo · · Score: 5, Insightful

    This post needs repeating.

    +=+begin paste+=+

    The destruction of trust (Score:5, Insightful)
    by Arrogant-Bastard (141720) on 7:08 Friday 06 September 2013 (#44773249)

    The worst part of the damage done by this isn't technical. It's human.

    The reporting on this latest disclosure reveals that the NSA has systematically inserted itself into the standard-crafting process, in order to deliberately weaken those standards. It also reveals that the NSA has bypassed the management of communications providers and recruited technical staff directly. In both cases it's reasonable to assume that the people involved have been through a security clearance process and are thus barred for life from disclosing what they know.

    I must now ask myself how many people I've worked with weren't doing so in good faith. When they argued that such-and-such a fine point of a network protocol standard didn't need improvement or that it should be changed in a certain way, were they doing so because it was their principled engineering opinion, or because it served some other purpose? Or when they were recommending that one of the many operations I've run move its colocation point or change its router hardware, was that good customer service, or was it to facilitate easier traffic capture?

    Will anyone be asking themselves the same questions about me? (They probably should.)

    The Internet was built on, and runs on, trust. Every postmaster, every network engineer, every webmaster, every system admin, every hostmaster, everyone crafting standards, everyone writing code, trusts that everyone else -- no matter how vehemently they disagree on a technical point -- is acting in good faith. The NSA, in its enormous arrogance, has single-handedly destroyed much of that trust overnight.

    +=+end paste+=+

    --
    BMO

    1. Re:From Yesterday. by Anonymous Coward · · Score: 5, Insightful

      The NSA, in its enormous arrogance, has single-handedly destroyed much of that trust overnight.

      Actually, it's Edward Snowden who is responsible for the "single-handedly" and "overnight" aspects of destroying that trust. The NSA is only responsible for "enormous arrogance". There were a large number of hands involved over decades.

      It's a bloody shame that it took so long for even a single person to leak what was cooking here for so long. SS and Gestapo could not rely on a remotely comparable quota of people willing to drive the constitution into the ground.

      That gives a rather bland perspective for the hope to curb the Fourth Reich by democratic means and put a stop to the stellar rise of U.S. fascism. Neither congress nor president seem to have what it takes to bring the CIA, FBI and NSA back under democratic control.

      After Edgar Hoover established the FBI as the ultimate power of the U.S.A. by collecting files on everybody who could possibly endanger its autocratic rule over the U.S.A., congress decided that no FBI director might reign for longer than 10 years in future to avoid amassing that amount of power again.

      Incumbent Robert Mueller is Führer of the FBI for 12 years already. Looks like everybody was so infatuated with his efficiency that nobody wanted to be the one to tell him his terms were over and bear his disappointment.

      And nobody will want to tell the NSA that their funding will be restricted to constitutional activities and bear their disappointment.

    2. Re:From Yesterday. by geogob · · Score: 5, Insightful

      Its worse than worse.... The NSA was, from what I understand, widely active in the crypto and data security scene. They have their hand on every committee. Their research in every development.

      Up to now, I, and probably most of us, assumed good faith. That they were actively playing their role to reinforce security in data protocols an communications with critical application in mind (banking, national security, medical equipment, utilities, etc). Why else play such an active and visible role?

      Now it seems there was an ugly monster hidden under this veil. That they used this assumed role to incorporate weaknesses and back doors at every imaginable level of data security. Not only is it an impressive breach of thrust, it is also in increadibly dangerous behaviour. They are basically giving their enemies the perfect tools to infiltrate the systems and protocols every one thought they were protecting.

      If you ask me who's the traitor, Snowden is not the first that comes in mind...

    3. Re:From Yesterday. by 93+Escort+Wagon · · Score: 5, Insightful

      Actually, it's Edward Snowden who is responsible for the "single-handedly" and "overnight" aspects of destroying that trust.

      In the same sense that a person who gives evidence to a woman that her husband is a philandering axe murderer has destroyed that woman's trust in her husband.

      Snowden merely provided thorough documentation that the trust was erroneously given - the other party was completely untrustworthy.

      --
      #DeleteChrome
    4. Re:From Yesterday. by santosh.k83 · · Score: 5, Insightful

      Why should you give yourself a need to tap into the codes of others when militarily you are and economically you were, untouchable? Why not simply devote yourselves to building your country to greater and greater heights while acting only in defense against any aggressors (which you'd have had precious little off if you hadn't started so many wars in the first place)? The end of the Cold War and collapse of USSR could really have been used by the US to advance leaps and bounds in terms of science, tech and human standards, but instead, year after year it's shoving itself onto every piece of hell on earth, getting caught up in costly and messy quagmires, embarrassing itself...

      The NSA could have acted far more ethically had the policy of the USA been one of just defense when needed, but no, the policy happens to be one of offense at every turn, preemptive offense in fact, and hence the necessity to turn yourself slowly into one big military camp

  2. Re:Sounds like John Gilmore has called it accurate by bmo · · Score: 5, Insightful

    "In all seriousness, how should the technical and geek community deal with this sort of sabotage?"

    Identify who is doing the sabotaging and shun them. Professionally shun them. Expel such people from committees.

    --
    BMO

  3. Re:Sounds like John Gilmore has called it accurate by bmo · · Score: 5, Insightful

    The great thing about this is that you wind up kicking out the incompetents simultaneously.

    Someone who is shit at maintaining a security module? NSA hack or incompetent, doesn't matter. Find someone else to do it.

    --
    BMO

  4. Re:USA! USA! USA! by jcr · · Score: 5, Insightful

    Within the context of war and empire, I'm afraid it is the right thing to do.

    Then "war and empire" are the wrong things to pursue.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."