evangotlib:

biteofpythias:

We’re the NSA. And windows 7 was our idea.

Fuck man…I almost can’t even get angry anymore. Of course this happened, and the reasons behind why the NSA would want what I’m immediately interpreting as “backdoor access” to Windows 7 are too numerous to count here. Could it be a generous move by the NSA to help Windows 7 enhance security? I guess it’s theoretically possible. Could it be a much darker motivation for the most secretive spy agency on the planet? Yeah, I’ll probably go with that one - large and intensely secretive government agencies with histories of illegal activity including civil and human rights violations rarely operate under an overwhelming sense of altruism.

Should we all have seen this coming? Probably.

Is it unique to Microsoft? Not a chance.

Will someone with a vested interest in maintaining this status-quo tell me that this is all in my best interest? Virtually a 100% chance of that.

I’ve been meaning to respond to this thread for quite some time. Blip’s been keeping me too busy to do much blogging lately, but I now find myself with a quiet moment before I go to the gym.

I have a rather large manila envelope on my bookshelf. It was sent to me at blip’s old office by the National Security Agency. The return address:

Department of Defense
National Security Agency
Fort George G. Meade, Maryland 20755-6000

The mailing label notes that the NSA is an equal opportunity employer.

The envelope cost $5.70 to mail. Like I said, it’s a big one. Here’s an excerpt from the letter inside:

This responds to your Freedom of Information Act (FOIA) request of 15 September 2000 for information regarding NSA cooperation with IBM on the subject of DES; and including any references to DES as Daemon, Lucifer or Demon…

Your request has been processed under the FOIA, and the documents responsive to your request are enclosed. Certain information, however, has been deleted from the enclosures, and six documents have been withheld in their entirety.

Some of the information deleted from the document, as well as the fully denied documents, was found to be currently and properly classified in accordance with Executive Order 12958, as amended. This information meets the criteria for classification as set forth in Subparagraphs (c) and (g) of Section 1.4 and remains classified TOP SECRET or SECRET as provided in Section 1.2 of the Executive Order. The information is classified because its disclosure could reasonably be expected to cause exceptionally grave damage to the national security…

Enough of that. I made this FOIA request in September of 2000 because I was curious about exactly this issue. Rumors had swirled for years that NSA had helped “enhance” IBM’s DES product. For those unaware, DES (Data Encryption Standard) is the encryption system that’s used to safeguard almost all of America’s banking transactions. It’s gradually being replaced by AES (Advanced Encryption Standard) these days but has been used for everything from SSL (encrypted Web requests) to ATM requests. It’s a pretty big deal.

It was pretty well established in 2000 that NSA had “helped” IBM and the Commerce Department with DES back in the day. It was less clear what that “help” was.

To find out, two things are helpful: a FOIA request and an understanding that NSA has a dual mission. One part of NSA’s mission is to compromise the communications of foreign actors. The other half of NSA’s mission is to protect the communications of the United States. That protection extends beyond US government communications. It also applies to our banking system, our Internet backbone… you name it. NSA is chartered with the protection of our critical communications infrastructure.

To help deal with this dual mission NSA is organized into two primary directorates: the Signals Intelligence Directorate and the Information Assurance Directorate. You can guess which one is responsible for which mission, and you can learn more about both directorates and their activities from Wikipedia.

Anyway, back to DES… It turns out that NSA helped strengthen DES. NSA — specifically the Information Assurance Directorate — recommended changes to the algorithm to make it more secure against a technique called differential cryptanalysis. Development on DES was taking place in the 1970s. Differential cryptanalysis was not “discovered” publicly until the 1980s.

In other words the NSA changed DES to be secure against an attack that only it knew how to conduct. The rest of the world wouldn’t catch up to the attack for another ten years.

Much of the information in the documents NSA sent me is kind of useless. Some it is excerpted from its official history, some of it from NSA’s testimony before intelligence oversight committees. Much of it was previously classified SECRET, TOP SECRET or even TOP SECRET UMBRA. UMBRA is, I believe, the codeword used to identify NSA’s involvement in DES.

Anyway, here’s the money shot from the documents. It comes from a memo written by Howard Rosenblum, who was NSA’s Deputy Director for Research and Engineering. The subject of the memorandum is “Protection of US Microwave Radio”:

The actions we take now will establish policy for our approach to public cryptography in the future. It is not necessary for us to exercise military-like control over protective measures within the common carrier plant. The ultimate effect may be to cause complete public revulsion at Government intrusion and the formation of a non-DoD, non-SIGINT influenced, “Privacy Agency”. On the other hand, if we show flexibility and a reasonable, low profile, consulting approach to public cryptography, we will be able to increase our practical influence on the use of cryptography in the public domain.”

The NSA knows that if it acts badly — if it weakens rather than strengthens — its role in protecting American infrastructure will be replaced by another agency. That’s terrifying to NSA, just like it would be to any other giant bureaucracy.

On December 22, 2000 — 25 years after NSA assisted IBM in the creation of DES by strengthening the design of the S Boxes — NSA released SE Linux to the open source community under the GNU GPL license. SELinux can be used to dramatically improve the security of linux machines and its principles — many of them first introduced to the public by NSA — can be applied to just about any computer system to make it more secure.

It’s a safe bet that NSA helped Microsoft make Windows 7 more secure, not less secure. If anyone put a backdoor in the system it would have been the FBI. And they’d be unlikely to do so because they also have protection of critical infrastructure as part of their mission. The introduction of a backdoor could potentially cripple America’s communication infrastructure when someone outside MSFT and the intelligence community discovered it. That discovery would be inevitable and its effect would be catastrophic. Everyone involved knows this.

We’re generally — and often very specifically — better off because we have agencies like NSA protecting our communications and compromising the communications of our friends and enemies. This is good for us. We just need to make sure that they don’t get carried away and start reading all of our mail. That would be bad. The Bush Administration brought us too close to that reality. It’s worth noting that senior intelligence community officials were among those who pushed back against the politicians at the White House and Justice who wanted to eavesdrop on American citizens without court order or just cause.