Saturday, December 28, 2013

Techie Code of Omerta For Colluding With NSA

With RSA, a big and respected name (actually initials) in cryptography, currently getting flayed in the public press for taking $10 million from the NSA and, in return, embedding a dodgy, NSA-compromised random number generator a.k.a. DUAL EC EBRG in its products (RNGs help generate encryption keys; a compromised RNG yields a limited, more crackable set of keys), a few observations:

First, as is probably recalled, the compromised character of the NSA RNG was revealed in a previous tranche of the Snowden documents in September, and an embarrassed RSA quickly issued a recommendation that users cease using that particular RNG.

Second, even back in October, there were rumblings about possible financial considerations playing a part in RSA's willingness to include the RNG in its products.  Here's a snip from a piece I wrote at the time:

[On a recent episode of Science Friday] Ira Flatow asked Philip Zimmerman [creator of the PGP open-key e-mail encryption system] why RSA would have done such a thing. There was a long, awkward silence and some awkward laughter before Zimmerman slid into the passive voice/third person zone:
ZIMMERMAN: And yet RSA did a security - did use it as their default random number generator. And they do have competent cryptographers working there. So.

FLATOW: How do you explain that?

ZIMMERMAN: Well, I'm not going to - I think I'd rather not be the one to say.

(LAUGHTER)

FLATOW: But if someone else were to say it, what would they say?

ZIMMERMAN: Well, someone else might say that maybe they were incentivized. 
Maybe Mr. Zimmerman had an advance peek at the relevant Snowden documents.  I think it more likely that he had already heard some tittle-tattle in his high tech circles but was not interested in calling down a corporate and legal sh*train upon himself by openly accusing the RSA of taking government money (interesting legal question: is it slanderous to allege that a US corporation engaged in a legal transaction with the US government?).

Third, Blame the Suits!  Per the Reuters expose:

No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.

"The labs group had played a very intricate role at BSafe [the product line that was compromised by the RNG], and they were basically gone," said labs veteran Michael Wenocur, who left in 1999.

Actually, outside security analyst Bruce Schneier and others had raised serious concerns about DUAL EC EBRG in 2007 in a public forum and, as Zimmerman pointed out, RSA had competent cryptographers in the building.  DUAL EC EBRG was provided as only one option, albeit the default, and security-savvy users would be able to select another, better RNG.  And RSA cryptographers could further console themselves with the awareness that, even if Clueless Enduser kept DUAL EC EBRG as a default, probably the only entity with the message collection and analysis capability to exploit it effectively was America's own NSA.

In other words, it wasn't just RSA Chief Executive and Designated Villain Art Coviello sneaking down into the lab and inserting the lethal code while the techies obliviously shipped the compromised product.

Fourth, I think there is a growing awareness that a significant element of the Snowden story is the collusion between Big Tech and the NSA, fueled by the awareness that both sides want the same thing: a thoroughly backdoored Internet open to individual data profiling and surveillance penetration (and tolerate the resultant security breaches as cost of doing business/collateral damage).

I wonder if the story will get any more traction, since there are sizable vested economic, political, and ideological interests extending all the way to the Oval Office that are engaged in perpetuating the image of a benign, democratic/populist information order dedicated to information security.  The constituency interested in seeing Google and the other tech giants share the blame for ruining the Internet--and in the process evaporating a few hundred billion dollars of personal wealth, market cap, and stock options--is, on the other hand, powerless and vanishingly small.

Inside the tech industry, the attitude seems to be one of damage control i.e. media initiatives to convince the public that the Internet companies care about YOU and hate helping out that nasty old government.   As to the question of whether a corporate Snowden will emerge, the attitude seems to be, as Phil Zimmerman--a genuine and battered hero of the encryption wars in the 1990s--put it: "I think I'd rather not be the one to say."  Maybe the code of omerta lives on in the tech industry.

Fifth, I find it amusing and somewhat irritating that, ever since I wrote about RSA in October, I am bombarded with RSA pop-up ads on my own blog and across the web.  It's the Internet equivalent of a golden retriever that pursues me down the street driven by the irresistible urge to sniff the seat of my trousers.  Make it stop!

24 comments:

bbot said...

Use the AdBlock+ and RequestPolicy plugins to block ads, and tracking scripts, respectively. Do your part to opt out of corporate surveillance.

Deny Games said...

Hello, I have browsed most of your posts. This post is probably where I got the most useful information for my research. Thanks for posting, maybe we can see more on this. Are you aware of any other websites on this subject.
friv 400 game | juegos kizi 20

Mai Cyrril said...


Ihnen allen vielen Dank dafur, dass Sie diesen glücklichen Tag mit uns teilen. Fofy Friv Gogy Games wir danken euch fur das bisherige Teilnehmen lassen, mochten aber den Rundbrief nicht mehr erhalten Friv Friv4school Friv Ich mochte Kommissar Fischler fur seine Freimutigkeit und Offenheit danken, Gogy Games Juegos Gogy Juegos Twizy Zox1 n der er uns jeden unternommenen Schritt erläutert und die verschiedenen vom Wissenschaftlichen Lenkungsausschu.

Blogger said...

Quantum Binary Signals

Professional trading signals delivered to your mobile phone daily.

Start following our signals today and profit up to 270% per day.

Phạm Trung Hậu said...

Friv SEO Des: Luna Park is worth playing if you are a fan of Kogama game series. Build your own world and play in your own way. Have fun!

, http://friv4school2017.net/

, http://fushimavina.com/

, http://sualaptophanoi.com.vn/

, http://fushimavina.com/bao-gia-may-lam-da-vien-cong-nghiep-380.html

Anonymous said...

Excellent article. Very interesting to read. I really love to read such a nice article. Thanks!
friv com | juegos friv 5 | http://friv5.me/ | friv 5 | friv5 - friv 5 kizi

Friv games for Kids said...

These articles are exactly what I need. It is very nice of you to share your understanding. I have learned interesting things. I have a liking for your posts. Please, upload more and more posts. I want to know more about this related topics. Thank you for the wonderful sharing. They are useful pieces of advice. Kizi 4 | Friv games

nabila widianti said...

Take every chance you get in life, because some things only happen once
Ketahuilah ! 10 Tanaman Herbal Ini Ampuh Atasi Penyakit Herpes, Obat Benjolan Di Punggung Tangan Atau Punggung Kaki,

vina Alistar said...

Thank you for helping people get the information they need. Great stuff as usual. Keep up the great work!!! See more: http://thuockichduc69.com/

Unknown said...

Thank you for helping people get the information they need. Great stuff as usual. Keep up the great work!!!
Top 4 cuốn sách giúp cha mẹ nuôi dạy con thành công - liên kết http://vietnamnet.vn/vn/giao-duc/go...up-cha-me-nuoi-day-con-thanh-cong-474664.html

MC Hoàng Linh review top sách nuôi dạy con - liên kết : https://eva.vn/nuoi-con/mc-hoang-li...i-con-khong-con-la-cuoc-chien-c13a365362.html

Ốc Thanh Vân đánh giá bộ sách Cha mẹ khéo - con thành công - liên kết : https://news.zing.vn/mc-oc-thanh-van-danh-gia-bo-sach-cha-me-kheo-con-thanh-cong-post874966.html

Top những cuốn sách hay về nuôi dạy con liên kết : https://lamchame.vn/top-4-nhung-cuon-sach-hay-ve-nuoi-day-con-74511.html


Unknown said...

Wonderful web journal. I appreciated perusing your articles. This is really an extraordinary read for me. I have bookmarked it and I am anticipating perusing new articles. Keep doing awesome!
https://tiki.vn/america-shark-tank-bi-quyet-kinh-doanh-cua-shark-mark-cuban-p5199361.html

https://tiki.vn/america-shark-tank-bi-quyet-kinh-doanh-cua-shark-mark-cuban-p5199361.html

https://tiki.vn/dac-nhan-tam-ban-dich-goc-tu-nguyen-hien-le-tang-kem-audio-book-p3640421.html

https://tiki.vn/quang-ganh-lo-di-va-vui-song-nguyen-hien-le-bo-sach-song-sao-cho-dung-p3640427.html

https://tiki.vn/giup-chong-thanh-cong-p4438295.html

https://tiki.vn/thu-gui-nguoi-dan-ba-khong-quen-biet-p4438293.html

https://tiki.vn/ren-luyen-tinh-cam-nguyen-hien-le-p4541067.html

https://tiki.vn/bon-muoi-guong-thanh-cong-nguyen-hien-le-bo-sach-song-sao-cho-dung-p3640423.html

https://tiki.vn/luyen-tinh-than-hay...en-le-bo-sach-song-sao-cho-dung-p3640425.html

Addison said...
This comment has been removed by the author.
Unknown said...

https://www.stjohns-gildehaus.org/UserProfile/tabid/43/userId/459442/Default.aspx

https://speakerdeck.com/sachonthidaihoc

http://www.wickliffealumni.org/web/UserProfile/tabid/43/userId/7134/Default.aspx

http://southmainalliance.org/UserProfile/tabid/57/userId/638068/Default.aspx

http://www.themorganschool.com/UserProfile/tabid/42/userId/24552/Default.aspx

http://senado.gob.do/senado/UserProfile/tabid/42/userId/4847/Default.aspx

http://ruralhealthlink.org/UserProfile/tabid/57/userId/1698127/Default.aspx

Unknown said...

http://hacking.mcbooks.vn/
http://hocdanhvantienganh.mcbooks.vn/
http://effortless.mcbooks.vn/
http://luyenthitopik.mcbooks.vn/
http://sharktank.bizbooks.vn/
http://songsaochodung.bizbooks.vn/
http://chamekheo.bizbooks.vn/
http://pomath.tkbooks.vn/
http://ieltsmike.mcbooks.vn/
http://giaotrinhdaichi.mcbooks.vn/

Groups For said...

your post look like a rock and then if you want to join our whatsapp group related stuff then simply click on the following link
Latest Active Whatsapp Groups Links For 2019
Girls WhatsApp Group Link

Ahmed Nawaz said...

USA Whatsapp Group Links

Unknown said...

Thanks really valuable. Will certainly share website with my buddies.
Y88
Dress Up Games
Minecraft Games
Girl Games

Unknown said...

Great website, the layout is really good for me!
It sure was a lot of work.
Friv2
Friv4
Friv3
Friv 2

Micchals said...

I like this website - its so usefull and helpfull.
Friv 5/
Friv 4/
Friv 3/
Happy wheels

Yakru45 said...

Excellent Post as always and you have a great post and i like it thank you for sharing

โปรโมชั่นGclub ของทางทีมงานตอนนี้แจกฟรีโบนัส 50%
เพียงแค่คุณสมัคร Gclub กับทางทีมงานของเราเพียงเท่านั้น
ร่วมมาเป็นส่วนหนึ่งกับเว็บไซต์คาสิโนออนไลน์ของเราได้เลยค่ะ
สมัครสล็อตออนไลน์ >>> goldenslot
สนใจร่วมลงทุนกับเรา สมัครเอเย่น Gclub คลิ๊กได้เลย

Madoo said...


This is really an amazing blog. Your blog is really good and your article has always good thank you for information.


เว็บไซต์คาสิโนออนไลน์ที่ได้คุณภาพอับดับ 1 ของประเทศ
เป็นเว็บไซต์การพนันออนไลน์ที่มีคนมา สมัคร Gclub Royal1688
และยังมีหวยให้คุณได้เล่น สมัครหวยออนไลน์ ได้เลย
สมัครสมาชิกที่นี่ >>> Gclub Royal1688
ร่วมลงทุนสมัครเอเย่นคาสิโนกับทีมงานของเราได้เลย

Unknown said...

I like this post, and I guess they are happy to read this post, they will have a good website to create information, thank you for sharing it with me.
Friv 2019
Friv4School
Didi Games
Friv 1

Whatsapp Entire said...

we have huge collection of porn,romantic,Adult,shayri and many more whatsapp active group links. Join them by clicking below link
girls whatsapp group invite links

Unknown said...

You did an awesome posting. I am grateful for your offer here. I like your posting and got some thought regarding this post. Best wishes from
Hooda Math
Didi Games
Girlsgogames