Download presentation
Presentation is loading. Please wait.
1
Edward Snowden and the NSA
Modern Encryption Edward Snowden and the NSA
2
I highly recommend reading everything they’ve written on the subject
This lecture, and the two that follow, are based to a large extent on work by Cory Doctorow (craphound.com), Bruce Schneier (schneier.com), Mark Cuban (blogmaverick.com) and Glenn Greenwald (theintercept.com, formerly The Guardian). It’s also based on the work done by Edward Snowden, whose twitter account is worth following: I highly recommend reading everything they’ve written on the subject (Not for the exam – just in general!)
3
In the beginning, nobody wrote anything down…
4
…but once they started, people started reading what they had written…
5
…and on the whole, people weren’t too happy about this
6
Early cryptography was quite basic
7
The Caesar Cypher, for example, simply shifts every letter by a certain “distance”. For a key of 3, ‘A’ becomes ‘D’, ‘B’ becomes ‘E’, etc
9
“Substitution cyphers” are a fairly broad church – you pair up letters using various different schemes to produce your encryption scheme
10
In modern terms, they’re all pretty useless
11
It turns out that most languages have a pretty predictable frequency distribution – with enough encrypted text, cracking a substitution cypher is trivial
12
Things didn’t change that much until the 20th Century
13
When they changed, however, they changed quickly
14
The Zimmerman telegram, decrypted by the British and passed to the US, is regarded as being a major factor in the entry of the US into WW2
15
The Enigma Machine, meanwhile, was a major strategic advantage for the Germans in WW2…
16
…until the Allies, first in Poland and then in Britain, got their hands on copies of the machine and reverse engineered it. Then it became a major advantage for the allies
17
It is an interesting footnote in history that the cracking of the enigma was more down to operational mistakes than technical weaknesses – the same is generally true of encryption today
18
The enigma can roughly be characterised as a “rolling substitution” cypher
19
Modern cryptography is quite different, and depends on advanced mathematical techniques (we’ll talk more about the specifics of this in the next lecture)
20
It’s hard to pin down the most important moments in cryptographic history – we’re going to look at a few of the more interesting ones
21
First, the Clipper chip
22
This was developed by the United States National Security Agency (NSA) in the 90s
23
It was intended to be adopted by telecommunications companies – it would allow government agencies who had “established their authority” to listen to a communication using “key escrow” (also known as “key surrender”)
25
Another major criticism of Clipper (aside from the obvious) was that it was designed in secrecy by the NSA – nobody else had access to its design to audit its effectiveness (we’ll talk more about open source again)
26
Ultimately there was little support for Clipper
Ultimately there was little support for Clipper. Other strong encryption was made available, and companies never adopted Clipper in any great number
27
In 1997, a paper was published by what was basically a “supergroup” of cryptologists, which excoriated key escrow in general and Clipper in particular
28
"The deployment of key-recovery-based encryption infrastructures to meet law enforcement's stated specifications will result in substantial sacrifices in security and greatly increased costs to the end user."
29
25 years later…
30
…an eerily similar battle is being fought all over again
31
James Comey, FBI director, has called a number of times for a “Golden Key” to be provided to law enforcement, to enable them to more efficiently break into encrypted channels of communication
32
Obama has echoed this request, as have many others (you’ll notice that a lot of this is quite US-centric)
33
Most recently in the news we have seen Apple square up to the FBI, who are looking for a unique “low security” version of iOS, which they can install on a suspect iPhone to aid in decrypting it
36
What do you think?
37
The argument being made today is very similar to those which were made in the 90s
38
The backdoor would put providers in an awkward position with other governments and international customers, weakening its value Those who want to hide their conversations from the government for nefarious reasons can get around the backdoor easily The only people who would be easy to surveil would be people who didn't care about government surveillance in the first place There was no guarantee someone else might not exploit the backdoor for their own purposes Source: Sean Gallagher, arstechnica
39
That same group of researchers published another paper last year on this subject, called “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications” (
40
“…if all information applications had had to be designed and certified for exceptional access, it is doubtful that companies like Facebook and Twitter would even exist.”
42
We need to talk about Edward…
43
Edward Snowden – born June 21, 1983
Edward Snowden – born June 21, A computer professional who worked for Booz Allen Hamilton and contracted for the NSA
44
Currently in exile in Russia
45
Was the subject of an international manhunt in 2013, including the forced landing of Bolivian President Evo Morales’ plane in Austria
46
Earlier in 2013 he leaked huge volumes of classified information from US intelligence agencies – likely in the order of 1 million documents or more
47
His first point of contact was Glenn Greenwald, who was then working with the Guardian. He also worked with filmmaker Laura Poitras, as well as other journalists
49
The first revelation was the PRISM program, published in The Guardian on June 5, 2013
51
There followed dozens of reports, published in the Guardian, the New York Times, and many other news outlets around the world (The Guardian, The New York Times, The Washington Post, Der Spiegel, El País, Le Monde, L'espresso, O Globo, ProPublica, Australian Broadcasting Corporation, Canadian Broadcasting Corporation, NRC Handelsblad, Sveriges Television)
52
There was a lot of shouting – people thought Snowden was a traitor, a hero, and everything in between
53
People argued for more surveillance, less surveillance, different surveillance…
54
Obama said “the sensational way in which these disclosures have come out has often shed more heat than light”
55
Crucially, the conversation has been brought out in the open
Crucially, the conversation has been brought out in the open. Anti-surveillance is now big business, not some niche position occupied by tinfoil hat wearing cranks
56
2012: "Mass surveillance is fine -- if it wasn't, you'd see major corporations trying to court new business by building in crypto tools that kept out the surveillance agencies. The fact that they're not doing this tells you that surveillance opponents are an out-of-touch, paranoid minority."
57
2016: "Mass surveillance is necessary -- when companies use crypto tools as 'marketing ploys,' they're getting in the way of something we all agree is proportionate and legitimate!"
58
Aftermath
59
The German government cancelled a major contract with US telecoms company Verizon
60
The Brazilian government rejected a $4
The Brazilian government rejected a $4.5 billion which had been negotiated with Boeing over 10 years – the contract instead went to Saab, with a Brazilian government source saying “The NSA problem ruined it for the Americans”
61
There were also other major decisions made globally: Google had a contract for improving voter registration cancelled in India; Cisco router sales fell 10% in China; the Chinese government declared the iPhone a “threat to national security”
62
10% of non-US companies have pulled contracts from US cloud providers (expected impact - $35 billion over 3 years)
63
Multiple international firms have sprung up to provide services that US companies can’t – namely, resistance to government eavesdropping/oversight
64
Glenn Greenwald said (June 2015):
"Internet companies like Facebook, Google, Apple, Yahoo and Microsoft are really petrified that if they don't demonstrate a commitment to their users' privacy and eliminate this perception that they've been collaborating with the NSA, it's going to destroy their future business prospect”
65
After the publication of details around the MUSCULAR program, which tapped Google’s internal fiber network, Google rushed to encrypt all of its internal data centre traffic
66
Eric Grosse, Google vice president for security engineering: “It’s an arms race. We see these government agencies as among the most skilled players in this game.”
67
Where next?
68
Expect encrypted communication to become a buzzier buzzword in the coming years
69
Anyone involved in any capacity in business IT will need to concern themselves with data security
70
Questions?
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.