Presentation is loading. Please wait.

Presentation is loading. Please wait.

Edward Snowden and the NSA

Similar presentations


Presentation on theme: "Edward Snowden and the NSA"— Presentation transcript:

1 Edward Snowden and the NSA
Modern Encryption Edward Snowden and the NSA

2 I highly recommend reading everything they’ve written on the subject
This lecture, and the two that follow, are based to a large extent on work by Cory Doctorow (craphound.com), Bruce Schneier (schneier.com), Mark Cuban (blogmaverick.com) and Glenn Greenwald (theintercept.com, formerly The Guardian). It’s also based on the work done by Edward Snowden, whose twitter account is worth following: I highly recommend reading everything they’ve written on the subject (Not for the exam – just in general!)

3 In the beginning, nobody wrote anything down…

4 …but once they started, people started reading what they had written…

5 …and on the whole, people weren’t too happy about this

6 Early cryptography was quite basic

7 The Caesar Cypher, for example, simply shifts every letter by a certain “distance”. For a key of 3, ‘A’ becomes ‘D’, ‘B’ becomes ‘E’, etc

8

9 “Substitution cyphers” are a fairly broad church – you pair up letters using various different schemes to produce your encryption scheme

10 In modern terms, they’re all pretty useless

11 It turns out that most languages have a pretty predictable frequency distribution – with enough encrypted text, cracking a substitution cypher is trivial

12 Things didn’t change that much until the 20th Century

13 When they changed, however, they changed quickly

14 The Zimmerman telegram, decrypted by the British and passed to the US, is regarded as being a major factor in the entry of the US into WW2

15 The Enigma Machine, meanwhile, was a major strategic advantage for the Germans in WW2…

16 …until the Allies, first in Poland and then in Britain, got their hands on copies of the machine and reverse engineered it. Then it became a major advantage for the allies

17 It is an interesting footnote in history that the cracking of the enigma was more down to operational mistakes than technical weaknesses – the same is generally true of encryption today

18 The enigma can roughly be characterised as a “rolling substitution” cypher

19 Modern cryptography is quite different, and depends on advanced mathematical techniques (we’ll talk more about the specifics of this in the next lecture)

20 It’s hard to pin down the most important moments in cryptographic history – we’re going to look at a few of the more interesting ones

21 First, the Clipper chip

22 This was developed by the United States National Security Agency (NSA) in the 90s

23 It was intended to be adopted by telecommunications companies – it would allow government agencies who had “established their authority” to listen to a communication using “key escrow” (also known as “key surrender”)

24

25 Another major criticism of Clipper (aside from the obvious) was that it was designed in secrecy by the NSA – nobody else had access to its design to audit its effectiveness (we’ll talk more about open source again)

26 Ultimately there was little support for Clipper
Ultimately there was little support for Clipper. Other strong encryption was made available, and companies never adopted Clipper in any great number

27 In 1997, a paper was published by what was basically a “supergroup” of cryptologists, which excoriated key escrow in general and Clipper in particular

28 "The deployment of key-recovery-based encryption infrastructures to meet law enforcement's stated specifications will result in substantial sacrifices in security and greatly increased costs to the end user."

29 25 years later…

30 …an eerily similar battle is being fought all over again

31 James Comey, FBI director, has called a number of times for a “Golden Key” to be provided to law enforcement, to enable them to more efficiently break into encrypted channels of communication

32 Obama has echoed this request, as have many others (you’ll notice that a lot of this is quite US-centric)

33 Most recently in the news we have seen Apple square up to the FBI, who are looking for a unique “low security” version of iOS, which they can install on a suspect iPhone to aid in decrypting it

34

35

36 What do you think?

37 The argument being made today is very similar to those which were made in the 90s

38 The backdoor would put providers in an awkward position with other governments and international customers, weakening its value Those who want to hide their conversations from the government for nefarious reasons can get around the backdoor easily The only people who would be easy to surveil would be people who didn't care about government surveillance in the first place There was no guarantee someone else might not exploit the backdoor for their own purposes Source: Sean Gallagher, arstechnica

39 That same group of researchers published another paper last year on this subject, called “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications” (

40 “…if all information applications had had to be designed and certified for exceptional access, it is doubtful that companies like Facebook and Twitter would even exist.”

41

42 We need to talk about Edward…

43 Edward Snowden – born June 21, 1983
Edward Snowden – born June 21, A computer professional who worked for Booz Allen Hamilton and contracted for the NSA

44 Currently in exile in Russia

45 Was the subject of an international manhunt in 2013, including the forced landing of Bolivian President Evo Morales’ plane in Austria

46 Earlier in 2013 he leaked huge volumes of classified information from US intelligence agencies – likely in the order of 1 million documents or more

47 His first point of contact was Glenn Greenwald, who was then working with the Guardian. He also worked with filmmaker Laura Poitras, as well as other journalists

48

49 The first revelation was the PRISM program, published in The Guardian on June 5, 2013

50

51 There followed dozens of reports, published in the Guardian, the New York Times, and many other news outlets around the world (The Guardian, The New York Times, The Washington Post, Der Spiegel, El País, Le Monde, L'espresso, O Globo, ProPublica, Australian Broadcasting Corporation, Canadian Broadcasting Corporation, NRC Handelsblad, Sveriges Television)

52 There was a lot of shouting – people thought Snowden was a traitor, a hero, and everything in between

53 People argued for more surveillance, less surveillance, different surveillance…

54 Obama said “the sensational way in which these disclosures have come out has often shed more heat than light”

55 Crucially, the conversation has been brought out in the open
Crucially, the conversation has been brought out in the open. Anti-surveillance is now big business, not some niche position occupied by tinfoil hat wearing cranks

56 2012: "Mass surveillance is fine -- if it wasn't, you'd see major corporations trying to court new business by building in crypto tools that kept out the surveillance agencies. The fact that they're not doing this tells you that surveillance opponents are an out-of-touch, paranoid minority."

57 2016: "Mass surveillance is necessary -- when companies use crypto tools as 'marketing ploys,' they're getting in the way of something we all agree is proportionate and legitimate!"

58 Aftermath

59 The German government cancelled a major contract with US telecoms company Verizon

60 The Brazilian government rejected a $4
The Brazilian government rejected a $4.5 billion which had been negotiated with Boeing over 10 years – the contract instead went to Saab, with a Brazilian government source saying “The NSA problem ruined it for the Americans”

61 There were also other major decisions made globally: Google had a contract for improving voter registration cancelled in India; Cisco router sales fell 10% in China; the Chinese government declared the iPhone a “threat to national security”

62 10% of non-US companies have pulled contracts from US cloud providers (expected impact - $35 billion over 3 years)

63 Multiple international firms have sprung up to provide services that US companies can’t – namely, resistance to government eavesdropping/oversight

64 Glenn Greenwald said (June 2015):
"Internet companies like Facebook, Google, Apple, Yahoo and Microsoft are really petrified that if they don't demonstrate a commitment to their users' privacy and eliminate this perception that they've been collaborating with the NSA, it's going to destroy their future business prospect”

65 After the publication of details around the MUSCULAR program, which tapped Google’s internal fiber network, Google rushed to encrypt all of its internal data centre traffic

66 Eric Grosse, Google vice president for security engineering: “It’s an arms race. We see these government agencies as among the most skilled players in this game.”

67 Where next?

68 Expect encrypted communication to become a buzzier buzzword in the coming years

69 Anyone involved in any capacity in business IT will need to concern themselves with data security

70 Questions?


Download ppt "Edward Snowden and the NSA"

Similar presentations


Ads by Google