| rfc9446v3.txt | rfc9446.txt | |||
|---|---|---|---|---|
| skipping to change at line 26 ¶ | skipping to change at line 26 ¶ | |||
| This memo contains the thoughts and recountings of events that | This memo contains the thoughts and recountings of events that | |||
| transpired during and after the release of information about the | transpired during and after the release of information about the | |||
| United States National Security Agency (NSA) by Edward Snowden in | United States National Security Agency (NSA) by Edward Snowden in | |||
| 2013. There are four perspectives: that of someone who was involved | 2013. There are four perspectives: that of someone who was involved | |||
| with sifting through the information to responsibly inform the | with sifting through the information to responsibly inform the | |||
| public, that of a security area director of the IETF, that of a human | public, that of a security area director of the IETF, that of a human | |||
| rights expert, and that of a computer science and affiliate law | rights expert, and that of a computer science and affiliate law | |||
| professor. The purpose of this memo is to provide some historical | professor. The purpose of this memo is to provide some historical | |||
| perspective, while at the same time offering a view as to what | perspective, while at the same time offering a view as to what | |||
| security and privacy challenges the technical community should | security and privacy challenges the technical community should | |||
| consider. | consider. These essays do not represent a consensus view, but that | |||
| of the individual authors. | ||||
| Status of This Memo | Status of This Memo | |||
| This document is not an Internet Standards Track specification; it is | This document is not an Internet Standards Track specification; it is | |||
| published for informational purposes. | published for informational purposes. | |||
| This is a contribution to the RFC Series, independently of any other | This is a contribution to the RFC Series, independently of any other | |||
| RFC stream. The RFC Editor has chosen to publish this document at | RFC stream. The RFC Editor has chosen to publish this document at | |||
| its discretion and makes no statement about its value for | its discretion and makes no statement about its value for | |||
| implementation or deployment. Documents approved for publication by | implementation or deployment. Documents approved for publication by | |||
| skipping to change at line 409 ¶ | skipping to change at line 410 ¶ | |||
| Perhaps the most surreal document disclosures were when artists | Perhaps the most surreal document disclosures were when artists | |||
| started writing fiction based on the documents. This was in 2016, | started writing fiction based on the documents. This was in 2016, | |||
| when Laura Poitras built a secure room in New York to house the | when Laura Poitras built a secure room in New York to house the | |||
| documents. By then, the documents were years out of date. And now | documents. By then, the documents were years out of date. And now | |||
| they're over a decade out of date. (They were leaked in 2013, but | they're over a decade out of date. (They were leaked in 2013, but | |||
| most of them were from 2012 or before.) | most of them were from 2012 or before.) | |||
| I ended up being something of a public ambassador for the documents. | I ended up being something of a public ambassador for the documents. | |||
| When I got back from Rio, I gave talks at a private conference in | When I got back from Rio, I gave talks at a private conference in | |||
| Woods Hole, the Berkman Center at Harvard, something called the | Woods Hole, the Berkman Center at Harvard, something called the | |||
| Congress and Privacy and Surveillance in Geneva, events at both CATO | Congress on Privacy and Surveillance in Geneva, events at both CATO | |||
| and New America in DC, an event at the University of Pennsylvania, an | and New America in DC, an event at the University of Pennsylvania, an | |||
| event at EPIC, a "Stop Watching Us" rally in DC, the RISCS conference | event at EPIC, a "Stop Watching Us" rally in DC, the RISCS conference | |||
| in London, the ISF in Paris, and...then...at the IETF meeting in | in London, the ISF in Paris, and...then...at the IETF meeting in | |||
| Vancouver in November 2013. (I remember little of this; I am | Vancouver in November 2013. (I remember little of this; I am | |||
| reconstructing it all from my calendar.) | reconstructing it all from my calendar.) | |||
| What struck me at the IETF was the indignation in the room, and the | What struck me at the IETF was the indignation in the room, and the | |||
| calls to action. And there was action, across many fronts. We | calls to action. And there was action, across many fronts. We | |||
| technologists did a lot to help secure the Internet, for example. | technologists did a lot to help secure the Internet, for example. | |||
| skipping to change at line 891 ¶ | skipping to change at line 892 ¶ | |||
| [Kahn1996]. In Elizabethan times in England, Sir Francis | [Kahn1996]. In Elizabethan times in England, Sir Francis | |||
| Walsingham's intelligence agency intercepted and decrypted messages | Walsingham's intelligence agency intercepted and decrypted messages | |||
| from Mary, Queen of Scots; these messages formed some of the | from Mary, Queen of Scots; these messages formed some of the | |||
| strongest evidence against her and eventually led to her execution | strongest evidence against her and eventually led to her execution | |||
| [Kahn1996]. | [Kahn1996]. | |||
| This pattern continued for centuries. In the United States, Thomas | This pattern continued for centuries. In the United States, Thomas | |||
| Jefferson invented the so-called wheel cipher in the late 18th | Jefferson invented the so-called wheel cipher in the late 18th | |||
| century; it was reinvented about 100 years later by Étienne Bazeries | century; it was reinvented about 100 years later by Étienne Bazeries | |||
| and used as a standard American military cipher well into World War | and used as a standard American military cipher well into World War | |||
| II [Kahn1996]. Jefferson and other statesmen of that era regularly | II [Kahn1996]. Jefferson and other statesmen of the late 18th and | |||
| used cryptography when communicating with each other. An encrypted | early 19th centuries regularly used cryptography when communicating | |||
| message was even part of the evidence introduced in Aaron Burr's 1807 | with each other. An encrypted message was even part of the evidence | |||
| trial for treason [Kerr2020] [Kahn1996]. Edgar Allan Poe claimed | introduced in Aaron Burr's 1807 trial for treason [Kerr2020] | |||
| that he could cryptanalyze any message sent to him [Kahn1996]. | [Kahn1996]. Edgar Allan Poe claimed that he could cryptanalyze any | |||
| message sent to him [Kahn1996]. | ||||
| The telegraph era upped the ante. In the US, just a year after | The telegraph era upped the ante. In the US, just a year after | |||
| Samuel Morse deployed his first telegraph line between Baltimore and | Samuel Morse deployed his first telegraph line between Baltimore and | |||
| Washington, his business partner, Francis Smith, published a codebook | Washington, his business partner, Francis Smith, published a codebook | |||
| to help customers protect their traffic from prying eyes [Smith1845]. | to help customers protect their traffic from prying eyes [Smith1845]. | |||
| In 1870, Britain nationalized its domestic telegraph network; in | In 1870, Britain nationalized its domestic telegraph network; in | |||
| response, Robert Slater published a more sophisticated codebook | response, Robert Slater published a more sophisticated codebook | |||
| [Slater1870]. On the government side, Britain took advantage of its | [Slater1870]. On the government side, Britain took advantage of its | |||
| position as the central node in the world's international telegraphic | position as the central node in the world's international telegraphic | |||
| networks to read a great deal of traffic passing through the country | networks to read a great deal of traffic passing through the country | |||
| skipping to change at line 1017 ¶ | skipping to change at line 1019 ¶ | |||
| Whitfield Diffie and Martin Hellman, at Stanford University, wondered | Whitfield Diffie and Martin Hellman, at Stanford University, wondered | |||
| about the 56-bit keys. In 1979, they published a paper demonstrating | about the 56-bit keys. In 1979, they published a paper demonstrating | |||
| that the US government, but few others, could afford to build a | that the US government, but few others, could afford to build a | |||
| brute-force cracking machine, one that could try all 2^56 possible | brute-force cracking machine, one that could try all 2^56 possible | |||
| keys to crack a message. NSA denied tampering with the design; a | keys to crack a message. NSA denied tampering with the design; a | |||
| Senate investigating committee found that assertion to be correct, | Senate investigating committee found that assertion to be correct, | |||
| but did not discuss the shortened key length issue. | but did not discuss the shortened key length issue. | |||
| This, however, was not Diffie and Hellman's greatest contribution to | This, however, was not Diffie and Hellman's greatest contribution to | |||
| cryptology. A few years earlier, they published a paper inventing | cryptology. A few years earlier, they had published a paper | |||
| what is now known as public key cryptography. (In fact, public key | inventing what is now known as public key cryptography. (In fact, | |||
| encryption had been invented a few years earlier at UK Government | public key encryption had been invented a few years earlier at UK | |||
| Communications Headquarters (GCHQ), but they kept their discovery | Government Communications Headquarters (GCHQ), but they kept their | |||
| classified until 1997.) In 1978, Ronald Rivest, Adi Shamir, and | discovery classified until 1997.) In 1978, Ronald Rivest, Adi | |||
| Leonard Adleman devised the RSA algorithm, which made it usable. (An | Shamir, and Leonard Adleman devised the RSA algorithm, which made it | |||
| NSA employee, acting on his own, sent a letter warning that academic | usable. (An NSA employee, acting on his own, sent a letter warning | |||
| conferences on cryptology might violate US export laws.) | that academic conferences on cryptology might violate US export | |||
| laws.) | ||||
| Around the same time, George Davida at the University of Wisconsin | Around the same time, George Davida at the University of Wisconsin | |||
| applied for a patent on a stream cipher; the NSA slapped a secrecy | applied for a patent on a stream cipher; the NSA slapped a secrecy | |||
| order on the application. This barred him from even talking about | order on the application. This barred him from even talking about | |||
| his invention. The publicity was devastating; the NSA had to back | his invention. The publicity was devastating; the NSA had to back | |||
| down. | down. | |||
| The Crypto Wars had thus begun: civilians were inventing strong | The Crypto Wars had thus begun: civilians were inventing strong | |||
| encryption systems, and the NSA was tampering with them or trying to | encryption systems, and the NSA was tampering with them or trying to | |||
| suppress them. Bobby Inman, the then-director of the NSA, tried | suppress them. Bobby Inman, the then-director of the NSA, tried | |||
| End of changes. 4 change blocks. | ||||
| 15 lines changed or deleted | 18 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||