Mediaboss Marketing

Originally published January 15, 2015 at 9:40 AM | Page modified January 15, 2015 at 12:26 PM

A committee of scientific experts has concluded that there is no viable technological alternative to bulk collection of data by the National Security Agency that allows analysts access to communications whose significance only becomes clear years later.

An 85-page report by the National Research Council, commissioned last year in the wake of surveillance revelations by former NSA contractor Edward Snowden, did not take a position on the merits of bulk collection of telephone or other records. But asked to look for effective software alternatives to bulk collection, it concluded there weren't any, in cases when, for example, the NSA wants to examine the past communications of new terror suspects.

"Restricting bulk collection will make intelligence less effective, and technology cannot do anything about this," the report says. 'Whether the gain in privacy is worth the loss is a policy question that the committee does not address."

If a particular set of communications becomes significant, the report says, "because of new circumstances such as identifying a new target, a non-nuclear nation that is now pursuing the development of nuclear weapons, an individual that is found to be a terrorist, or new intelligence-gathering priorities_historical events and the data they provide will be available for analysis only if they were previously collected."

The report does suggest ways to mitigate the privacy impact of bulk collection by restricting use of the data, something NSA says it does.

"Although no software can fully replace bulk with targeted information collection, software can be developed to more effectively target collection and to control the usage of collected data," the report says.

It recommends the use of automatic controls on bulk data, with audits that can be publicly shared.

The study was conducted by a committee of the National Academies, which advises the government on scientific matters. The committee was chaired by Robert Sproull, a former Oracle executive and computer scientist now at the University of Massachussetts.

The committee included a variety of experts, including Michael Leiter, former director of the National Counter Terrorism Center.

See the rest here:
Science panel: No alternative to NSA bulk data collection

The NSA's director of research Michael Wertheimer says it's "regrettable" that his agency continued to support Dual EC DRBG even after it was widely known to be hopelessly flawed.

Writing in Notices, a publication run by the American Mathematical Society, Wertheimer outlined the history of the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG), and said that an examination of the facts made it clear no malice was involved.

Dual EC DRBG is a random number generator championed by the NSA in the 2000s. Number generators are an essential component of encryption systems; a weak generator will leave encrypted data vulnerable to decoding by an attacker.

This random number generator was eventually approved as a trustworthy algo by the US National Institute of Standards and Technology (NIST), despite concerns that it could be faulty, and RSA made it the default encryption systems in its BSAFE toolkits. A subsequent report suggested the NSA paid RSA $10m to include the flawed algorithm a claim RSA denies.

In 2007 two Microsoft security researchers, Dan Shumow and Niels Ferguson, pointed out that there were serious flaws with Dual EC DRBG, and that using it with elliptic curve points generated by the NSA could create a "trap door" that would allow encryption to be easily broken.

"With hindsight, NSA should have ceased supporting the Dual EC DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual EC DRBG algorithm as anything other than regrettable," Wertheimer wrote [PDF].

"The costs to the Defense Department to deploy a new algorithm were not an adequate reason to sustain our support for a questionable algorithm. Indeed, we support NIST's April 2014 decision to remove the algorithm. Furthermore, we realize that our advocacy for the Dual EC DRBG casts suspicion on the broader body of work NSA has done to promote secure standards."

The case doesn't prove the NSA is actively trying to subvert crypto standards, Wertheimer argued, merely that a mistake had been made and then rectified. He pointed out that the NSA was keen to fund more mathematical research and post September 11 this work was vitally needed.

But Wertheimer's version of events isn't sitting well with some experts in the field. Assistant research professor Matthew Green of Johns Hopkins University Information Security Institute in Maryland has written a rebuttal to Wertheimer, pointing out several holes in his story.

For a start, Prof Green said problems with Dual EC DRBG systems that used the NSA's elliptic curve points were first noticed way back in 2004 by members of an ANSI standards committee, when NIST was still considering backing the algorithm. Someone on the panel even went as far as to file a patent on breaking encryption using the system.

The rest is here:
NSA: SO SORRY we backed that borked crypto even after you spotted the backdoor

NSA director backs FBI claim that N. Korea is behind Sony cyber attack NSA
The U.S. National Security Agency has echoed the FBIs conclusion that North Korea was behind the recent cyber attack on Sony Pictures. NSA Director Michael Rogers told The Daily Beast that...

By: ARIRANG NEWS

Read more:
NSA director backs FBI claim that N. Korea is behind Sony cyber attack NSA - Video

CIA, NSA No Touch Torture Coward Program
THE NSA AND DoD IS FUCKING WITH US FOR THE SAKE OF NEO NAZI NEW WORLD ORDER EUGENICS I.E. AGENDA 21. THEY USE WEAPONIZED SATELLITES/UAV SPY DRONES (DIRECTED ...

By: STOP TERRORISM

Read the original post:
CIA, NSA No Touch Torture Coward Program - Video

NSA used 9 11 to get basically everything it wanted Laurie Dhue talking with Glenn Beck 20130314H2

By: Glenn Beck-erwoods

Read the original post:
NSA used 9 11 to get basically everything it wanted Laurie Dhue talking with Glenn Beck 20130314H2 - Video