In the intervening months since former NSA contractor Edward Snowden leaked reams of classified National Security Agency (NSA) intelligence documents to reporters at The Guardian, The New York Times and The Washington Post, we’ve learned a lot about the operations of what was once the U.S. government’s most secretive agency.
We learned about PRISM – a long-running program of omnibus surveillance that solicited (and received) the cooperation of many of the world’s leading Internet service providers. We learned about the NSA’s creation of a surveillance system capable of collecting up to 75% of all the U.S. Internet traffic, and of analysts penchant for ignoring so-called “minimization” rules designed to prevent them from spying on U.S. citizens.
But the most recent revelations about the project code-named “Bullrun” are the most startling and, potentially, the most damaging to the technology community.
If you missed it, Bullrun is the NSA code name for a program in which the Agency worked overtly and covertly to weaken the encryption that countless private and public organizations and hundreds of millions of individuals use to secure communications online.
As reported in the pages of The New York Times, The Guardian and ProPublica, the U.S. spy agency collaborated with technology companies to subvert the security of encryption used to secure communications passed over their networks. More damning was the Agency’s work to covertly weaken standards – often by placing technical leads within the industry and standards organizations that were developing them.
The revelations about PRISM were disheartening. But that program, which had the NSA browbeating large technology platforms into disclosing information on their users, were also unsurprising: evidence of ‘the NSA being the NSA.” Bullrun is different, revealing an almost Machiavellian determination by the NSA to have access to every byte and bit of information coursing through the global Internet, regardless of the cost. Like one of the power-mad clans from the HBO series Game of Thrones, the NSA appears to have over-read its mandate post 9-11, and then badly overplayed its hand in dealings with technology firms, the global technology community, Congress, the American people and U.S. allies.
Among the first casualties is The National Institute of Standards and Technology (or NIST). That esteemed Institute, which was founded more than a century ago to be the keeper of standard weights and measures for the U.S. government has played a key role in the development and promotion of cyber security standards within the Government and (by extension) the broader economy. According to reports by The Guardian, the Times and ProPublica, NIST allowed the National Security Agency (NSA) to manipulate a key standard for what are known as random bit generators. Specifically, the NSA used its influence within the NIST board overseeing the NIST standard known as SP (or Special Publication) 800-90 to insert a pseudorandom number generator called Dual EC DRBG into the NIST standard. Dual EC DRBG, it turns out, contained a backdoor that allows the NSA to covertly decrypt material that was encrypted with the aid of that pseudorandom number generator. The NSA pushed for the use of the SP 800-90 standard and eventually became the “sole editor” of it –unbeknownst to the outside world.
NIST has since re-opened 800-90 for comment and says it’s committed to vetting other standards where there are questions about their reliability.
But the Institute’s failure to disclose the NSA’s role as a sole editor of an important standard is a huge breach of trust with the technology community.
Writing one of the most astute analyses of the controversy, Matthew Green, a cryptographer and research professor at The Johns Hopkins University said that the revelations about Dual EC DRBG are the first concrete proof that the NSA was using its influence at NIST for “evil” (i.e. offensive operations) as well as “good” (to make NIST standards more secure.
That breach of trust throws every other standard that NIST has created in cooperation with the NSA into doubt – technologies ranging from “pseudo-random number generators to hash functions and ciphers, all the way to the specific elliptic curves we use in SSL/TLS,” Green notes. “While the possibility of a backdoor in any of these components does seem remote, trust has been violated. It's going to be an absolute nightmare ruling it out.”
For those concerned about the security of software, the revelations about the NSA’s Bullrun program are particularly damaging. As Green notes: given the generally horrible state of software security, rock-solid standards for the storage and transmission of data have been one of the few pillars of the IT community – something we can rely on, even if their implementation so often falls short.
Bullrun topples that pillar – though the long term consequences (more open vetting of standards and their implementation by a suspicious public) may end up benefitting us all, even as it frustrates the code breakers at Fort Meade.