Imagine a hypothetical world in which it's been revealed that the NSA is spying on the entire internet through the means we generally expected them too, i.e. an army of super-smart crypto people and access to more computing power than God. What would happen following this revelation?
I anticipate that there would be outcry similar to what we've seen, followed by efforts to block their access. Companies like Google, Apple, Microsoft, all the tech heavyweights, would lead the charge. I think there'd be a lot of newfound interest in moving from crypto that's "good enough" to crypto that's deeply over-engineered. 1024-bit AES variant, anyone?
Instead, the NSA has gained their access largely through influence. This is smart, considering their mission. Why crack good crypto when you can just bypass it, or at least ensure that the crypto is not so good? It's certainly way easier. As far as we know, there's still no realistic way for them to crack a solid implementation of things like AES, so it's really the only way.
Are Google, Apple, Microsoft, et al leading the charge for better crypto in our world? No, because they're hopelessly compromised. Nobody trusts them, because the NSA has subverted all of them.
I anticipate that any new crypto, whether algorithm, system, or implementation, involving the United States in any way will be completely shunned. The US's tech giants will be shut out of a lot of activities. A huge chunk of the US's tech dominance will shift elsewhere. This will hurt the US economy and the US's security.
In short, the question comes down to, how do you avoid NSA spying? And that depends on how the NSA spies. If they spied due to math and computers, then you avoid NSA spying with better math and better computers. If they spied by broadly subverting a huge number of companies and organizations, as appears to be the case, then you avoid NSA spying by avoiding the American tech industry. This is tremendously damaging.
We don't need just better crypto, but some way of doing encrypted computation in the cloud and anonymous routing. We need technological protection against the cloud vendors just as much as we need to protect the backbone from being spied on.
Certainly, they need to be reined in. Cracking crypto is their job. Sabotaging standards processes and forcing people to turn over data and gagging them with National Security Letters is very much no their job, and must be stopped.
Apologies; I deleted my comment because i realized it was not directly addressing your argument.
I will add that while I agree it will certainly be done- I was saying that Mother Jones is arguing the "how" shouldn't have been disclosed because all that we need to know is the "what"- because political avenues are the most suitable avenues for recourse, and do not need the "how".
No problem. Nothing wrong with tangents as long as they're understood as such.
Anyway, I still think the "how" is important. If the NSA was spying on everybody with sheer technical prowess, the political remedy would basically be, "Hey, you guys need to tone it down. Limit the spying to actual enemies." The techniques would be OK, they just need to be applied more carefully.
The way things are now, the techniques are unacceptable. The political remedy here needs to be, "Hey, you guys need to stop sabotaging crypto standards, forcing tech companies to hand over data, and threatening them with prison if they talk. Stick with the technical prowess stuff you're supposed to be doing."
>"Hey, you guys need to stop sabotaging crypto standards,
forcing tech companies to hand over data, and threatening
them with prison if they talk. Stick with the technical
prowess stuff you're supposed to be doing."
This is really a key point that can't be emphasized enough. Anyone who was paying attention in the 1990s knew that the NSA has a significant technological advantage over the U.S. private sector and the rest of the world, but even pretty serious civil libertarians were not concerned, because there was no possibility of dragnet spying on today's scale, and because most of us assumed -- rightly or wrongly -- that the NSA was for the most part keeping out of domestic affairs and politics (funding issues aside).
Now, it's abundantly clear that the NSA not only has inserted itself deeply into our political process, routinely cooperates with domestic law enforcement, bullies, coerces, and co-opts U.S. industry, and very likely spies on politicians and activist groups. For anyone who has studied modern history, this sets off major alarm bells.
I keep hearing "what's changed" from NSA stalwart defendants. My answer: everything.
I think that is by far the most important thing.
Imagine a hypothetical world in which it's been revealed that the NSA is spying on the entire internet through the means we generally expected them too, i.e. an army of super-smart crypto people and access to more computing power than God. What would happen following this revelation?
I anticipate that there would be outcry similar to what we've seen, followed by efforts to block their access. Companies like Google, Apple, Microsoft, all the tech heavyweights, would lead the charge. I think there'd be a lot of newfound interest in moving from crypto that's "good enough" to crypto that's deeply over-engineered. 1024-bit AES variant, anyone?
Instead, the NSA has gained their access largely through influence. This is smart, considering their mission. Why crack good crypto when you can just bypass it, or at least ensure that the crypto is not so good? It's certainly way easier. As far as we know, there's still no realistic way for them to crack a solid implementation of things like AES, so it's really the only way.
Are Google, Apple, Microsoft, et al leading the charge for better crypto in our world? No, because they're hopelessly compromised. Nobody trusts them, because the NSA has subverted all of them.
I anticipate that any new crypto, whether algorithm, system, or implementation, involving the United States in any way will be completely shunned. The US's tech giants will be shut out of a lot of activities. A huge chunk of the US's tech dominance will shift elsewhere. This will hurt the US economy and the US's security.
In short, the question comes down to, how do you avoid NSA spying? And that depends on how the NSA spies. If they spied due to math and computers, then you avoid NSA spying with better math and better computers. If they spied by broadly subverting a huge number of companies and organizations, as appears to be the case, then you avoid NSA spying by avoiding the American tech industry. This is tremendously damaging.