[Infowarrior] - Shunned as NSA Advisers, Academics Question Their Ties to the Agency

Richard Forno rforno at infowarrior.org
Tue Feb 11 08:53:36 CST 2014


(via IP)

February 10, 2014

Shunned as NSA Advisers, Academics Question Their Ties to the Agency

http://chronicle.com/article/Shunned-as-NSA-Advisers/144639/?key=TT93JQU5ZXVNNns1YD4RYDxUa3BkN011Y3IeYyohbl5UFw== 

For decades, the National Security Agency’s main internal advisory board was rich with scientists from major research universities, helping the agency’s leaders keep American spies technologically a step ahead of their Cold War rivals.

Then, in the past dozen years or so, around the same time the NSA began its controversial wholesale collection of phone and computer data, the agency was quietly making another change: Replacing many of those academics with corporate advisers more steeped in the tactics of surveillance than in either basic science or overall strategies.

Now many academics are trying to be heard from the outside, arguing that the NSA’s spying tactics are proving counterproductive and that university researchers have a duty to stop assisting them.

"It is time to seriously consider the relationship that exists between academia and the NSA, both the potential for good and the need for caution," Stefan A. Forcey, an assistant professor of mathematics at the University of Akron, wrote last month in the Notices of the 

A few months before that, Alexander A. Beilinson, a professor of mathematics at the University of Chicago, suggested in the same publication that those working with the NSA should be ostracized, just as "working for the KGB was socially unacceptable for many in the Soviet Union."

Their appeals were followed on January 24 by an open letter from a group of 50 researchers warning of long-term damage to society and to the nation’s technological enterprise from the NSA’s reported tactic of intentionally weakening computer-security standards so it can carry out spy operations.

"Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals," the researchers wrote, "but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life."

More Secrecy
From almost the time the NSA was founded, in the early 1950s, the board that advised its director was dominated by academic stars from such institutions as the Massachusetts Institute of Technology, the California Institute of Technology, and the University of Chicago.

That began shifting in the late 1990s, as the Internet rose in popularity. A series of intelligence failures exposed the NSA as too focused on intercepting satellite and radio signals, and insufficiently attuned to the growth of computer-based communications traveling in cables.

To catch up, the NSA turned to technology companies and other corporate experts, and to even greater levels of secrecy. In 2005, Congress formally renamed the NSA director’s National Security Agency Advisory Board the "Emerging Technologies Panel," and made its activities fully exempt from public-disclosure laws. Now its members aren’t publicly disclosed, although those inside and outside the NSA have said that academics have been left with a diminished role on the board.

An NSA spokeswoman, Vanee M. Vines, said that the board’s 18 members meet quarterly "to discuss a range of technical issues with agency leaders, offering critical insights or advice," but that she couldn’t identify the board’s current membership or agenda.

One of the few academics to publicly acknowledge recent participation on the panel is Philip J. Hanlon, president of Dartmouth College. He spent about 13 years on the board, until 2007, while a professor of mathematics at the University of Michigan at Ann Arbor.

He said he recalled the board’s transition as a move toward "nonscientific" advice, aimed more at "the running of the business."

John C. Inglis, who retired last month as the NSA’s deputy director, describes similar motivations, saying the NSA began choosing board members with an eye toward a specific expertise they could bring, in areas that could include human resources or communications. "While we certainly include them, no one from higher ed comes to mind" among the board's current membership, he said, "because our selections are based on expertise more than affiliation with some organization."

With fewer university advisers, the board may have lost some of the moderating influence that derives from a more holistic approach, said Matthew M. Aid, an author whose writings aim at illuminating the NSA. "Academics sort of look at the whole problem from top to bottom," he said.

It’s not just the advisory board that’s changed, Mr. Aid said. With the exception of the NSA’s current director, Keith B. Alexander, a four-star Army general, the agency’s top management corps for the past five or six years has consisted entirely of software engineers, Mr. Aid said. (Mr. Alexander is retiring in March, to be replaced by Michael S. Rogers, a vice admiral who leads the Navy’s Fleet Cyber Command.)

When that engineering-heavy leadership wants a formal review of a policy question or practice, Mr. Aid said, it tends to hire established Washington consultants, such as those from the RAND Corporation, rather than assign a team of academics, as it had in the past.

Power of Math
The shift away from academic expertise is especially worrisome to many mathematicians, for whom the NSA has long been their field’s single largest employer outside education. In the months since Edward J. Snowden fled the United States with tens of thousands of electronic documents describing NSA practices, mathematicians are realizing that they are in the same position as nuclear physicists in the middle of the last century, and business students in more recent times—suddenly needing to figure out the ethics behind what they do, said Edward Frenkel, a professor of mathematics at the University of California at Berkeley.

"Our community has been behind the curve," Mr. Frenkel said, along with much of the world, in not fully appreciating that "in the 21st century, a mathematical formula could be just as powerful as a nuclear bomb."

According to one set of reports tied to the Snowden documents, the NSA made arrangements with RSA, a leading computer-security firm, to insert a flaw into its formula for generating random numbers associated with widely used encryption products. Other reports describe the NSA as persuading the National Institute of Standards and Technology, the federal agency that sets U.S. encryption standards, to select security formulas that the NSA would be able to decipher.

For scientists and for the country as a whole, such security strategies are self-defeating in the long run, said Joan Feigenbaum, a professor of computer science at Yale University, who helped organize last month’s protest letter by 50 senior experts in cryptography and computer science.

That kind of tactic has already backfired elsewhere, she said. Reported instances include wiretapping capabilities that were built into the phone network of Greece, only to be exploited by an unknown perpetrator who eavesdropped on calls involving top government leaders.

Ms. Feigenbaum said she expected governments to conduct surveillance operations. When they follow proper procedures, such as obtaining warrants from courts, however, secret backdoor entries into systems shouldn’t be necessary, she said.

Student Training
The concern among researchers is growing at the same time that the NSA is finding a more receptive audience in other quarters of universities. The agency, structurally an arm of the Department of Defense, leads two Pentagon-affiliated research facilities on university campuses: one at the University of Maryland at College Park, which studies language and human cognition, and the other at the Stevens Institute of Technology, focused on systems engineering.

And more than 100 universities, eager to offer their students career opportunities, now participate in a program through which the NSA and the Department of Homeland Security certify them as Centers of Academic Excellence for teaching courses in subjects that include computer science and electrical engineering.

One institution pursuing that certification, Excelsior College, last month opened a National Cybersecurity Institute in Washington. The facility is little more than a TV studio and conference room in an office building a few blocks from the White House, where the college, an online institution based in New York, hopes to use government experts from the NSA and other security agencies to supplement its expanding menu of courses in cybersecurity.

Information security is one of the nation’s fastest-growing job categories, with employment expected to increase by 37 percent in the decade ending in 2022, the Bureau of Labor Statistics has reported. Excelsior’s president, John F. Ebersole, a Vietnam veteran and retired Coast Guard commander, said his college is among many moving aggressively into the field.

The Snowden scandal did give Excelsior leaders "quite a lot" to consider just as they were preparing the initiative, such as whether the NSA’s actions had been "ethical and appropriate, particularly as it concerns other countries and leaders," Mr. Ebersole said. In the end, the college concluded that the disclosures amounted largely to embarrassment, as the NSA had not been formally found to have violated any laws, he said.

Even universities and researchers that aren’t interested in dealing directly with the NSA or doing classified work may be helping out, Mr. Hanlon said. That’s because the NSA often will try to "extract the mathematical question out of their problem," widening the pool of university researchers who could work on it without getting involved in classified details, he said.

Leading areas of research include number theory, which is a source for encryption protocols; the development of algorithms and processes to more efficiently map and sort large amounts of data; the development of faster computers and better storage systems; and the testing of computer vulnerabilities.

Research Funding
The NSA has extensive ties to the American Mathematical Society, using it to directly recruit workers for sabbaticals at the agency, and to help the agency finance college math programs and researchers in general.

The mathematical society also administers the distribution of research grants financed by both the NSA and the National Science Foundation. The foundation, which makes its budget information public, says its Division of Mathematical Sciences has an annual budget of about $240-million.

The NSA grants refereed by the society "are similar to NSF ones, but smaller, and there are more of them," Mr. Beilinson said.

Joseph L. Hall, chief technologist at the Center for Democracy & Technology, a nonprofit advocacy group, said there is widespread suspicion that the two agencies coordinate so that NSF grant requests help further NSA goals.

The science foundation, for its part, emphasizes its independence. It isn’t opposed to the reuse of NSF-financed research for NSA activities, said Aaron Dubrow, a foundation spokesman, but it doesn’t actively seek or take guidance from the security agency.

The NSA may have other ways of using universities to further its agenda. The Johns Hopkins University, a leading recipient of classified-research dollars, made headlines last year when it asked Matthew D. Green, an assistant research professor of computer science, to remove a blog posting that referred to news articles about leaked NSA documents concerning encryption technologies.

Mr. Green, who was later allowed to repost the item, said he is among those waiting for university researchers to reassess their ties to the NSA. "I know a lot of computer scientists who are upset about the NSA revelations," he said. "But I haven’t seen any of this break out into a more coherent national debate."



---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.



More information about the Infowarrior mailing list