Matt Blaze, a well-known public cryptographer and NSA critic (but I repeat myself), offered what seemed like a modest concession in the relentless campaign against NSA intelligence gathering:
The NSA’s tools are very sharp indeed, even in the presence of communications networks that are well hardened against eavesdropping. How can this be good news? It isn’t if you’re a target, to be sure. But it means that there is no good reason to give in to demands that we weaken cryptography, put backdoors in communications networks, or otherwise make the infrastructure we depend on be more “wiretap friendly”. The NSA will still be able to do its job, and the sun need not set on targeted intelligence gathering.
Don’t get me wrong, as a security specialist, the NSA’s Tailored Access Operations (TAO) scare the daylights of me. I would never want these capabilities used against me or any other innocent person. But these tools, as frightening and abusable as they are, represent far less of a threat to our privacy and security than almost anything else we’ve learned recently about what the NSA has been doing.
TAO is retail rather than wholesale.
A day later he revealed just how modest this olive branch was, making clear that he wants to take away the NSA’s best hacking tools. He told the Washington Post today that NSA should be required to surrender any undiscovered vulnerability it finds:
Among the weapons in the NSA’s arsenal are “zero day” exploits, tools that take advantage of previously unknown vulnerabilities in software and hardware to break into a computer system. The panel recommended that U.S. policy aim to block zero-day attacks by having the NSA and other government agencies alert companies to vulnerabilities in their hardware and software. That recommendation has drawn praise from security experts such as Matt Blaze, a University of Pennsylvania computer scientist, who said it would allow software developers and vendors to patch their systems and protect consumers from attacks by others who may try to exploit the same vulnerabilities.
Matt tries to square that circle by saying that NSA can keep exploiting the vulnerability at the same time that it reports. So at least we’ll have good intelligence on really stupid targets who don’t update their software. That’s some compromise.
The zero-day problem is a thorny one, to be sure. There are times when it’s in the country’s interest to patch rather than exploit a hole, but a policy requiring that holes always be patched will not stop hacking by anyone other than NSA.
UPDATE: Matt Blaze replied to my post on Dave Farber’s list as follows:
I’m the Matt Blaze in question, so forgive me for responding to Stewart here. I understand Stewart’s impulse to defend intelligence gathering tools, but he appears to misunderstand certain aspects of the kinds of modern software-based systems NSA is presumably seeking to exploit.
Reporting a vulnerability to a vendor/developer does not immediately preclude its exploitation, nor does it forever immunize a platform against attack. There are a number of reasons for this, not least because the lifecycle of complex software systems is itself complex, and there can be a considerable lag between the time a defect comes to the attention of a vendor / developer and the repair of that defect in any given user’s platform. It’s certainly true that reporting the vulnerability (whether this is done by NSA or someone else who discovers it) starts a clock running, by which point the attacker would need to have discovered a new vulnerability. Fortunately for intelligence agencies and other attackers, and unfortunately for everyone else, there’s an effectively an almost infinite pool of vulnerabilities waiting to be found in any non-trivial system.
What this means, in practice, is that an attacker who works hard enough can is virtually guaranteed to be able to stay ahead of the defenders, no matter how diligently the defenders are patching their systems. An “benevolent” attacker (such as I, and apparently the NSA review panel, believe the NSA should become) would have to work harder, because their window to use any given exploit becomes on average shorter. But this can be compensated for by devoting more resources to discovering the next vulnerability – in effect having a larger pipeline. Somewhat paradoxically, this means that a surveillance operation that puts in sufficient resources to look for bugs to exploit but also reports them can achieve the dual results of ensuring it has working tools while also helping protect us from other attackers who are looking to exploit the same systems. That seems like a good place for the NSA to be.
My co-authors Steve Bellovin, Sandy Clark, Susan Landau and I have explored this in some detail, albeit primarily in the law enforcement surveillance context. See, for example,http://www.crypto.com/papers/GoingBright.pdf andhttp://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107
I will admit to being a bit perplexed by Stewart’s implication that calling me a “cryptographer” is some kind of zinger that should render my opinions about cryptography and security inherently more suspect than those who don’t do research in the area. I knew that some people believe that to be true of climate scientists, but I didn’t realize that applied to cryptographers, too. Learn something new every day.
My quick response, also to Dave Farber, was:
In my experience the class of public cryptographers is a subset of NSA critics, so yes, I think Matt comes from a tradition that long ago made NSA the adversary, and his public statements over twenty years are well within that tradition.I don’t disagree with his view that there is a sliver of time between notification and deployment of the fix, and that under the Blaze plan NSA would still be able to exploit bugs in that moment of time. But that would be very bad for exactly the kind of intelligence gathering he claimed to think NSA should be doing. And it would allow foreign nations who discover zero-days first to exploit them relentlessly without fear that the vulnerability will be turned against them; because as long as NSA hasn’t reported the zero-day, NSA doesn’t know about it.