Surveillance or Security in the NSA Report


Much commentary has already been generated by the report from the President’s Review Group on Intelligence and Communications Technologies - widely referred to as "The NSA Report" - especially its recommendation that the NSA discontinue the controversial Section 215 program of collecting telephony metadata. We thought it worth pointing out that Susan Landau's authoritative book on the subject, Surveillance or Security?, is cited in a footnote in the report at page 192, during a discussion of cryptography standards.

The NSA's role is not only listening to other people's communications; it's Information Assurance Directorate is responsible for protecting US military and diplomatic communications.  This means developing cryptography for US government uses.  But the leaked documents show that not only has NSA been broadly listening in everywhere, it has also been actively attacking cryptographic standards - a clear conflict for the agency. As the report puts it:

We are concerned that having IAD embedded in a foreign intelligence organization creates potential conflicts of interest. A chief goal of NSA is to access and decrypt SIGINT, an offensive capability. By contrast, IAD’s job is defense. When the offensive personnel find some way into a communications device, software system, or network, they may be reluctant to have a patch that blocks their own access. This conflict of interest has been a prominent feature of recent writings by technologists about surveillance issues

...including our own Dr. Landau, who's currently a Senior Staff Privacy Analyst at Google.