Skip to the Main Content

Note:These pages make extensive use of the latest XHTML and CSS Standards. They ought to look great in any standards-compliant modern browser. Unfortunately, they will probably look horrible in older browsers, like Netscape 4.x and IE 4.x. Moreover, many posts use MathML, which is, currently only supported in Mozilla. My best suggestion (and you will thank me when surfing an ever-increasing number of sites on the web which have been crafted to use the new standards) is to upgrade to the latest version of your browser. If that's not possible, consider moving to the Standards-compliant and open-source Mozilla browser.

January 13, 2014

The Electronic Frontier Foundation at the Joint Meetings

Posted by Tom Leinster

Going to the Joint Mathematics Meetings in Baltimore this week? Then drop in at Booth 330, which will be occupied by the Electronic Frontier Foundation.

The EFF have been doing fantastic work for over 20 years, keeping the internet the kind of place you most likely want it to be: ensuring your freedom of speech, protecting your privacy, and defending the core principles of the internet against the controlling ambitions of both corporations and governments. Although they’re only a small nonprofit organization, with a comparatively minuscule budget, they’ve had a string of legal victories against huge players. They deserve your support!

But what are they doing at the Joint Mathematics Meetings? It was the idea of Thomas Hales. Hales is famous for, among other things, proving the Kepler sphere-packing conjecture. (He also wrote a very nice introduction to motivic measure, mentioned here in passing a couple of years ago.)

Hales anticipated that the NSA would be recruiting mathematicians with particular fervour this year: in order to recruit, they’ll need to overcome the outrage caused by the recent revelations of mass, population-level, surveillance. They’ll want to persuade mathematicians that what they’re doing is good for society. And the EFF will be there to tell mathematicians that there may be better channels for their talents.

In an earlier post, Bas Spitters immediately put his finger on the point where mathematics most directly touches the NSA scandal: the undermining of internet encryption. What you might not have immediately picked up from casually reading the newspapers is that among the variety of techniques used by the secret services to get round encryption, they managed to insert a back door into a cryptographic protocol based on elliptic curves.

The definitive mathematical account of this is Hales’s piece in the February 2014 issue of the Notices of the AMS. There are many other accounts from different perspectives. But rather than dump a large number of links on you, let me highlight one by the EFF.

The EFF piece quotes from an internal NSA document, which lists as one of their items of budgetary spending:

Insert vulnerabilities into commercial encryption systems, IT systems, networks …

And the EFF article makes a crucial point:

By weakening encryption, the NSA allows others to more easily break it. By installing backdoors and other vulnerabilities in systems, the NSA exposes them to other malicious hackers—whether they are foreign governments or criminals. As security expert Bruce Schneier explained, “It’s sheer folly to believe that only the NSA can exploit the vulnerabilities they create.”

In other words, even if (for some reason) you trust the NSA with everyone’s data, their undermining of internet encryption makes the world a more dangerous place.

Maybe you’re saying: what’s done is done. The outlook is gloomy, but what can we do now?

One immediate priority is to stop the situation becoming normalized. Those who wish to destroy online privacy will want to make the NSA’s actions seem like an unexceptional part of protecting national security. The NSA will, I imagine, be trying to persuade mathematicians in Baltimore this week that the whole fuss is really rather overblown; that perhaps a few checks and balances need adjusting, but fundamentally what it’s doing is good. The opposite argument needs to be made, and I imagine the EFF will be making it.

But more positive actions are possible. Mathematicians involved in cryptography can speak up! They can say “I do not want to contribute to mass surveillance”, just as physicists and engineers have refused to contribute to the building of nuclear weapons, and doctors have refused to participate in torture. We can withdraw our labour. We have that choice.

And mathematicians have a role to play in building new tools that allow genuine privacy. In the wake of the Snowden revelations, there’s been a big push to develop encrypted channels of communication that are secure against government snooping. Mathematicians can help.

It’s important to realize that as far as we know, the NSA has made no decisive mathematical cryptographic advance of which the rest of the world is ignorant. Snowden said in June:

Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

The NSA have used social, legal, physical and other means to weaken encryption, but the underlying mathematics has not been challenged. Nonetheless, mathematical expertise will be needed to build new, better, tools.

I’d love to go along to the EFF booth this week and help out. Unfortunately, I’m on the wrong side of the Atlantic. But if you’re going to be there and you want to help out, I believe they’d appreciate it. Just drop an email to Yan Zhu, who will be the official EFF representative there, or talk to her in person when you arrive.

And if you can’t be there, but reading this has made you want to help in some other way, why not join the EFF?

Postscript  For more on the NSA’s weakening of internet encryption, here are some further links. I already linked to one post by the Johns Hopkins computer scientist Matthew Green; here’s a more technical companion post. Less technically, there’s a great piece by IT security legend Bruce Schneier, and of course there’s any number of articles for a general readership.

Posted at January 13, 2014 2:58 AM UTC

TrackBack URL for this Entry:

15 Comments & 1 Trackback

Re: The Electronic Frontier Foundation at the Joint Meetings

Thanks for this post. I have been a card carrying EFF member for several years now. Their legal and advocacy work in defense of internet freedom and free speech is obviously valuable, but they also play an equally important role in educating the lay public about digital security, encryption methods, and so on (as an example, here is a classsic EFF whitepaper from 2011 on useful encryption techniques in the context of crossing the US border).

I am absolutely delighted that will have a booth at the Joint Math Meetings. There is no organization better equipped to spread the message.

Posted by: Abhishek Saha on January 13, 2014 10:23 AM | Permalink | Reply to this

Re: The Electronic Frontier Foundation at the Joint Meetings

Thanks for the link to the white paper. I agree, it’s great.

It’s not that I have anything in particular to protect: I just resent the idea that someone can search my stuff, in a way that they couldn’t when I’m inside a country, just because I happen to be crossing a border. And the fact that border officials have that power has truly worrying implications when applied to people more politically active than me.

Posted by: Tom Leinster on January 13, 2014 5:10 PM | Permalink | Reply to this

Re: The Electronic Frontier Foundation at the Joint Meetings

Yes, this. This is the point that keeps recurring to me too: surveillance methods being used to intimidate and chill free speech and dissent.

Various politicians offer assurances (invariably of the most hand-waving variety) that NSA surveillance is used to counteract terrorism and has helped blocked all sorts of (unspecified) threats. While that sounds like a good thing, it’s extraordinary just how labile the term “terrorist” is, or what can be designated a terrorist organization. For one example, I guess it’s well known that Nelson Mandela was removed from the US terrorist watch list only in 2008 (the ANC of course had been designated a terrorist group by the old apartheid regime in South Africa, and with the US following suit for decades).

Another example that comes to mind, here in the US, is the activist group “Food, Not Bombs”, who mainly distribute free food (e.g. surplus food from bakeries or grocery stores that would otherwise be thrown out) as part of protest against poverty and war. They are leftist in orientation, but emphatically nonviolent. They too have been tarred with the “terrorist” label by FBI officials. Basically, the word “terrorist” can be stretched to mean all kinds of things, to apply to many shades of resistance and dissent. Taken in conjunction with the revelations of the reach of NSA surveillance, this should have worrying implications.

Posted by: Todd Trimble on January 13, 2014 7:51 PM | Permalink | Reply to this

Re: The Electronic Frontier Foundation at the Joint Meetings

I actually didn’t know that Mandela was on the USA terrorist watch-list until 2008 till very recently. I thought that argument had been won a long time ago.

Mission creep is definitely a moral hazard in automatic mass surveillance. Terror as a word is subject to abuse. One forgets, for example, that politics and grievances are involved. I can quite easily imagine it becoming a word meaning someone or some politics that is not liked.

Climate Change/Environmentalism is one area that has become heavily politicised, and it wouldn’t surprise me if that movement in some ways isn’t classified as terrorism.

Come to think of it there was a case in the UK a few years ago where undercover police had infiltrated a small group of activists (one woman was made pregnant by one of them!)

In the UK there has been no history of this which is perhaps why it doesn’t seem to be taken particularly seriously by the press. I was alarmed to hear for example that the Guardian Offices were visited by some goverment ‘heavies’ - which is the sort of thing that one reads about usually of other countries.

I’d be interested to know how other European countries who have had a history of this recently are taking this.

In the US, from what I gather, there has been a long history of being against ‘Big’ government. I suspect the NSA revelations feed into that.

Posted by: Mozibur Ullah on January 15, 2014 1:35 PM | Permalink | Reply to this

Re: The Electronic Frontier Foundation at the Joint Meetings

And the fact that border officials have that power has truly worrying implications when applied to people more politically active than me.

That’s a great point. And this power is routinely abused by governments to evade legal and constitutional restrictions on their surveillance powers on politically active people.

Yet there is also a sweet irony in all this. For, if not for the repeated border harassment and detention that American journalist and documentary filmmaker Laura Poitras was subjected to between 2003 and 2010, she would not have gotten involved in the Snowden revelations, and without her extraordinary presence, there is a good case to be made that none of the revelations would have happened. Here is a definitive account of this story; apologies if you have read it already.

Posted by: Abhishek Saha on January 14, 2014 9:56 AM | Permalink | Reply to this

Re: The Electronic Frontier Foundation at the Joint Meetings

We mathematicians are lagging far behind the hacker community on ethics. Based upon only Snowden’s early revelations, the U.S.’s premiere computer security and hacker conference DEF CON asked the NSA, and other federal agencies, not merely to not exhibit or recruit this year, but not even to attend. Jeff Moss (aka The Dark Tangent) wrote on behalf of DEF CON :

For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.

When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a “time-out” and not attend DEF CON this year.

Recently, security researchers have begun boycotting the RSA Conference. They’re even asking Stephen Colbert not to perform at the RSA conference.

We should lobby the AMS, MAA, etc. not to allow the the NSA to recruit at the JMMs next year.

Also, there is an excellent letter by Alexander Beilinson in Notices of the AMS, col 60, no. 11 in which he proposes :

The NSA destroyed the security of the Internet and privacy of communications for the whole planet. But if any healing is possible, it would probably start with making the NSA and its ilk socially unacceptable—just as, in the days of my youth, working for the KGB was socially unacceptable for many in the Soviet Union

Posted by: Jeff Burdges on January 13, 2014 10:46 AM | Permalink | Reply to this

Re: The Electronic Frontier Foundation at the Joint Meetings

I agree, mathematicians are hardly used to thinking about professional ethics at all. (I mean the ethics of their research, of course, not teaching ethics.) I guess this is all the more so for mathematicians who regard themselves as “pure”.

We had a discussion about Beilinson’s letter back here. I’m still waiting for a response from the LMS, more than two months on. I’m told that the president, Terry Lyons, is writing to me, but I’ve had nothing so far.

In contrast, the AMS have published on the surveillance scandal in the last three issues of the Notices (1, 2, 3). The academics who volunteer to run the LMS are busy people doing a service for the community, but I can’t help being disappointed at how low a priority the LMS seem to be giving this.

Posted by: Tom Leinster on January 13, 2014 11:22 AM | Permalink | Reply to this

Re: The Electronic Frontier Foundation at the Joint Meetings

Probably most members of the public are not aware that the majority of mathematicians have a personal moral objection to what the NSA is doing. I encourage everyone here to lend a mathematician’s perspective to the public political debate, for instance, on the following discussion thread.

Posted by: Jeffery Winkler on January 14, 2014 9:35 PM | Permalink | Reply to this

Re: The Electronic Frontier Foundation at the Joint Meetings

I suspect most members of the public don’t think about the existence of mathematicians at all, and if they do, have a very distorted idea of what mathematicians actually do and are. For instance, I don’t know whether the general public would make a clear distinction between a mathematician and an engineer. But I take your point.

(By the way, I fixed your link. You have to be careful using underscores in Markdown, which is the syntax this site uses for comments. Usually, Markdown interprets text enclosed between underscore symbols as italic. Put a backslash before each underscore if you want it to interpret the underscore literally.)

Posted by: Tom Leinster on January 14, 2014 9:48 PM | Permalink | Reply to this

Re: The Electronic Frontier Foundation at the Joint Meetings

Washington State Bill Proposes Criminalizing Help to NSA, Turning Off Resources to Yakima Facility

“Practically speaking, the bill prohibits state and local agencies from providing any material support to the NSA within their jurisdiction. This includes barring government-owned utilities from providing water and electricity. It makes information gathered without a warrant by the NSA and shared with law enforcement inadmissible in state court. It blocks public universities from serving as NSA research facilities or recruiting grounds. And it bans corporations who continue to do business with the NSA from holding any contracts with the state.”

As an aside, the article references “the NSA .. sharing information gathered without a warrant with local law enforcement”, which goes well beyond last summer’s story about their sharing information with the DEA. I’d missed that one. Ain’t likely that serves any legitimate national security interests, probably just harassing activists, derailing protests, etc. type stuff.

Posted by: Jeff Burdges on January 17, 2014 2:36 AM | Permalink | Reply to this

Re: The Electronic Frontier Foundation at the Joint Meetings

That’s a very interesting, radical proposal. I don’t know much about how US state law gets made. Does this bill have any real chance of becoming law?

Posted by: Tom Leinster on January 17, 2014 8:04 AM | Permalink | Reply to this

Re: The Electronic Frontier Foundation at the Joint Meetings

The details of how US state law gets made vary a lot from state to state. Typically, it’s a local version of how US federal law gets made: a bill has to be passed by majorities in a two-house state legislature, then signed by the governor. If the governor chooses to veto the bill, the legislature can override with a sufficiently large supermajority. In any case, the process up to the point of the bill becoming state law is entirely internal to the state. So this bill’s chances of becoming law depend on politics in the state of Washington, which I know nothing about, but my guess is that it’s very unlikely to pass.

The next question is, if the law does pass and is implemented, what then? The NSA, or other federal agencies, will certainly claim that it conflicts with some US federal law (I have no idea which federal law, but I’m confident they already have several in mind for such an eventuality), and sue the state of Washington or its agencies in federal court. The general principle (with some caveats) is that federal law trumps state law, so if the courts buy that argument, the state law would probably be struck down. It remains to be seen what the highest courts think of the NSA’s newly-revealed activities, so it’s hard to guess what would happen. Again, my poorly-informed guess is that the law, if it passes, is very unlikely to survive a court challenge.

I imagine that the backers of this bill don’t expect it to pass, and that its proposal is purely symbolic.

Posted by: Mark Meckes on January 17, 2014 9:03 AM | Permalink | Reply to this

Re: The Electronic Frontier Foundation at the Joint Meetings

Thanks. What you say sounds very plausible (to my uninformed, unAmerican self), even though it’s not what I wanted to hear.

Posted by: Tom Leinster on January 17, 2014 11:54 AM | Permalink | Reply to this

Re: The Electronic Frontier Foundation at the Joint Meetings

IANAL but I’m American so :   In McCulloch v. Maryland, Chief Justice Marshall wrote “the power to tax involves the power to destroy” when ruling that Maryland could not tax a U.S. Federal Government Bank. I’d similarly imagine our courts would rule against states that withhold essential state services from federal offices.

I’d certainly hope they’d allow states to limit their own evidentiary standards and to prohibit the universities from aiding the NSA though. In fact, it’s unclear if anyone would even challenge those laws in court, maybe all the police and academics would just go along with the law.

We’ve no idea if they ever even pass this law though, maybe not actually, but the effort alone help persuade academics not to support NSA recruiting efforts. Isn’t it shameful that hackers and politicians are more worried about the chilling effects of surveillance than academics?

Posted by: Jeff Burdges on January 17, 2014 5:59 PM | Permalink | Reply to this

Re: The Electronic Frontier Foundation at the Joint Meetings

Relevant open letter : Academics Against Mass Surveillance

Posted by: Jeff Burdges on January 17, 2014 6:11 PM | Permalink | Reply to this
Read the post What are good ways to continue learning computer science and related math after graduating college while working as a software engineer?
Weblog: Quora
Excerpt: You can follow blogs from some active computer scientists. Here are some that I've followed and seem to be still updating: * Gödel's Lost Letter and P=NP * Computational Complexity * Shtetl-Optimized * Turing's Invisible Hand * The Endeavour | ...
Tracked: January 18, 2014 6:20 AM

Post a New Comment