BALTIMORE - The ripple effect from Edward Snowden leaking top secret National Security Agency (NSA) operations has developed into a wave of worry and concern for cyber-security specialists and cryptographers at Johns Hopkins University’s Information Security Institute .
“Yeah I’m worried,” said Matt Green, a Hopkins assistant research professor. “We don’t know exactly what the rules are anymore, and we don’t know how to build secure software without going directly up against our government and that kind of makes me nervous.
“Just to do it right, with nobody trying to kill us, we have an almost impossible problem,” Green said as he addressed a room of Hopkins students and faculty. “How do we deal with that when somebody very powerful is going around us to try to build weakness into the standards from the start?”
The university hosted a panel discussion with members of its Information Security Institute Wednesday to explore the implications of the former NSA contractor’s actions on the cyber-privacy and cyber-security field.
Maryland has made strides to attract, bolster and retain a workforce of hundreds of thousands of public and private security computer science and information security specialists. In promotional materials, approved by Gov. Martin O’Malley, the state is called the “ epicenter of cybersecurity .”
An NSA spokeswoman declined to comment on the points discussed at Johns Hopkins. “It would not be appropriate for me to comment on a discussion that I was not privy to,” spokeswoman Vanee Vines said. Vines pointed ABC2 News to the Tumblr page “ IC On The Record ,” which was created by the order of President Barack Obama to provide public information regarding the NSA’s lawful foreign surveillance activities.
Hopkins’ panelists were alarmed by a recent wave of reports leaked by Snowden that suggest U.S. government operatives were (or are) attempting to install bugs and backdoors into operating software.
The reports also suggest that a government agency tasked with developing standards for technological and information security may have supported implementing “less efficient standards that would likely include backdoors,” according to Hopkins professor Avi Rubin.
“I would say I’m more concerned than worried,” Rubin said, following the discussion. "The distinction is that I think a lot of people were behaving as though they had more privacy than they did online.
“A lot of the very technical people, like myself, are not surprised,” he continued. “I kind of always assumed the NSA was doing everything in their capability to listen. I was surprised at the active measures such as putting forth back doors in standards.”
The panel criticized the National Institute of Standards and Technology , a government agency that—in the information released by Snowden -- allegedly signed off on technology that was less secure and afforded room for backdoor hacking. NIST opened a National Cybersecurity Center in Gaithersburg, Md. in 2012.
Rubin called for more transparency of encryption standards and protocols. He said Congress should also hold hearings to determine who specifically was behind spying programs.
“I would like to hear more evidence of a link between this kind of spying and protecting against terrorism. It’s not clear to me that this actually does that,” Rubin said.
The implication of the government potentially installing back channels into software would as a whole make the U.S. less secure, the panelists affirmed.
“Technology that we thought was secured –technology that we thought that the government was a partner in building with us—has actually been subverted in bunch of different and kind of frightening ways, potentially leading to vulnerability,” Green said, citing information found in reports released to the media by Snowden.
The problems, panelists said, were two-fold: Should American citizens permit the kind of alleged spying realeased by Snowden? And should foreign countries trust the U.S.?
“The U.S. is one of the biggest exporters of security technology … If we’re exporting it to the world, should the rest of the world buy our tech?” Green said. “Should we risk our entire security and technology industry in order to spy on maybe a few tens of thousands of people who want to do the U.S. harm?”
The only thing the panels said they knew for sure, was that they didn’t know how deep the NSA’s orders go, given only a snapshot of Snowden’s released documents.
The discussion prompted panelist Stephen Checkoway to suggest voters take action against politicians who have supported the NSA’s largely unknown surveillance measures.
“We should replace the politicians who decided that this is the right way of going for us,” Checkoway, an assistant researcher and computer scientist at Johns Hopkins, said.
The Guardian newspaper wrote recently "Snowden combined elements of truth swirled together with paranoid speculation, outright lies and pure hype, [which makes] reviving a rational discussion has been hard."