
NSA's Backdoor Key from Lotus Notes - EthanHeilman
http://www.cypherspace.org/adam/hacks/lotus-nsa-key.html
======
rozzie
Ray Ozzie here. Regarding "minitruth" \- you've got to maintain a bit of a
sense of humor when things get stressful.

It was such a long time ago, but one thing that clearly differentiates our
efforts in those days vs. what's been reported in the news in the past few
days is the issue of transparency.

The day we shipped the "differential workfactor" implementation in Notes, I
keynoted the RSA Conference and gave a speech laying out what we did and why.
Charlie Kaufman, a great cryptographer who worked for me, also distributed a
paper he wrote with the technical details. You can find my speech and his
paper buried in here if you're interested. (search for "lotus.notes")

[http://web.textfiles.com/ezines/HWA/hwa-
hn19.txt](http://web.textfiles.com/ezines/HWA/hwa-hn19.txt)

And if you're really motivated to understand what it was like during the
Crypto Wars, go read Steven Levy's book "Crypto".

[http://www.stevenlevy.com/index.php/books/crypto](http://www.stevenlevy.com/index.php/books/crypto)

Back to the present - it pains me to see such a lack of transparency in how
our elected officials are running our government. Of course, the common man
knows it's common sense that there's an inherent need for secrecy in
conducting small scale covert operations. We do get it.

However, it's also common sense that it's inevitable that any complex large-
scale long-term operation will ultimately come to light. And so it's just
common sense that any such broad-based operations that might be perceived as
impacting our constitutional rights should be the subject of broad public
debate. No, not when they're being prototyped or tested or used in small scale
settings - but definitely somewhere on the path from "tactical use" to "broad
strategic dependence".

These are not small issues, nor need they be at all partisan. Wyden, Paul, and
others are trying. Theses issues are fundamental to defining the relationship
between us citizens and our government in the decades ahead.

In particular, in this world where "SaaS" and "software eats everything" and
"cloud computing" and "big data" are inevitable and already pervasive, it
pains me to see how 3rd Party Doctrine may now already be being leveraged to
effectively gut the intent of U.S. citizens' Fourth Amendment rights. Don't we
need a common-sense refresh to the wording of our laws and potentially our
constitution as it pertains to how we now rely upon 3rd parties? It makes zero
sense in a "services age" where granting third parties limited rights to our
private information is so basic and fundamental to how we think, work, conduct
and enjoy life.

For example, did you really intend to yield your 4th amendment rights when you
granted a 3rd party access to your files as a part of Mac Software Update,
Windows Update, Virus Scanners, etc., or when you started using a service-
tethered smartphone?

Anyway, unlike 'web tracking' issues which seem to be broadly ignored because
of our love for ad-supported services, I hope we all (especially the young
readers of reddit, hackernews, etc) wake up to the fact that these privacy and
transparency issues are REAL, and that they truly will impact you and the
country you live in, and that even if you don't consider yourself an activist
you really should get informed and form an opinion. Again, this is a non-
partisan issue, and let's all work to ensure that it stays this way.

Two great organizations where you can learn are EPIC and EFF. (Disclosure: I
am on the board of EPIC.) Take it in, and think. Your contributions are needed
and would of course be quite welcome.

[http://epic.org](http://epic.org)

[http://eff.org](http://eff.org)

~~~
philangist
I'm a coder and one of the young redditors/HN readers you're talking about (18
years old). I've grown up in a post-9/11 world so it can be sometimes hard for
me to understand that there was a time that it wasn't assumed the government
wasn't conducting mass surveillance. How do you approach the problem of making
this a real issue for most people my age? And as technologists, how can we
help develop solutions to intrusive government policies like this?

~~~
angersock
The big deal is that honestly young people seem not to think twice about
yielding up their personal information to the data maws (older, non-tech folks
have the same issue, so let's not spin it as a purely generational problem!).

If you need to make it a "real issue", well, honestly, you lack a sufficiently
cruel and malicious imagination--it should be self-evident that any sort of
monitoring and data-mining (.gov or not) is very dangerous, and something
which you should think very carefully about opting into.

We need to make this an issue for everyone, not merely millenials.
Unfortunately, that doesn't seem like it's going to happen until there are
more casualties in the privacy wars.

~~~
pyre

      | young people seem not to think twice about
      | yielding up their personal information
    

Young people don't think twice about a lot of stupid things. It's called being
young and inexperienced.

~~~
rattray
I don't know, I think twice about a lot of stuff I used to do more carelessly
(I'm 21 now), but yielding my data isn't one of them. I just can't seem to
bring myself to care if the NSA is reading my email. Perhaps part of that is
that I can't recall any negative consequences of the government knowing who
I'm calling, whereas I can remember negative consequences for, say, drinking
too much.

~~~
zmmmmm
> I just can't seem to bring myself to care if the NSA is reading my email

Most of us will skate through our entire lives and never need to care about
this. The problem is, some small minority of us _will_ need to care, indeed,
it will be of life and death importance. Through your innocent lack of caring,
you are enabling the persecution of the small subset of people who this will
actually impact. Many of those people will be innocent, incidental bystanders
who just happen to get caught up by the system. But some those people will be
crucially important figures - the Assanges, the Nelson Mandela's, and so on.
People who actually change history.

So my question to you is, how do we convince you, as a prototypical "young
person", to care about something that has no immediate impact on you but might
be crucially important to you or someone other than you many years from now?
Do you have the capacity to do that at all? How do we invoke it?

------
jrockway
If I were a programmer that wanted to damage the reputation of my employer,
I'd embed a key in its software that made it look like the software was
sending all user data to the NSA. Any denial would meet "well, there's a
secret law _making_ you deny it". The perfect crime...

~~~
acjohnson55
Somehow, I don't think the NSA would look kindly on that, and who knows how
that might affect you. Not exactly the perfect crime.

~~~
jrockway
What consequences do you envision?

~~~
ttrreeww
"Dissapeared"

~~~
jrockway
Has any programmer ever disappeared after writing code that pokes fun / ire /
controversy at the NSA? Has _anyone_ in the US ever disappeared after
something like this?

I guess we can imagine a new world where up is down and white is black, but in
the current world, the government is just a bureaucracy filled with
bureaucrats trying to get promoted for coming up with crazy ideas.
Disappearing random people is not high on anyone's agenda, I don't think.

~~~
ttrreeww
I donno, I lost contact with a lot of former people, they seem to have
disappeared. I'm sure you too.

------
acqq
Also from these times:

[http://en.wikipedia.org/wiki/NSAKEY](http://en.wikipedia.org/wiki/NSAKEY)

An example of coverage, very similar to what we read now:

[http://www.whale.to/b/ms.html](http://www.whale.to/b/ms.html)

~~~
pyre
Read Schneier's take on it: [http://www.schneier.com/crypto-
gram-9909.html#NSAKeyinMicros...](http://www.schneier.com/crypto-
gram-9909.html#NSAKeyinMicrosoftCryptoAPI)

It seems reasonable that NSAKEY wasn't an NSA backdoor meant allow them to
secretly install compromised crypto libraries on your machine.

~~~
acqq
It was obviously made for NSA. Otherwise the name wouldn't mention NSA.
Microsoft didn't need the backup key, they were able to back up the single
Microsoft key. Nobody designs the crypto with two keys accidentally. How NSA
used it we can only speculate, but it was there on purpose, the truthful
wording of Microsoft was "it was there for us to obey the law."

------
krenoten
Interesting article, but slight quibble: differential cryptography is a
cryptanalysis technique, ie a method that anybody can use to try to break a
cipher.

[http://en.wikipedia.org/wiki/Differential_cryptanalysis](http://en.wikipedia.org/wiki/Differential_cryptanalysis)

~~~
EthanHeilman
This is differential work factor cryptography rather than differential
cryptanalysis. Differential work factor cryptography is design crypto systems
are easier for one party to attack.

[http://www.purecommerce.com/dictionary/ecommerce/differentia...](http://www.purecommerce.com/dictionary/ecommerce/differential_work_factor_cryptography.cfm)

~~~
krenoten
Ahh interesting, I wasn't aware of this use of the term. Thank you for the
clarification!

------
anonymfus
>This page has also been translated into Russian here

It is not in Russian. It's in Belarussian.

~~~
mietek
> and into Polish here

This is, at best, an odd machine translation.

~~~
fdb
The translation is a sneaky SEO technique. People offer to translate your page
into other languages as long as you link to the translation on their page. By
linking to them, you pass on PageRank. The website has of course nothing to do
with your content.

------
javanix
Would they really put the NSA director's email in the PGP key? Something
smells fishy about this.

~~~
rattray
Why is this comment being downvoted? It was an honest, albeit rather silly
mistake, not a misuse of HN.

~~~
Pitarou
It's an irrelevant remark from somebody who didn't read the article properly.

Downvoting:

\- reduces the prominence of low quality content

\- encourages posters to avoid posting low quality content

------
apapli
Given many companies running notes push forms out to their web site, I am
curious, does now knowing this key increase the vulnerability of Lotus Notes
servers everywhere as theoretically anyone can use it now?

~~~
stan_rogers
That applies to versions of Notes and Domino prior to R5.0.4, since which
there has only been one version (outside of France, at least, which didn't
authorise import until October 2000 -- that's due to France's crypto import
regulations at the time, not the USA's crypto export regs). This back door
ceased to exist more than a dozen years ago, and the current international key
length is more than 64 bits (4096 bits for users/servers, 8192 bits for
certifier ids).

------
jamesaguilar
I may be willing to believe the NSA are misguided, but nobody uses the bad
guys' name for themselves on purpose. The NSA used Minitruth as the name of
their backdoor? Gimme a break.

~~~
Havoc
>The NSA used Minitruth as the name of their backdoor? Gimme a break.

More like the guy charged with implementing it had a sense of hunour / clear
perspective.

~~~
stan_rogers
The folks at the Iris group were very much like that. Around the same period,
the project that would become Lotus Quickplace and the iNotes web client was
codenamed "Shimmer", after an old Saturday Night Live fake ad for a do-
everything product that was both "a floor wax _and_ a dessert topping".

------
TheYComb
[http://support.citrix.com/article/CTX116557](http://support.citrix.com/article/CTX116557)

Getting the private key is as easy as having a smart person inside the company
that works for both the company and the gov.

Then you just have to sit on a router and read the traffic. Relatively simple
for a gov agency.

There are 2 ways to be safe: 1) You do not use any technology. 2) You are
honest in everything you do.

The second one is probably the easiest.

------
scaramanga
hmm, I was expecting to see that they'd factored the private key. It's been
done before for 768bits RSA and presumably both NSA and RSA are picking good
semiprimes but maybe not eh? That would be interesting to know.

------
cocopanda
Should I be worried about looking at this.

~~~
nwh
Nope. It's a public key, which by design, is able to be shown publicly.

~~~
jlgreco
It is a public key, but it is small by todays standards. You could factor it
with a modest budget.

------
BruceLi
Welcome to China!

