NSA

Critics of the U.S. National Security Agency’s U.S. telephone records program are missing the point when they say the agency can’t point to one case where the collection was critical to preventing terrorism, two people formerly involved with the program said.

The phone records collection program may not be the only tool that stops terrorist plots, but it’s an important tool that helps lead investigators to terrorists, said Steven Bradbury, who was head of the Office of Legal Counsel at the U.S. Department of Justice under former U.S. President George W. Bush.

The pressure on the US government to reform the NSA’s surveillance programs is growing. Apple, Google, and Microsoft all called for change last month alongside a petition from international authors calling for an end to mass surveillance. President Obama announced big changes to government surveillance programs, but most of them centered around the NSA's bulk collection of Americans' phone records, not its spying on internet communications. In an open letter published on Friday, more than 50 cryptography experts are asking the US government to make more changes to protect privacy.

According to newly-declassified court orders from the Foreign Intelligence Surveillance Court (FISC), the National Security Agency (NSA) was (and may still be) tipping off the FBI at least two to three times per day going back at least to 2006.

Hours after President Barack Obama finished his speech last Friday on proposed intelligence and surveillance reforms, the Office of the Director of National Intelligence (ODNI) declassified a number of documents from the nation’s most secretive court.

Barack Obama has announced reforms to somewhat limit and examine US National Security Agency (NSA) surveillance, in order to win back trust following spying revelations made by NSA whistleblower Edward Snowden.

Obama said in a speech today that he will issue presidential directives promising a number of key changes to how US intelligence agencies collect and examine data.

The US government, through its National Security Agency, keeps records of every single phone call made by every single phone in the country – and probably almost anything that travels over the internet. The oft-repeated rationale is that this kind of bulk data collection has the power to prevent terrorist attacks and keep the US safe.

My expectations were low when I asked the National Security Agency to cooperate with my story on the impact of Edward Snowden’s leaks on the tech industry. During the 1990s, I had been working on a book, Crypto, which dove deep into cryptography policy, and it took me years — years! — to get an interview with an employee crucial to my narrative. I couldn’t quote him, but he provided invaluable background on the Clipper Chip, an ill-fated NSA encryption runaround that purported to strike a balance between protecting personal privacy and maintaining national security.

Although weaknesses in one pseudo-random number generator (PRNG) at the heart of a US National Security Agency (NSA) scandal have been known for years, recent media attention has given light to proof-of-concept code.

There has been a lot of news lately about nefarious-sounding backdoors being inserted into cryptographic standards and toolkits. One algorithm, a pseudo-random bit generator, Dual_EC_DRBG, was ratified by the National Institute of Standards and Technology (NIST) in 2007 and is attracting a lot of attention for having a potential backdoor. This is the algorithm that the NSA reportedly paid RSA $10 million in exchange for making it the default way for its BSAFE crypto toolkit to generated random numbers.

In a letter to Joseph Tucci, and Art Coviello, F-Secure's Mikko Hypponen says he is canceling his talk at the 2014 RSA Conference, due to the company's deal with the NSA.

Mikko Hypponen, a widely known security expert and speaker, has given many presentations at the RSA Conference over the years. However, his talk scheduled for the 2014 RSA Conference in February, "Governments as Malware Authors" isn't going to happen.

RSA Security has denied that they took money from the NSA to use a backdoored random number generation algorithm in their products. Do you believe them?

As security guru Bruce Schneier shows, you just can't trust anyone anymore about these things. This is perhaps the most poisonous and damaging outcome of the NSA's activities in recent years (or at least of the disclosure of those activities).