MATHEMATICIANS AND THE NSA

THE FEDERAL government’s National Security Agency is charged with devising cryptologic systems for protecting U.S. information while, at the same time, exploiting weaknesses in the information systems of other countries. Cryptography is a highly mathematical endeavor and, it’s said, the NSA is the largest employer of mathematicians in the U.S.

Image from Science, January 30, 2015.

Many details of NSA operation, including employment aspects, are classified. However, John Bohannon examined matters in an essay called “Breach of Trust,” as part of an examination of Internet privacy in Science magazine’s January 30, 2015, issue.

The essay’s subtitle: “After the Snowden revelations, U.S. mathematicians are questioning their long-standing ties with the secretive National Security Agency.”

As one example, an indirect bit of data mining was used to follow some of the money. Though NSA budgets are generally classified, one line item is reported: Its grants program for which the American Mathematical Society (AMS) provides peer review.

The number of papers acknowledging NSA support grew steadily during the Cold War, peaked at the millennium, then rebounded strongly after 9/11. The two main NSA grant codes are MDA904 and H98230. Image from Science, January 30, 2015.

According to Bohannon, mathematical contributions from NSA in 2015 will amount to $4 million, “a pittance compared with the more than $400 million that mathematicians receive each year from other federal agencies.” However, for specialized areas such as number theory and probability (both crucial in cryptology), the amount is considered non-trivial.

What’s more, 55 universities designated by the agency as Centers of Academic Excellence have full-time NSA representatives “embedded on campus” (Science magazine’s term). The representatives’ purpose, according to Bohannon, is to “influence research and research partnerships that will impact the cyber world and workforce in the future.”

The friction between mathematicians and NSA arose from revelations by Edward Snowden, an independent contractor working at NSA facilities in Japan, Hawaii and the U.S. mainland. Getting lots of press was his disclosure that NSA had large-scale harvesting of data from U.S. citizens.

Mathematicians, though, were disturbed by a more complex disclosure affecting Internet security. Briefly, as Bohannon put it, “The agency appears to have created its own back door into encrypted communications.”

Secure online financial transactions, for example, use data encryption, a process that relies on pseudorandom numbers generated at both ends of the communication. The government’s National Institute of Standards and Technology approves techniques of generating these pseudorandom numbers, one of which has the tongue-twisting, but mathematically descriptive name of a Dual Elliptic Curve Deterministic Random Bit Generator.

NIST approved DUAL_EC_DRBG, as it’s known, for encryption use in 2006. However, a potential for a flaw was identified by Microsoft security experts in 2007.

Notes Bohannon, this flaw “received little attention until internal NSA memos made public by Snowdon revealed that NSA was the sole author of the flawed algorithm and that the agency worked hard behind the scenes to make sure it was adopted by NIST.”

Was NSA culpable? An open letter is quoted, published by the AMS in February 2014: Mathematician Thomas Hale at the University of Pittsburgh wrote, “[A]n algorithm… giving them exclusive back door access is no accident.”

NIST dropped its support of the faulty standard in April 2014. Its statement in this regard makes for interesting reading, in particular for what is not cited. NSA has yet to offer a public statement.

Analyzing something as complex as DUAL_EC_DRBG is far from straightforward. Some mathematicians, including those working for NSA, defend the agency. There’s a sharp debate within AMS over the matter. At heart are the society’s ties to the NSA, including financial ones. Says Bohannon, “For now, U.S. mathematicians aren’t willing to disown their shadowy but steadfast benefactor.”

“It ain’t over ’til it’s over,” says non-mathematician Yogi Berra. ds

© Dennis Simanaitis, SimanaitisSays.com, 2015