Unintended Consequences of the Snowden Leak

In the aftermath of the Snowden NSA leak last year, supporters of the National Security Police State and Surveillance Society in the Republican and Democratic parties quickly ran to the media arguing that the leak represented a grave threat to national security because it would potentially reveal sensitive intelligence sources and methods.  It is now being reported by the WSJ that, in response to the Snowden leaks, Al Qaeda have changed up their crypto protocols and rolled their own encryption software.  And the uninformed  responses from the professional hysterics in the media and blogosphere are not hard to find.  Take some guy named Bob Cesca at the Daily Banter, for example. He writes:
So this is just peachy. I’ve always been very, very cautious to not over-emphasize the general scope of the terrorist threat, but this has more to do with stupidly and recklessly helping the ones that are out there, and it appears as if Snowden & Company have done precisely that.
What this reveals is that Bob Cesca doesn't know the first thing about the basic tenets of cryptography. One of the first things anyone learns when doing the most rudimentary study of cryptography and cryptanalysis is that "home-brewed," closed source  cryptographic software is essentially broken by definition, since by definition it cannot be subjected to rigorous review.  This makes it easier to break.  So, ironically, by switching up their crypto, Al Qaeda are likely providing new attack vectors for intelligence agencies the world over.  And this is in fact the view of at least one actual expert in cryptography, Bruce Schneier, as opposed to the uninformed reactions of professional political whiners.  He writes:
The Web intelligence company Recorded Future is reporting -- picked up by the Wall Street Journal -- that al Qaeda is using new encryption software in the wake of the Snowden stories. I've been fielding press queries, asking me how this will adversely affect US intelligence efforts.
I think the reverse is true. I think this will help US intelligence efforts. Cryptography is hard, and the odds that a home-brew encryption product is better than a well-studied open-source tool is slight. Last fall, Matt Blaze said to me that he thought that the Snowden documents will usher in a new dark age of cryptography, as people abandon good algorithms and software for snake oil of their own devising. My guess is that this an example of that.

1 comment: