Winner of NSA Cybersecurity Award Slams the Spy Agency's Existence

J.D. Tuccille | 7.29.2013 3:48 PM

Dr. Joseph Bonneau (that's him pictured), who works for Google as a software engineer, won the National Security Agency's award for his cybersecurity paper, The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords. That's over my head, but the summary at the Cyber-Physical Systems Virtual Organization site says the paper "offered careful and rigorous measurements of password use in practice and theoretical contributions to how to measure and model password strength." Good for him, and he was gracious in blogging about the award, writing, "I'm honored to have been recognised by the distinguished academic panel assembled by the NSA." But then he did something you usually don't see award recipients of any sort do: he questioned the very existence of the agency honoring his efforts.

Writing at the Light Blue Touchpaper blog, Bonneau continued:

In accepting the award I don't condone the NSA's surveillance. Simply put, I don't think a free society is compatible with an organisation like the NSA in its current form.

He emphasized, though, that recent revelation about NSA surveillance of phone and Internet activity involve policy problems running up to the top, not the efforts of a rogue agency.

Yet I'm glad I got the rare opportunity to visit with the NSA and I'm grateful for my hosts' genuine hospitality. A large group of engineers turned up to hear my presentation, asked sharp questions, understood and cared about the privacy implications of studying password data. It affirmed my feeling that America's core problems are in Washington and not in Fort Meade.

That may sound like a kindness to his benefactors, but it's absolutely true. The NSA didn't set to work spying on America and the world beyond of its own accord. It was set to that task by presidents and legislators who've lost respect for limitations on their power and for the liberty of the people who suffer under their governance. To dismantle or defund the NSA, in and of itself, without cleaning house of policymakers and further constraining their power would accomplish nothing, since they'd have a new spy agency in place in no time.

But, as Bonneau emphasized on Twitter, he does want the NSA abolished.

The Rattler is a weekly newsletter from J.D. Tuccille. If you care about government overreach and tangible threats to everyday liberty, this is for you.

NEXT: Increasing Number of Radicalized Western Muslims Heading for Syria

Hide Comments (53)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

MP 12 years ago

You know, when you Google lomitations, you find a post about the statue of lomitations. That's Ron's smarter America for you.
1. Tim 12 years ago
  
  A man's got to know his lomitations.
  1. Episiarch 12 years ago
    
    What's this about lomi salmon?
Dave Krueger 12 years ago

The NSA didn't set to work spying on America and the world beyond of its own accord. It was set to that task by presidents and legislators who've lost respect for lomitations on their power and for the liberty of the people who suffer under their governance.

You're referring to the people the voters keep reelecting over and over and over, right?
1. Francisco d Anconia 12 years ago
  
  One wonders if they'd reelect them if these programs were common knowledge?
  1. Dave Krueger 12 years ago
    
    We'll find out. I'm pretty sure they will return them to office. I don't think issues really affect how people vote. It takes a sex scandal or a felony conviction before voters will vote someone out.
2. wareagle 12 years ago
  
  did I miss the mass walkout of NSA staffers over the agency's marching orders? Maybe the individuals are nice people as Bonneau suggests, but we could likely say the same about select people from any govt gone too far.
  1. Dave Krueger 12 years ago
    
    Snowden walked out. Maybe he was a test case. "Okay, Ed, you go first. If they don't try to completely destroy your life, we'll be right behind you..."
Pro Libertate 12 years ago

I didn't know Bonneau was a cryptologist. I always thought he was just some Irish rock star.
1. Mad Scientist 12 years ago
  
  This must be his younger, much more intelligent kid.
2. Francisco d Anconia 12 years ago
  
  Regardless, I'm going to give him kudos, with or without you.
  1. itsnotmeitsyou 12 years ago
    
    I was trying to think of some reason to give him kudos, but I still haven't found what I'm looking for.
    1. KDN 12 years ago
      
      Let's count our kudos for him: uno...dos..tres...CATORCE!!!!!
    2. CE 12 years ago
      
      Stop searching where the streets have no name then.
      1. Mock-star 12 years ago
        
        ummm something something something lemon?
3. Zakalwe 12 years ago
  
  He was the first to prove how man Curics of data the NSA intercepted every day.
entropy 12 years ago

That is what is good in life. To hack your enemies, see their emails decrypted before you, and hear the lomitations of their women.
Pro Libertate 12 years ago

The concern about the NSA seems to have more legs than I thought it would. Interesting to see if anything changes at all.
1. Hugh Akston 12 years ago
  
  I'll give you a hint.
2. Hyperion 12 years ago
  
  Public sentiment is swinging in the direction of liberty.
  
  Problem is, our current crop of law makers don't give a rats arse what the public thinks. And the same public keeps electing them.
  
  So, it's a very uphill battle.
  1. Francisco d Anconia 12 years ago
    
    Our focus should be primaries. Let these pigfuckers know that the party is changing and if they don't get on board we'll replace em with somebody that will.
    
    For too long they've relied on unquestioning support from their base.
3. PapayaSF 12 years ago
  
  True. The IRS scandal seems to be bubbling along as well. I really wonder if there might not be a link between the two: after all, the Obama campaign could really use information about which Republicans and donors and consultants were talking to one another, and what they were saying.
  1. Pro Libertate 12 years ago
    
    I'd be shocked if that's not happening, given the total lack of concern about legal limits demonstrated so far, but I doubt we'll ever know for sure.
    1. Nazdrakke 12 years ago
      
      A simple way to think about this stuff for me is, strangely, video game cheat codes. I intentionally do not learn them because I know that in the end something will come up that will inspire me to use them. Politicians and their minions will at some point encounter a level, boss, or difficulty they just can seem to find a way around and a certain percentage of them will eventually up, down, up, down, left, right, left, right, B, A, start their way to glory.
PapayaSF 12 years ago

The NSA has a valid role, it's just that they've extended their reach too far. If they want to get FISA warrants to spy on terror suspects, fine. What I object to are what are in effect the general warrants that the 4th Amendment was written to prohibit: "Verizon, give us the records of every phone call made on your system."

Now, if they had restricted that to "the phone calls of these particular people who we have reason to believe are connected to terrorist groups," I'd be fine with that. Heck, if they wanted the phone records of everyone named Mohammed, I might be OK with that. That's pretty broad, but at least it's much narrower and targeted at a group much more likely to contain the terrorists they are looking for. But that, of course, would be the un-PC crime of "profiling," so they probably decided it was less problematic to just spy on everyone equally.
1. Calidissident 12 years ago
  
  "Heck, if they wanted the phone records of everyone named Mohammed, I might be OK with that."
  
  That doesn't surprise me
  1. PapayaSF 12 years ago
    
    Yeah, I have this strange, counterintuitive belief that when searching for Muslim terrorists, it might be most efficient to look for them among Muslims.
    1. Calidissident 12 years ago
      
      "Yeah, I have this strange, counterintuitive belief that when searching for Muslim terrorists, it might be most efficient to look for them among Muslims."
      
      And I'm sure when they say they're looking for white, right-wing terrorists, you'll be perfectly ok with them collecting the phone records of all white people? I'm not disagreeing with profiling (as you propose it) out of some left-wing sense of fairness. I'm disagreeing with it because someone's name or membership in a religious or ethnic group is nowhere near sufficient evidence to justify a warrant.
      1. PapayaSF 12 years ago
        
        "White" means about 224 million, while "Muslim" means about 2.6 million. That's nearly two orders of magnitude difference. Plus, the proportion of right-wing terrorists (or supporters) among whites is far smaller than the proportion of terrorists or supporters among Muslims. So, no, I would not be OK with that. Far too broad.
        
        But if there was a terror threat from, say, Swedish-Americans in Wisconsin, a warrant for the phone records of Swedish-Americans in Wisconsin might not be inappropriate.
        
        Calidissident 12 years ago
        
        ""White" means about 224 million, while "Muslim" means about 2.6 million. That's nearly two orders of magnitude difference. Plus, the proportion of right-wing terrorists (or supporters) among whites is far smaller than the proportion of terrorists or supporters among Muslims. So, no, I would not be OK with that. Far too broad."
        
        Of course the magic number dividing "far too broad" from "acceptable" conveniently lies between the proportions of white non-Muslim Americans and Muslim Americans who are terrorists - which in the grand scheme of things (i.e. a scale from 0% - 100%) isn't very big. I also find your willingness to trust that the government would only use this ability against groups you find it acceptable to use it against quite naive.
        
        "But if there was a terror threat from, say, Swedish-Americans in Wisconsin, a warrant for the phone records of Swedish-Americans in Wisconsin might not be inappropriate."
        
        Calidissident 12 years ago
        
        And while I don't know if he was Swedish, a white guy did shoot up a Sikh temple last year in Wisconsin in an act that I would call terrorism. Has there ever been a Muslim terrorist attack in Wisconsin (that's not a rhetorical question, I don't know, but to my knowledge there hasn't been)? I guess the government should go ahead with your plan, right? Can't take the risk that one of his ideological brothers might want to follow in your footsteps? I guess it's to much to expect the government to actually have reason (beyond "HE'S a MOOSLIM!") to believe a specific individual has committed or is planning to commit a crime before they get a warrant, seize phone records, tap phones, read emails, etc.? Are you one of those people that only cares about liberty to the extent it personally affects and benefits you? Because this conversation gives me that impression
        
        PapayaSF 12 years ago
        
        I can't be responsible for your impressions.
        
        A lot of this depends on how seriously you take Islamic terrorism. I take it somewhat more seriously than many here, though not as seriously as many elsewhere.
        
        Your numbers are off. There have been dozens of terror attacks or plots by Muslims in the US, far more than there have been terror attacks by whites or right-wingers. Given their proportions in the population, that makes Muslims far more of a risk than whites or right-wingers.
        
        As for trusting the government: national defense is one of the few things they do that are supposed to do. I'm not willing to throw the Constitution out the window, but threats from a worldwide terror movement supported by millions are not trivial, and some careful surveillance seems warranted (pun intended).
        
        Yes, there are very few right-wing terrorists (in the US and elsewhere), with near-zero little public support anywhere. The situation with Islam is vastly different. E.g., compare the percentage of Christians (many of whom are anti-abortion) who support abortion clinic bombings (near zero), with the number of Muslims who support terror attacks on Israel or the US or in the name of their religion in general (often double-digit figures). That's why I said "or supporters" above.
        
        Calidissident 12 years ago
        
        "A lot of this depends on how seriously you take Islamic terrorism. I take it somewhat more seriously than many here, though not as seriously as many elsewhere."
        
        I take all crime (which is what terrorism is) seriously. That does not mean I support violating people's rights because they belong to a certain group or have a funny name.
        
        "Your numbers are off. There have been dozens of terror attacks or plots by Muslims in the US, far more than there have been terror attacks by whites or right-wingers. Given their proportions in the population, that makes Muslims far more of a risk than whites or right-wingers."
        
        You do the math. Dozens, even hundreds divided by millions is still well below 1%. As I said, in the grand scheme of things, the difference is not all that great. You're far more likely to die from lightning than a shark attack. That doesn't mean either one is likely. Why is it that the threshold magically falls neatly between the odds of a non-Muslim white person being a terrorist and a Muslim being a terrorist? Ask yourself (and seriously think about it), would you really support these measures being used against all white Americans (or just all Americans) if the odds of them committing terrorism were exactly the same as they currently are for Muslims? I just don't see how you can support that, whether it's targeted towards Muslims, whites, Jews, blacks, or everybody, and claim to be a libertarian.
        
        Calidissident 12 years ago
        
        "As for trusting the government: national defense is one of the few things they do that are supposed to do."
        
        I agree. That doesn't mean I'm not skeptical of things the government claims to be doing in the name of national security, or cautious about giving them power in this realm.
        
        "I'm not willing to throw the Constitution out the window"
        
        Yes you are. Or did I miss the amendment that excluded Muslims from its protections?
        
        "but threats from a worldwide terror movement supported by millions are not trivial, and some careful surveillance seems warranted (pun intended)."
        
        I have not said I support outlawing surveillance. I have said that someone's name, ethnicity, or religion, by itself is nowhere near sufficient evidence to justify surveillance.
        
        "Yes, there are very few right-wing terrorists (in the US and elsewhere), with near-zero little public support anywhere."
        
        I think you're overestimating the gap, in absolute (not proportional) terms between non-Muslim (not necessarily right-wing) and Muslim terrorists in the US and Europe. I can think of numerous incidents of non-Muslim terrorism in the US over the last decade (and even more further back). There have also been Muslim attacks (and other plots disrupted, though many never would have been seriously considered IMO without FBI baiting), but the Boston Marathon bombings are considered the biggest since 9/11 and only three people died.
        
        Calidissident 12 years ago
        
        "with the number of Muslims who support terror attacks on Israel or the US or in the name of their religion in general (often double-digit figures)"
        
        True, though those numbers are far higher in Middle Eastern countries than they are in the US. And why should I give a fuck about Israel? It's not the job of the US government to stop terrorism in Israel.
        
        "That's why I said "or supporters" above."
        
        It's a nice way to weasel out of an argument. Thoughtcrime isn't (or at least shouldn't be) illegal.
        
        PapayaSF 12 years ago
        
        I don't believe the Constitution prohibits what I suggested. Some degree of profiling is called for when we are attacked by members of a certain religion. I'm not talking about internment, just some surveillance.
        
        You have a nice liberal (in both senses of the word) view of religion. I think it's naive. There's one religion many of whose leaders and members believe in taking over the world, by force if needed. When in power, they rarely show respect for anyone else's religion. They're a special case these days. Lumping them in with the Amish is foolish. Besides, I'm not saying that they can't practice their religion (1st Amendment), just that we should look a bit more closely at them relative to other religions. If there was a worldwide movement of totalitarian Baptists who murdered hundreds or thousands in the name of their religion every year, I'd want all Baptists to be looked at, too. If there was a murderous totalitarian Brotherhood of Blue-Eyed Guys, well, I'd hate it, but I'd expect them to check me out, too.
        
        You should give a fuck about Israel because it's in our self-interest to be friendly to a friendly democracy in a sea of unfriendly non-democracies.
        
        Supporters also fund terrorism and create new terrorists. It's not thoughtcrime to want to stop that.
        
        PapayaSF 12 years ago
        
        I dispute your math. Dozens of attacks out of millions is orders of magnitude greater than dozens of attacks out of hundreds of millions.
        
        Also, as I said but you seem to gloss over, there is no worldwide movement of right-wing terrorists, just a few nuts here and there. That is not at all the case with Islamic terrorism. They have plenty of funding, support from nation-states, vocal public leaders, tens of millions of public supporters and lots of apologists minimizing all of that. They have a (somewhat) consistent ideology they want to impose everywhere. They already rule entire countries. They have a total body count of five or six figures. It's absurd to equate all that with scattered right-wing terror, with a body count probably not even four figures, with no visible leaders, no consistent ideology, near-zero public support, near-zero funding, and zero public apologists.
        
        I am not a pure libertarian. I believe that all ideologies, applied consistently everywhere, contain the seeds of their own destruction. All are maps and not territories. The human mind is limited and fallible. IMO dealing with Islamic terrorism (and possibly Islam as a whole) is one area where libertarianism fails. Pure libertarianism makes it hard to defend against an aggressive religion that is, far more than any other, explicitly anti-libertarian.
        
        Calidissident 12 years ago
        
        "I don't believe the Constitution prohibits what I suggested."
        
        You must not have gotten around to the Fourth Amendment then?
        
        "Some degree of profiling is called for when we are attacked by members of a certain religion."
        
        "Some degree" in this case meaning forfeiting fundamental rights enjoyed by everybody else.
        
        "I'm not talking about internment, just some surveillance."
        
        That's reassuring
        
        "You have a nice liberal (in both senses of the word) view of religion. I think it's naive. There's one religion many of whose leaders and members believe in taking over the world, by force if needed. When in power, they rarely show respect for anyone else's religion. They're a special case these days. Lumping them in with the Amish is foolish."
        
        I love the implication that the only people who might disagree with you are foolish liberal hippies who think all religions are equally good. I'm not sure where in this thread I gave any opinion regarding Islam.
        
        "Besides, I'm not saying that they can't practice their religion (1st Amendment), just that we should look a bit more closely at them relative to other religions."
        
        The First Amendment is not the only constitutional hurdle to your proposal. I think you also have a pretty loose definition of "a bit more closely."
        
        Calidissident 12 years ago
        
        "If there was a worldwide movement of totalitarian Baptists who murdered hundreds or thousands in the name of their religion every year"
        
        In a typical year, the number of Americans killed by Islamic terrorists, not including soldiers in war zones, is in the single, maybe double digits. The US government is not, and should not be, World Police.
        
        "If there was a murderous totalitarian Brotherhood of Blue-Eyed Guys, well, I'd hate it, but I'd expect them to check me out, too."
        
        It's easy to say that now
        
        "You should give a fuck about Israel because it's in our self-interest to be friendly to a friendly democracy in a sea of unfriendly non-democracies."
        
        Circular logic at its finest. And for the record, I do think we should be friendly towards Israel - I just don't think "being friendly" should include US taxpayers being forced to provide military or financial aid, or US intelligence policing terrorism in Israel.
        
        "Supporters also fund terrorism and create new terrorists. It's not thoughtcrime to want to stop that."
        
        No one said funding terrorism or becoming a terrorist should be legal.
        
        Calidissident 12 years ago
        
        "I dispute your math. Dozens of attacks out of millions is orders of magnitude greater than dozens of attacks out of hundreds of millions."
        
        Do you need help with basic arithmetic? Orders of magnitude has nothing to do with the point I was making. Let's simplify things with a hypothetical example: In Country A, Population B commits terrorism at a rate of 1 per 10,000 (over a period of say, 10 years). Population C commits terrorism at a rate of 1 per 1 million over the same amount of time. Why is it that the arbitrary line dividing "acceptable to seize the phone records and enact surveillance on every member of the population" from "not acceptable ..." falls between 0.000001% and 0.0001%? And you do realize that your proposal wouldn't just affect Muslims, right? Anyone born a Muslim who later left the religion would still be affected. As would any non-Muslim Arabs who have names common amongst Arabs of all religions (not to mention other ethnic groups where names may be common amongst Muslims and non-Muslims)?
        
        Calidissident 12 years ago
        
        "Also, as I said but you seem to gloss over, there is no worldwide movement of right-wing terrorists, just a few nuts here and there. That is not at all the case with Islamic terrorism. They have plenty of funding, support from nation-states, vocal public leaders, tens of millions of public supporters and lots of apologists minimizing all of that. They have a (somewhat) consistent ideology they want to impose everywhere. They already rule entire countries. They have a total body count of five or six figures. It's absurd to equate all that with scattered right-wing terror, with a body count probably not even four figures, with no visible leaders, no consistent ideology, near-zero public support, near-zero funding, and zero public apologists."
        
        I never equated right wing terror with Islamic terror. What I've said is that A) in terms of raw number of incidents, in the US, the gap between terrorism by Muslims and non-Muslim whites (not necessarily right-wing) is not as big as you're implying (again, in absolute, not proportional, terms) and B) regardless of proportional rates, it's naive to think that government would not be willing to use such tools against right-wing or other groups, and that they would only limit it to Muslims ...
        
        Calidissident 12 years ago
        
        ... Are you unaware of how Napolitano and other members of government (not to mention the media) have trumped up the threat of right-wing terror in recent years? You trust these people with this power? I'm well aware that Islamic extremists have real power in some parts of the world. I'm not sure how that defeats any of the arguments I've made in this thread.
        
        "IMO dealing with Islamic terrorism (and possibly Islam as a whole) is one area where libertarianism fails. Pure libertarianism makes it hard to defend against an aggressive religion that is, far more than any other, explicitly anti-libertarian."
        
        How? By not giving the feds the power to trample individual rights to stop it? Law and order types make this same argument all the time against crime in general, which is, obviously, far more prevalent in this country than Islamic terrorism. Or is it because libertarians think invading and occupying every Muslim country in the world might not be the best or most efficient strategy to combat Islamic terrorism?
        
        Calidissident 12 years ago
        
        And what exactly do you mean by "fails?" Are you saying that you think Islamic terrorism is an existential threat, and that following libertarianism would lead to the US getting taken over by the Islamic hordes? If so, I will simply say that the idea of a takeover of the US by Islamic terrorists in the foreseeable future is nothing short of laughable. If you simply mean it will allow an unacceptable number of terrorist attacks, then I respond; Even if we ignore the moral aspects here (and take your definition of "unacceptable" as given), on a purely practical level, what evidence do you have that giving the government all these tools will actually do anything to stop Islamic terrorists?
2. Hyperion 12 years ago
  
  Guys named Mohammed aren't the only terrorists that they are looking for.
  
  It's the rest of us who are way more scary than the Mohammeds.
  
  Maybe one of us sold something at a garage sale and failed to report it to the state. Who knows what form of terrorism we could be supporting with that unreported $4.25 of black market money we just came into. That needs to be shared with the IRS.
  
  Or maybe one of us has been buying dangerous cigarettes. That needs to be shared with HHS.
  
  Maybe one of us took a trip to Bermuda. Why does anyone need to go to Bermuda? That needs to be shared with DHS.
  
  See, it's for the children.
  1. Rich 12 years ago
    
    Why does anyone need to go to Bermuda?
    
    To buy cigarettes at a garage sale, and to drive on the wrong side of the road.
Fist of Etiquette 12 years ago

Why doesn't he just marry Fort Meade then.
1. Hyperion 12 years ago
  
  Fort Meade is in Maryland. It's probably a whore who watches Nascar and likes duck pin bowling. You don't want to marry it.
  1. Mad Scientist 12 years ago
    
    TRACTOR PULZZZ!
  2. Nazdrakke 12 years ago
    
    Nah, Ms. Meade hangs out in dive bars and Korean polls halls playing Keno and eats at Denny's. At least that's what she did when I lived there.
DaveSs 12 years ago

I wouldn't be surprised to hear that this guy ends up being attacked by the domestic espionage apologists because he works for Google.

Never mind of course that a web users association with google is voluntary.
CE 12 years ago

Obama had similar reservations on accepting the Nobel Peace Prize, I've heard:

In accepting the award I don't condone the Nobel organization's glorification of those who seek peace. Simply put, I don't think protecting the security of the American people is compatible with an organisation like the Nobel organization that would frown upon my prerogative to kill those we fear, to arm those who oppose those we once supported to keep down those we fear, or to suppress domestic dissent of those actions by those who would recklessly expose certain programs we would rather not have exposed.
MappRapp 12 years ago

lol, thats pretty funny when you tink about it.

http://www.Global-Anon.com
Juice 12 years ago

The NSA didn't set to work spying on America and the world beyond of its own accord. It was set to that task by presidents and legislators who've lost respect for limitations on their power and for the liberty of the people who suffer under their governance.

What? I don't know why you think this. Politicians aren't the ones who come up with these things. They just enable them and fund them after being told that they should vote for it.

Please log in to post comments

Winner of NSA Cybersecurity Award Slams the Spy Agency's Existence

Latest

Federal Appeals Court Rejects Trump Administration's Attempt To Block Return of Kilmar Abrego Garcia

A Survey Suggests Most Americans Are Not Keen on Trump's Speech-Based Deportation Initiative

Trump Threatens Harvard's Tax-Exempt Status

The Trump Administration Wages War on Meta

Obama Is a Huge Hypocrite for Praising Harvard's Anti-Trump Stance

Recommended

Login Form