Professor told to delete NSA-related blog post from university site [UPDATE]
Matthew Green, a cryptography professor at Johns Hopkins University (JHU) in Baltimore, Maryland, penned the blog post last week after it was revealed that the NSA has spent years strong-arming companies into installing a so-called backdoor into some of the world’s most popular communications services.
He began by explaining a series of conversations he had with reporters before the leaks were published. The journalists asked Green how the NSA would install covert monitors in everyday data exchanges, assuming they had the wherewithal to do so.
“I admit that at this point one of my biggest concerns was to avoid coming off like a crank,” Green wrote of his answers at the time. “After all, if I got quoted sounding too much like an NSA conspiracy nut, my colleagues would laugh at me…Not only does the worst possible hypothetical I discussed appear to be true, but it’s on a scale I couldn’t even imagine. I’m no longer the crank, I wasn’t even close to cranky enough.”
Green goes on to explain how to break a cryptographer system (attack the cryptography, go after the implementation, then access the human side). He also details which supposedly secure codes are the most vulnerable and tells how the NSA violated the trust of Americans and much of the tech industry.
On Monday, the professor described on Twitter the ordeal that followed the post’s publication.
I received a request from my Dean this morning asking me to remove all copies of my NSA blog post from University servers.— Matthew Green (@matthew_d_green) September 9, 2013
The post is still up on Blogger, but a local University mirror of my blog was shut down. And no, this isn't my Dean's fault.— Matthew Green (@matthew_d_green) September 9, 2013
Countless people on social media and across the internet have wondered just whose fault it is. The NSA has listed Johns Hopkins as one of the agency’s Centers of Academic Excellence, in part because of cyber-security research conducted at the college.
Hours after tweeting about the Dean’s request, Green clarified his comments on the social media platform.
“So listen, I’m not trying to talk about this much because anything I say will make it worse. What I’ve been told is that someone on the [Applied Physics Laboratory] side at JHU discovered my blog post and determined that it was hosting/linking to classified documents,” he wrote.
“This requires a human since I don’t believe there’s any automated scanner for this process…All I know is that I received an email this morning from the Interim Dean of the school of Engineering schools asking me to take down the post and to desist from using the NSA logo. He also suggested I should seek counsel if I continued.”
The professor, for his part, told RT he had no idea where the take-down order came from and jokingly advised internet users to stay offline altogether if they want to avoid incidents like this in the future.
"Somebody somewhere made a decision that there might be classified material on this blog," he said. "The instinct was to shut the blog down rather than investigate that. I think that was a mistake. I don’t think I’ll ever know exactly where that came from and I hope it never happens again.
"Move down to the basement, buy a computer, and never, ever use the internet. That’s the best advice I can give you."
UPDATE: Upon further review, administrators at JHU have permitted Green to restore his blog post on the university’s mirror blog. Speaking with Talking Points Memo on Monday, Johns Hopkins Dennis O’Shea issued the following statement:
The university received information this morning that Matthew Green’s blog contained a link or links to classified material and also used the NSA logo. For that reason, we asked Professor Green to remove the Johns Hopkins-hosted mirror site for his blog.
Upon further review, we note that the NSA logo has been removed and that he appears to link to material that has been published in the news media. Interim Dean Andrew Douglas has informed Professor Green that the mirror site may be restored.
We did not receive any inquiry from the federal government about the blog or any request from the government to take down the mirror site. (And we did not, of course, receive any inquiry or request from the government about the personal site, though that never was taken down and we never asked that it be taken down).
As to where the information did come from, we are still tracing the path of this event, which all exploded into our notice over the past couple of hours. So I don’t think we’re ready yet with an answer on that.