- A professor at Johns Hopkins University wrote a blog post critical some of the NSA's alleged practices and was later told by the institution to remove the post from its servers.
- The professor heard someone at the university's Applied Physics Laboratory might have made the initial complaint, which lead some to note the connection between some of APL's projects and the NSA.
- After the Internet lambasted the university for "censorship," it quickly reevaluated the situation, noticed it misunderstood a few items and reinstated the professor's blog.
- Some still wonder if its initial decision to remove it though came from the government; the university denies this.
A prominent university quickly reinstated and apologized to a professor after requiring him to remove his blog post about the NSA, prompting some to wonder if the spy agency itself was behind its removal.
Matthew Green's post has been re-posted and the university apologized for the situation. (Image via WJZ video screenshot)
Matthew Green, a cryptographer and research professor at Johns Hopkins University, wrote on his "A Few Thoughts on Cryptographic Engineering" blog last week regarding the NSA's encryption cracking capabilities and its efforts to weaken encryption standards to make them easier to break.
"The NSA has been doing some very bad things," Green wrote.
Green reported how the NSA allegedly promoted less secure cryptography and other details, which had already made their way into mainstream media reports.
"The most likely short-term effect is that there's going to be a lot less trust in the security industry. And a whole lot less trust for the US and its software exports," Green wrote of what the revelations made last week about the NSA's efforts might mean. "Maybe this is a good thing. We've been saying for years that you can't trust closed code and unsupported standards: now people will have to verify.
"Even better, these revelations may also help to spur a whole burst of new research and re-designs of cryptographic software," he continued.
Johns Hopkins administrators became aware of Green's blog post on their servers Monday and asked him to remove it.
Green kept people updated about the situation as it unfolded through his Twitter account.
As a sidenote, APL is Johns Hopkins Applied Physics Laboratory, which has a staff of about 5,000 people and has more than 600 programs working with sponsorship from several government agencies, including the NSA.
Here's a bit more from APL's website detailing its relationship with the NSA:
APL provides NSA with independent, objective technical advice across a broad set of systems engineering and architecture challenges. The trusted agent relationship is integral to the NSA Systems Engineering and Architecture Project. APL staff working with NSA are engaged in strategic planning, development of enterprise and program architectures, conducting quantitative analysis to support engineering decisions, development of engineering processes, and formulation of the governance structures for the work in the new Technology Directorate (TD). APL led a multi-organizational team that produced a plan to define and implement new time and frequency standards across the Cryptologic Enterprise, formulated a scalable process for technical review of all TD programs, and developed concepts and requirements for tagging and tracking data throughout the signals intelligence system.
With that connection, you can see why some might jump thinking the NSA might be "silencing university professors."
Green took his blog off the university servers, but said he would not remove it from his non-university blog, citing that although linking to classified documents, they have since been made public a la whistleblower Edward Snowden.
He then went on to express his confusion about the situation:
Green's story spread.
“The internet went crazy, decided that this was censorship,” Green told WJZ-TV.
By Tuesday, Green had tweeted the apology he received. He was given permission to repost the blog article as well.
"I write to apologize for any difficulty I caused you yesterday over the post on your blog. I realize now that I acted too quickly, on the basis of inadequate and – as it turns out – incorrect information. I requested that you take down the post without adequately checking that information and without first providing you with an opportunity to correct it," Johns Hopkins Interim Dean of Engineering Andrew Douglas wrote.
"I am sorry that my request to you yesterday may have, in some minds, undeservedly undercut your reputation as a scholar and scientist. I am also sorry if I have raised in anyone’s mind a question as to my commitment to academic freedom. I am pleased that we were able to correct the error quickly," the apology continued.
The university though has come out to say the government was not involved in their initial decision to have the post removed.
"We did not receive any inquiry from the federal government about the blog or any request from the government to take down the mirror site," Johns Hopkins spokesman Dennis O'Shea told CNET. "As to where the information did come from, we are still tracing the path of this event, which all exploded into our notice over the past couple of hours. So I don't think we're ready yet with an answer on that."
David Rocah with the ACLU told WJZ the university "(owes the) public a more complete explanation," noting that he thinks this situation "fits a pattern (...) that the NSA or someone acting at the behest of the NSA, did ask Hopkins to do this."
Here's WJZ's report on the incident:
Regardless, the Baltimore Sun pointed out that because Hopkins is a private school, it was within its rights to order Green to remove his post from its servers, according to Ken Paulson, president of the First Amendment Center.
"Most institutions of higher learning have policies that protect academic freedom. And expressions by members of the faculty are generally respected. But there is not a First Amendment violation here," Paulson told the Sun.
Green has followed up on the whole situation with another blog post, using his unintentional fame to make a short soapbox stand about the "number of terrible mistakes" made by the NSA and where to go from here.
"Given these mistakes, we're now faced with the job of cleaning up the mess. To that end there are two sets of questions: public policy questions -- who should the NSA be spying on and how far should they be allowed to go in pursuit of that goal? And a second set of more technical questions: how do we repair the technological blowback from these decisions?" Green wrote.
Avoiding the political issue, Green delves into the technical hurdles.
"The tech sector is one of the fastest growing and most innovative areas of the US economy. I believe the NSA's actions have caused long-term damage to our credibility, in a manner that threatens our economic viability as well as, ironically, our national security," he continued.
"The interesting question to me -- as an American and as someone who cares about the integrity of speech -- is how we restore faith in our technology. I don't have the answers to this question right now. Unfortunately this is a long-term problem that will consume the output of researchers and technologists far more talented than I. I only hope to be involved in the process."
With regard to allegations that the NSA had been working to weaken encryption standards, the National Institute of Standards and Technology released a statement Tuesday to "assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place."
"NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large," the statement continued.