ProPublica

Journalism in the Public Interest

Cancel

Johns Hopkins and the Case of the Missing NSA Blog Post

The university, which works closely with the NSA, apologizes to a professor after he was asked to remove his post.

.

The website of the Applied Physics Laboratory at Johns Hopkins.

Sept. 10: This post has been updated.

Citing concerns about linking to classified material, Johns Hopkins University asked a professor this morning to remove a blog post discussing  last week’s revelations about the NSA’s efforts to break encryption. The post had linked to government documents published by ProPublica, the Guardian, and the New York Times.  

Several hours later, after computer science professor Matthew Green tweeted about the request, the university reversed itself.

Baltimore-based Johns Hopkins, which is short drive from the NSA’s headquarters at Fort Meade, works closely with the spy agency.

The university’s Applied Physics Laboratory, which employs about 5,000 people, does many projects with the NSA. 

According to the lab’s website, “APL staff working with NSA are engaged in strategic planning, development of enterprise and program architectures, conducting quantitative analysis to support engineering decisions, development of engineering processes, and formulation of the governance structures for the work in the new Technology Directorate (TD).”

The website also notes that the lab “completed a strategic study that analyzed NSA’s global information technology infrastructure to determine the top locations for the large-scale data centers.”

Green said on Twitter that he had “been told” that someone from the Applied Physics Laboratory had first flagged his blog post.

Asked about the Applied Physics Laboratory’s role, Hopkins spokesman Dennis O'Shea said, “We are still tracing the path of this event, which all exploded into our notice over the past couple of hours. So I don’t think we’re ready yet with an answer on that.”

In an earlier statement, O’Shea said: “The university received information this morning that Matthew Green’s blog contained a link or links to classified material and also used the NSA logo. For that reason, we asked Professor Green to remove the Johns Hopkins-hosted mirror site for his blog.”

He continued: “Upon further review, we note that the NSA logo has been removed and that he appears to link to material that has been published in the news media. Interim Dean Andrew Douglas will inform Professor Green that the mirror site may be restored.”

Green removed the post from his university site but it remained mirrored on Google’s blogger service. Green has since removed the agency’s logo from the post on his blog.

An expert in the field of cryptography, Green was quoted in the story published by ProPublica and the New York Times.

In his blog post, Green linked to a document that outlines the NSA’s SIGINT Enabling Project, a program focused on subverting encryption products. The document is marked Top Secret and was part of the cache taken by former NSA contractor Edward Snowden.

Green added in the post that he has not seen documents beyond the ones published with the story last week. 

Update Sept. 10: This afternoon Matthew Green received an apology from the dean who had asked him to remove the NSA blog post, Andrew Douglas of the Hopkins engineering school:

I write to apologize for any difficulty I caused you yesterday over the post on your blog.  I realize now that I acted too quickly, on the basis of inadequate and – as it turns out – incorrect information.  I requested that you take down the post without adequately checking that information and without first providing you with an opportunity to correct it.

As an academic and as a member of the faculty at Johns Hopkins for 30 years, I am wholly supportive of academic freedom and keenly aware of its centrality to our enterprise.  It is for this reason that I attached the 1940 AAUP Statement of Principles on Academic Freedom and Tenure.

Moreover, as interim dean of the Whiting School of Engineering, I am also aware of the contributions you are making to your field of information security and of the relevance of your comments to the important public debate that is now under way.

I am sorry that my request to you yesterday may have, in some minds, undeservedly undercut your reputation as a scholar and scientist.  I am also sorry if I have raised in anyone’s mind a question as to my commitment to academic freedom.  I am pleased that we were able to correct the error quickly.

I hope that you understand that my motivation – again, based on inadequate information – was to protect the university and you from legal consequences.  I look forward to discussing your work with you, as you suggested yesterday.

Separately, a Hopkins spokesman confirmed to ProPublica that someone from the Applied Physics Laboratory, which works closely with the NSA, had originally flagged Green’s post.

“[T]he federal government was not involved,” said spokesman Dennis O’Shea in an email. “The blog post originally was spotted by someone at the Johns Hopkins Applied Physics Laboratory. A message was sent from a staff member at APL to a staff member at the Homewood campus calling attention to the post. That message may have been understood as a request for action, though I am told it was intended only as an FYI. The Homewood staff member called the post to the attention of the dean. The dean wrote to Professor Green, and you know the rest.”

NSA is consistently misrepresenting their rights regarding their logo to silence critics and parodists. It’s a government work and can be reproduced freely.

http://www.usa.gov/copyright.shtml
and
http://www.intelligence.senate.gov/nsaact1959.htm (section 15)

Streisand Effect !

And now it’s reasonable to speculate that the USG will be going after expert cryptographers in some secret but characteristically ham-fisted way.

Morris Thorpe

Sep. 9, 2013, 9:20 p.m.

Nothing seems far fetched anymore. How sad.

But the intelligence agencies and DoD have already taken over most universities, haven’t y’all noticed..? Anthropology for human terrain teams, social network analysis to direct drone strikes and guide surveillance, cryptography for the surveillance state, law to justify torture and drone strikes, etc, etc

Speaking as an adjunct professor at an unrelated school (and it’s unlikely that my statements reflect those of my employer, but I also haven’t asked), it seems like bullying a school and professor in view of the students is a great way to turn students against you.  Students tend not to support abuse of authority.

And yeah, I’m not sure how the logo comes into play.  I mean, it’s probably illegal to masquerade as a member of the armed forces, but as long as Green didn’t do that, there’s no Intellectual Property law I can think of that isn’t trumped by Federal government works being public domain and the fact that Green used it to illustrate criticism.  There’s also a ton of case law saying that the First Amendment protects us against censorship by any government official and not merely laws passed by Congress.

It shows how little power they actually have, though.  This is how a wounded, cornered animal acts, not a creature with the upper hand.

It’s time to expose what universities are doing for the government. We don’t need to know anything that will cause harm. But, it isn’t acceptable that those who release information that exposes the existence of the government’s spy programs are subject to prosecution and censorship. How can we be sure that universities handling top-secret data are secure? Obviously, now that encryption has been compromised throughout the world, all systems are not safe. It’s unfortunate that institutions of higher learning have sold us all out for the almighty dollar.

Reminds me of the polite visits back in Eastern Europe. You know what to do to survive.

Clay, given that the NSA has undermined the foundations of most cryptographic systems (by choosing easy-to-crack parameters, for example, or biasing random number generators), we can guarantee that nobody’s handling of top-secret data is secure except the government agencies that have been in on the con.

After all, it’s not like the Pentagon is the only group hiring mathematicians and hackers to read secrets.  Our enemies, unethical corporations, and terrorists gain substantial benefits from weaker encryption, too.

@Pete, you did not read the exceptions further down the page: “You cannot use U.S. government trademarks or the logos of U.S. government agencies without permission. For example, you cannot use an agency logo or trademark on your social media page.”

This article is part of an ongoing investigation:
Surveillance

Surveillance

ProPublica investigates the threats to privacy in an era of cellphones, data mining and cyberwar.

Get Updates

Stay on top of what we’re working on by subscribing to our email digest.

optional

Our Hottest Stories

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •