<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<tt><big># Posted to <a class="moz-txt-link-freetext" href="http://masssurveillance.info/">http://masssurveillance.info/</a> <br>
</big></tt><tt>January 24, 201</tt><tt><big>4<br>
<br>
</big></tt>
<p>
Media reports since last June have revealed that the US government
conducts
domestic and international surveillance on a massive scale, that
it engages in
deliberate and covert weakening of Internet security standards,
and that it
pressures US technology companies to deploy backdoors and other
data-collection
features. As leading members of the US cryptography and
information-security
research communities, we deplore these practices and urge that
they be changed. </p>
<p>
Indiscriminate collection, storage, and processing of
unprecedented amounts of
personal information chill free speech and invite many types of
abuse, ranging
from mission creep to identity theft. These are not hypothetical
problems; they
have occurred many times in the past. Inserting backdoors,
sabotaging
standards, and tapping commercial data-center links provide bad
actors, foreign
and domestic, opportunities to exploit the resulting
vulnerabilities. </p>
<p>
The value of society-wide surveillance in preventing terrorism is
unclear, but
the threat that such surveillance poses to privacy, democracy, and
the US
technology sector is readily apparent. Because transparency and
public consent
are at the core of our democracy, we call upon the US government
to subject all
mass-surveillance activities to public scrutiny and to resist the
deployment of
mass-surveillance programs in advance of sound technical and
social controls.
In finding a way forward, the five principles promulgated at
<a href="http://reformgovernmentsurveillance.com/">http://reformgovernmentsurveillance.com/</a>
provide a good starting point. </p>
<p>
The choice is not whether to allow the NSA to spy. The choice is
between a
communications infrastructure that is vulnerable to attack at its
core and one
that, by default, is intrinsically secure for its users. Every
country,
including our own, must give intelligence and law-enforcement
authorities the
means to pursue terrorists and criminals, but we can do so without
fundamentally undermining the security that enables commerce,
entertainment,
personal communication, and other aspects of 21<sup>st</sup>-century
life. We
urge the US government to reject society-wide surveillance and the
subversion
of security technology, to adopt state-of-the-art,
privacy-preserving
technology, and to ensure that new policies, guided by enunciated
principles,
support human rights, trustworthy commerce, and technical
innovation.
</p>
<p>
<br>
</p>
<p>
</p>
<table width="90%" align="center">
<tbody>
<tr>
<td><i>
Martín Abadi
</i></td>
<td>
Professor Emeritus, University of California, Santa Cruz
</td>
</tr>
<tr>
<td><i>
Hal Abelson
</i></td>
<td>
Professor, Massachusetts Institute of Technology
</td>
</tr>
<tr>
<td><i>
Alessandro Acquisti
</i></td>
<td>
Associate Professor, Carnegie Mellon University
</td>
</tr>
<tr>
<td><i>
Boaz Barak
</i></td>
<td>
Editorial-board member, <i>Journal of the ACM</i><sup>1</sup>
</td>
</tr>
<tr>
<td>
<i> Mihir Bellare </i></td>
<td> Professor, University of California, San Diego </td>
</tr>
<tr>
<td>
<i> Steven Bellovin </i></td>
<td> Professor, Columbia University </td>
</tr>
<tr>
<td>
<i> Matt Blaze</i></td>
<td>Associate Professor, University of Pennsylvania</td>
</tr>
<tr>
<td>
<i> L. Jean Camp </i></td>
<td> Professor, Indiana University </td>
</tr>
<tr>
<td>
<i> Ran Canetti </i></td>
<td> Professor, Boston University and Tel Aviv University </td>
</tr>
<tr>
<td>
<i> Lorrie Faith Cranor </i></td>
<td> Associate Professor, Carnegie Mellon University </td>
</tr>
<tr>
<td>
<i> Cynthia Dwork </i></td>
<td> Member, US National Academy of Engineering </td>
</tr>
<tr>
<td>
<i> Joan Feigenbaum </i></td>
<td> Professor, Yale University </td>
</tr>
<tr>
<td>
<i> Edward Felten </i></td>
<td> Professor, Princeton University </td>
</tr>
<tr>
<td>
<i> Niels Ferguson </i></td>
<td> Author, <i>Cryptography Engineering: Design Principles
and Practical Applications</i> </td>
</tr>
<tr>
<td>
<i>
Michael Fischer
</i></td>
<td>
Professor, Yale University
</td>
</tr>
<tr>
<td><i>
Bryan Ford
</i></td>
<td>
Assistant Professor, Yale University
</td>
</tr>
<tr>
<td><i>
Matthew Franklin
</i></td>
<td>
Professor, University of California, Davis
</td>
</tr>
<tr>
<td>
<i> Juan Garay </i></td>
<td> Program Committee Co-Chair, CRYPTO<sup>2</sup> 2014</td>
</tr>
<tr>
<td>
<i> Matthew Green</i></td>
<td>Assistant Research Professor, Johns Hopkins University</td>
</tr>
<tr>
<td>
<i> Shai Halevi </i></td>
<td> Director, International Association for Cryptologic
Research </td>
</tr>
<tr>
<td>
<i>
Somesh Jha
</i></td>
<td>
Professor, University of Wisconsin – Madison
</td>
</tr>
<tr>
<td><i>
Ari Juels
</i></td>
<td>
Program Committee Co-Chair, 2013 ACM Cloud-Computing
Security Workshop<sup>1</sup>
</td>
</tr>
<tr>
<td><i>
M. Frans Kaashoek
</i></td>
<td>
Professor, Massachusetts Institute of Technology
</td>
</tr>
<tr>
<td><i>
Hugo Krawczyk
</i></td>
<td>
Fellow, International Association for Cryptologic Research
</td>
</tr>
<tr>
<td><i>
Susan Landau
</i></td>
<td>
Author, <i>Surveillance or Security? The Risks Posed by New
Wiretapping Technologies</i>
</td>
</tr>
<tr>
<td><i>
Wenke Lee
</i></td>
<td>
Professor, Georgia Institute of Technology
</td>
</tr>
<tr>
<td><i>
Anna Lysyanskaya
</i></td>
<td>
Professor, Brown University
</td>
</tr>
<tr>
<td><i>
Tal Malkin
</i></td>
<td>
Associate Professor, Columbia University
</td>
</tr>
<tr>
<td><i>
David Mazières
</i></td>
<td>
Associate Professor, Stanford University
</td>
</tr>
<tr>
<td><i>
Kevin McCurley
</i></td>
<td>
Fellow, International Association for Cryptologic Research
</td>
</tr>
<tr>
<td><i>
Patrick McDaniel
</i></td>
<td>
Professor, The Pennsylvania State University
</td>
</tr>
<tr>
<td><i>
Daniele Micciancio
</i></td>
<td>
Professor, University of California, San Diego
</td>
</tr>
<tr>
<td>
<i> Andrew Myers </i></td>
<td> Professor, Cornell University </td>
</tr>
<tr>
<td>
<i> Rafael Pass</i></td>
<td>Associate Professor, Cornell University</td>
</tr>
<tr>
<td>
<i> Vern Paxson </i></td>
<td> Professor, University of California, Berkeley </td>
</tr>
<tr>
<td>
<i>
Jon Peha
</i></td>
<td>
Professor, Carnegie Mellon University
</td>
</tr>
<tr>
<td><i>
Thomas Ristenpart
</i></td>
<td>
Assistant Professor, University of Wisconsin – Madison
</td>
</tr>
<tr>
<td><i>
Ronald Rivest
</i></td>
<td>
Professor, Massachusetts Institute of Technology
</td>
</tr>
<tr>
<td><i>
Phillip Rogaway
</i></td>
<td>
Professor, University of California, Davis
</td>
</tr>
<tr>
<td><i>
Greg Rose
</i></td>
<td>
Officer, International Association for Cryptologic Research
</td>
</tr>
<tr>
<td><i>
Amit Sahai
</i></td>
<td>
Professor, University of California, Los Angeles
</td>
</tr>
<tr>
<td><i>
Bruce Schneier
</i></td>
<td>
Fellow, Berkman Center for Internet and Society, Harvard Law
School
</td>
</tr>
<tr>
<td><i>
Hovav Shacham
</i></td>
<td>
Associate Professor, University of California, San Diego
</td>
</tr>
<tr>
<td><i>
Abhi Shelat
</i></td>
<td>
Associate Professor, University of Virginia
</td>
</tr>
<tr>
<td><i>
Thomas Shrimpton
</i></td>
<td>
Associate Professor, Portland State University
</td>
</tr>
<tr>
<td><i>
Avi Silberschatz
</i></td>
<td>
Professor, Yale University
</td>
</tr>
<tr>
<td><i>
Adam Smith
</i></td>
<td>
Associate Professor, The Pennsylvania State University
</td>
</tr>
<tr>
<td><i>
Dawn Song
</i></td>
<td>
Associate Professor, University of California, Berkeley
</td>
</tr>
<tr>
<td><i>
Gene Tsudik
</i></td>
<td>
Professor, University of California, Irvine
</td>
</tr>
<tr>
<td><i>
Salil Vadhan
</i></td>
<td>
Professor, Harvard University
</td>
</tr>
<tr>
<td><i>
Rebecca Wright
</i></td>
<td>
Professor, Rutgers University
</td>
</tr>
<tr>
<td><i>
Moti Yung
</i></td>
<td>
Fellow, Association for Computing Machinery<sup>1</sup>
</td>
</tr>
<tr>
<td><i>
Nickolai Zeldovich
</i></td>
<td>
Associate Professor, Massachusetts Institute of Technology
</td>
</tr>
</tbody>
</table>
<hr width="50%">
<p>
This letter can be found at: <a class="moz-txt-link-freetext" href="http://MassSurveillance.info">http://MassSurveillance.info</a><br>
</p>
<p>
Institutional affiliations for identification purposes only. This
letter
represents the views of the signatories, not necessarily those of
their
employers or other organizations with which they are affiliated. </p>
<p>
<sup>1</sup> The Association for Computing Machinery (ACM) is the
premier
organization of computing professionals.
<br>
<sup>2</sup>
CRYPTO is an annual research conference sponsored by the
International
Association for Cryptologic Research. </p>
<br>
</body>
</html>