www.baltimoresun.com/news/maryland/baltimore-city/north-baltimore/bs-hs-hopkins-blog-20130909,0,3976680.story

baltimoresun.com

Hopkins reverses order to remove blog post about NSA

Professor criticized NSA in blog post about how agency gets around online encryption

By Andrea K. Walker, The Baltimore Sun

9:05 PM EDT, September 9, 2013

Advertisement

The Johns Hopkins University ordered a cryptography professor to remove from its servers a blog post critical of the federal government for circumventing the encryption that protects sensitive material on the web — only to reverse course after a review.

Matthew Green, an assistant research professor at the Johns Hopkins Information Security Institute, said in Twitter posts Monday that the interim dean of the university's engineering school, Andrew Douglas, asked him to remove the post.

The request came after Green wrote a post about a New York Times article that outlined how the National Security Agency circumvented encryption to gain access to private information. Green had talked to a reporter recently about how this hypothetically might happen, but never quite believed it would, he wrote on his blog.

"Not only does the worst possible hypothetical I discussed appear to be true, but it's true on a scale I couldn't even imagine," he wrote.

Green did not return several requests for interviews Monday. Douglas referred questions to a university spokesman.

The blog post on Hopkins' servers was a mirror, or copy, and could be found elsewhere on the Internet after it was removed from the university's system.

Hopkins said in a statement that it had Green's post removed after someone told them it contained a link or links to classified material and also used the NSA logo, which raised possible copyright concerns. A Hopkins spokesman, Dennis O'Shea, said it was unclear who informed the university about the blog post.

"Upon further review, we note that the NSA logo has been removed and that he appears to link to material that has been published in the news media," Hopkins said in the statement. "Interim Dean Andrew Douglas will inform Professor Green that the mirror site may be restored."

Johns Hopkins does a lot of work with the federal government and the NSA, located nearby in Fort Meade.

O'Shea said the federal government did not ask for the blog post to be removed and that there were not security concerns because Green does not work on projects where security clearance is needed.

Removal of the blog raised questions about freedom of speech and academic protections.

Because Hopkins is a private institution it can legally order Green to remove the blog, said Ken Paulson, president of the First Amendment Center and dean of the College of Mass Communication at Middle Tennessee State University.

"Most institutions of higher learning have policies that protect academic freedom," Paulson said. "And expressions by members of the faculty are generally respected. But there is not a First Amendment violation here."

O'Shea said there are certain policies Hopkins employees have to follow when using university equipment, including not endorsing political candidates and not doing anything illegal. No policies seem to have been violated in Green's case, he said.

For now Green will keep his blog off Hopkins' servers, he said on Twitter.

"I'm baffled by this entire thing," he wrote. "I hope to never receive an email like that again and I certainly believe JHU ... is on the wrong side of common sense and academic freedom, regardless of their obligations under the law. That said, I have no desire to cause trouble for any of the very good people at JHU so I'll keep my posts off JHU property."

According to Green's website, he has designed and analyzed cryptographic systems used in wireless networks and payment systems. His research has looked at ways cryptography can be used to promote user privacy.

andrea.walker@baltsun.com

twitter.com/ankwalker