By Tricia Bishop, The Baltimore Sun
7:04 PM EDT, September 18, 2013
After roughly a week of reflection, the Johns Hopkins cryptography professor who was ordered to remove from university servers a blog post about the National Security Agency's covert surveillance efforts has concluded that it was a "big misunderstanding."
The university, which has a division that works with the NSA, was concerned that Matthew Green had posted links to classified information, he said, when all he had posted was links to news reports about classified information.
Administrators quickly realized the mistake and apologized, but not before a public outcry from those concerned that Green's academic freedom had been infringed.
"The day it happened, I had no idea what was going on, I was scared, I [thought] I might lose my job," Green said.
He made the comments during a university-sponsored public discussion Wednesday about the very topic that led to the blog post's removal: efforts by the NSA, which is based at Fort Meade, to skirt encryption protections on email, phone calls and other communications.
It was his first public appearance since his blog post was removed and then reposted last week. Since then, he has concluded that the episode was "no big deal."
The bigger concern for Green, an assistant research professor with the university's Information Security Institute, is that there are entities — namely, the federal government and contractors working with them — that do ban employees from reading public reports about classified information.
The Department of Defense, for example, reportedly blocked employee access to the Guardian newspaper's Web stories about classified information leaked by former NSA contractor Edward Snowden.
"800,000 people who have a [security] clearance are not allowed to read the stories," Green said. For them, classified information stays classified unless it's released through the proper channels, which Green said limits public debate.
Anton Dahbura, interim executive director of the Information Security Institute, said Wednesday's event was planned well before Green's blogging incident — but on a smaller scale. He had envisioned a handful of cybersecurity experts talking among themselves.
But after the Green's blog post, the university "decided to make sure that it was completely open," Dahbura said. Several dozen students attended, several dozens more watched online, and news media were invited.
Dahbura said he was grateful for the opportunity to broaden the audience because the NSA's conduct is an important topic.
ProPublica, The New York Times and the Guardian have reported that the agency has secretly circumvented privacy tools, leading critics to ask whether any information is safe from government view and whether the United States and its technology can be trusted.
The participants in Wednesday's event wondered how deep the NSA efforts went and how they would affect the country's cybersecurity industry and research.
The conversation was speculative, hypothetical and just a little giddy.
"In a weird way, these events have injected excitement into the field," Dahbura said after the event. He said he expects the news of the NSA's efforts to lead to new ideas, new developments and new energy in academic circles.
"In general," he said, "it's going to make cybersecurity stronger."
That's something everyone should care about, Green said.
"This doesn't just affect geeks, it's something that affects everyone," Green said. "You use encryption 10 times before you eat breakfast."
Copyright © 2014, The Baltimore Sun