Miro Haller

Miro Haller

PhD Student @ UCSD doing applied cryptography (cryptanalysis / building systems) and system security.

An Empirical Analysis on the Use and Reporting of National Security Letters

1 minute read

Published:

We collect and analyze public information on National Security Letters.

This is a paper outside of my normal research area. We publish the first unified data set, consolidating data reported by the government (e.g., FISA and ASTR reports), companies (transparency reports), and published NSLs themselves. We analyze the collected data and draw conclusions about how the use of NSLs by government agencies developed over time.

Abstract

Government investigatory and surveillance powers are important tools for examining crime and protecting public safety. However, since these tools must be employed in secret, it can be challenging to identify abuses or changes in use that could be of significant public interest. In this paper, we evaluate this phenomenon in the context of National Security Letters (NSLs). NSLs are a form of legal process that empowers parts of the United States federal government to request certain pieces of information for national security purposes. After initial concerns about the lack of public oversight, Congress worked to increase transparency by mandating government agencies to publish aggregated statistics on the NSL usage and by allowing the private sector to report information on NSLs in transparency reports. The implicit goal is that these transparency mechanisms should deter large-scale abuse by making it visible. We evaluate how well these mechanisms work by carefully analyzing the full range of publicly available data related to NSL use. Our findings suggest that they may not lead to the desired public scrutiny as we find published information requires significant manual effort to collect and parse data due to the lack of structure and context. Moreover, we discovered mistakes (subsequently fixed after our reporting to the ODNI), which suggests a lack of active auditing. Taken together, our case study of NSLs provides insights and suggestions for the successful construction of transparency mechanisms that enable effective public auditing.

Full paper

Data Set

Our data set and processing scripts are available on GitHub.

You May Also Enjoy

Workshop on Attacks in Cryptography

less than 1 minute read

Published:

WAC is an affiliated event with Crypto that gives a platform to the most exiting cryptanalytic attacks of the year.

MFKDF: Multiple Factors Knocked Down Flat

1 minute read

Published:

We present multiple attacks against Multi-Factor Key Derivation Function, a novel cryptographic primitive presented at USENIX’23.

RADIUS/UDP considered harmful

1 minute read

Published:

Blast-RADIUS is a vulnerability that affects the RADIUS protocol. RADIUS is a very common protocol used for authentication, authorization, and accounting (AAA) for networked devices on enterprise and telecommunication networks.