Talk:Bullrun (decryption program)
This article is rated B-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
A news item involving Bullrun (decryption program) was featured on Wikipedia's Main Page in the In the news section on 8 September 2013. |
Huawei Controversy
editThe US and Western governments have been very active in controlling the influence of Huawei in network infrastructure, it would seem because they have no influence over back door and have in fact accused Huawei of compliance with the Chinese government in doing the same thing. [[1]] It would seem to be relevant to suggest that Western governments are against Huawei equipment because they don't have the desired level of influence over development. — Preceding unsigned comment added by 86.54.181.194 (talk) 07:54, 10 September 2013 (UTC)
Code name (title of article)
editReuters news exclusive today, saying NSA paid RSA $10M to subvert encryption as part BullRun project. http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220 --- — Preceding unsigned comment added by 172.251.172.174 (talk) 09:57, 21 December 2013 (UTC) Bullrun isn't a code name. It's a program. Just as PRISM is a program, Boundless Informant is a program, XKeyScore is a program, Tempora is a program, etc. etc. The subject of this article is no more a "code name" than Bullrun the TV series is a "name of a TV series." But the title of that article isn't Bullrun (name of TV series).
Yes, it's a matter of semantics, but these are important semantics that we should correct right away. --Dr. Fleischman (talk) 22:00, 5 September 2013 (UTC)
- Hi Dr. Fleischman. Sure, feel free to move the article if you think there's a more suitable title. I was following the examples of Blarney (code name), Ragtime (code name), and Stellar Wind (code name). By the way, I cleaned up the Bullrun → Bullrun (TV series) links already, so we're all set there. --MZMcBride (talk) 22:54, 5 September 2013 (UTC)
- Hm, it seems there's no consistency here. Those three have "(code name)" but then there's "PRISM (surveillance program)", "Fairview (surveillance program)", and "Turbulence (NSA)". I prefer "Bullrun (decryption program)" for the reasons I already mentioned, but I'll give it 24 hours in case other editors want to way in. --Dr. Fleischman (talk) 23:51, 5 September 2013 (UTC)
- Personally, I think "anti-encryption" is more accurate than "decryption." The articles could probably all be standardized to "___ (program)". --MZMcBride (talk) 02:05, 6 September 2013 (UTC)
- I'm agree. This is not really a decryption program. It is rather a program to cheat. 92.106.151.60 (talk) 06:56, 6 September 2013 (UTC)
- BULLRUN in caps (cf PRISM). Encryption suppression and subversion seems to describe it. Widefox; talk 09:50, 6 September 2013 (UTC)
- I favour the term "Project Bullrun", which appears in a quotation from one of the leaked documents in the Guardian article. It would appear to be the official name (apart from capitalisation), and it does not require disambiguation. —rybec 17:55, 6 September 2013 (UTC)
- BULLRUN in caps (cf PRISM). Encryption suppression and subversion seems to describe it. Widefox; talk 09:50, 6 September 2013 (UTC)
- I'm agree. This is not really a decryption program. It is rather a program to cheat. 92.106.151.60 (talk) 06:56, 6 September 2013 (UTC)
- Personally, I think "anti-encryption" is more accurate than "decryption." The articles could probably all be standardized to "___ (program)". --MZMcBride (talk) 02:05, 6 September 2013 (UTC)
- Hm, it seems there's no consistency here. Those three have "(code name)" but then there's "PRISM (surveillance program)", "Fairview (surveillance program)", and "Turbulence (NSA)". I prefer "Bullrun (decryption program)" for the reasons I already mentioned, but I'll give it 24 hours in case other editors want to way in. --Dr. Fleischman (talk) 23:51, 5 September 2013 (UTC)
- "anti-encryption program": Sounds somewhat reasonable to me except for two things. First, decryption need not be brute force to be "decryption"; that's why it's called "brute force decryption" (as opposed to just "decryption"). Second, the reliable sources aren't using "anti-encryption." The Guardian called it a "decryption program," and the NY Times/ProPublica just called it "highly classified program" (though ProPublica referred to their story as "the decryption story"). --Dr. Fleischman (talk) 18:09, 6 September 2013 (UTC)
- "program": I like this for standardization. Although... sometimes people refer to a TV show as a program? Would this be too vague/ambiguous? --Dr. Fleischman (talk) 18:09, 6 September 2013 (UTC)
- "Project Bullrun": I'm against a name that appears in only one primary source and has not been used by the reliable secondary sources.
- capitalization: PRISM has been frequently (though not uniformly) referenced in the reliable sources using capital letters, hence the decision to use capitals for the title of the article. I believe you can go back to the early talk page discussions of the article to verify. Bullrun, on the other hand, was referenced in mixed caps by both the Guardian and the NY Times/ProPublica. --Dr. Fleischman (talk) 18:09, 6 September 2013 (UTC)
- I have difficulty understanding your comment about "Project Bullrun". As I said, the term "Project Bullrun" was used in a quotation in the Guardian article. Are you saying that by quoting, the Guardian is not using the term? Are you saying the Guardian is not a reliable secondary source? Are you saying that there are other primary sources which use different names? —rybec 18:21, 6 September 2013 (UTC)
- Yes to your first question. When a secondary source quotes a primary source, the contents of the quote don't magically become more reliable. The Guardian never subjected the contents of the "Project Bullrun" quote to editorial scrutiny, i.e. to decide whether the terminology was appropriate. All they did was confirm that the slide actually said that. Put another way, if the Guardian had removed the word "Project" then that would have been inaccurate because it would have misquoted the slide. But clearly the paper made a decision that it would refer to the program simply as "Bullrun" when speaking in its own voice. --Dr. Fleischman (talk) 21:37, 6 September 2013 (UTC)
- In the NSA's own classification guide it's "project BULLRUN". It's not really clear what the exact status of this project is (it's not a codeword for an SCI compartment), but it's common practice to write all these nicknames and codewords capitalized. P2Peter (talk) 20:13, 6 September 2013 (UTC)
- That's a primary source. We should adhere to reliable secondary sources. --Dr. Fleischman (talk) 21:23, 6 September 2013 (UTC)
- Well, since these disclosures started, it stated out that you really gave to read the original documents, because the news reports are heavily biased, and there are only very few balanced analyses yet. P2Peter (talk) 22:03, 6 September 2013 (UTC)
- Where the Guardian presents one of the documents, [2] (caution, marked "top secret"), it uses the title "Project Bullrun — classification guide to the NSA's decryption program" and refers to it as "Bullrun" in the description. In the actual document, the title is different: it has an abbreviation. In titling its Web page, the Guardian chose to omit the abbreviation, but chose to use the term "Project Bullrun". The title of the Web page is a creation of the Guardian, not simply a parroting of what the NSA calls the document. When making the quotation we discussed earlier, they could have chosen to omit the word "Project".
- This was just made public around a day ago, so further stories about it may appear. It may be best to wait for that. —rybec 22:42, 6 September 2013 (UTC)
- P2Peter, are you suggesting that the Guardian, the New York Times, and ProPublica were biased in their decision to call the program "Bullrun" instead of something else? --Dr. Fleischman (talk) 23:44, 6 September 2013 (UTC)
- Sorry, that was meant generally. But as mentioned above, also for the name itself, it's good to compare the papers with the original documents. P2Peter (talk) 01:02, 7 September 2013 (UTC)
- Well, since these disclosures started, it stated out that you really gave to read the original documents, because the news reports are heavily biased, and there are only very few balanced analyses yet. P2Peter (talk) 22:03, 6 September 2013 (UTC)
- That's a primary source. We should adhere to reliable secondary sources. --Dr. Fleischman (talk) 21:23, 6 September 2013 (UTC)
- With regards to capitalization, NSA code names are ALLCAPS, no spaces. that's the standard, not always adhered to even in the documents. With regards to sources, in this the people with access to the documents themselves will be more reliable, they have seen more, not all of which are online. Secondary sources in this case are problematic, they tend to contain much less information than the primary articles. And we should go back to the documents themselves: I know of the following
- Black Budget excerpts, published in the New York Times, 3 pages. http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?ref=us Clean pdf version in the Guardian http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide
- BULLRUN briefing sheet, published in the New York times, ibid. Sneakily, they transcribed the document rather than posting the original, thus subjecting it to copyright.
- Classification Guide: Cryptanalysis, published in the Guardian, 3 pages. http://www.theguardian.com/world/interactive/2013/sep/05/nsa-classification-guide-cryptanalysis
- Classification Guide: Project BULLRUN, published in the Guardian, 6 pages. http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide
- 2 GCHQ Slides, published in the Guardian. I would love to post these, but they are subject to copyright, being GCHQ, not NSA. http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
- 1 NSA Slide, published in the Guardian - ibid. I believe this was pulled from a presentation OTHER than BULLRUN, and is more related to cryptanalysis in general. Relates to TURMOIL, previously exposed by Thomas Drake, See the Turbulence article.
Regarding capitalization, at least for the New York Times, this piece explains why this is. Basically any word over four letters gets de-capitalized. --MZMcBride (talk) 03:13, 9 September 2013 (UTC)
Turmoil slide
editThe slide is just not accurate in its present form
- The Corporate logos imply relations that are not directly supported by the documents
- It says that TURMOIL is a pilot program by the GCHQ. It is neither Pilot, nor GCHQ.
- The existence of TURMOIL was revealed to the Baltimore Sun in February 2007 by NSA whistleblower Thomas Andrews Drake.
- It an NSA program that is part of a larger effort called TURBULENCE.
- The Slide implies a flow of information that is also not directly supported by documents relating to turmoil. Its connection to BULLRUN, which is also NSA, not GCHQ is only tangential, by the weight of the released documents so far. Both are codebreaking, but beyond that, no supporting documents linking the two have been released.
- The British pilot program is "Edgehill"
I have commented out the slide for now.
Note: the word program is used in the classic sense and does not mean that there is a software program called TURMOIL, just that it is an organized effort. --Paulmd199 (talk) 02:19, 9 September 2013 (UTC)
" all encryption"
editWhat is this supposed to mean? I made my own encryption scheme during a drunken haze back in the 1990es (sorry, just like this article, I don't remember the year exactly). I never told anyone about it. Please tell me how the NSA managed to try and insert a backdoor into it. --79.240.205.80 (talk) 12:42, 9 September 2013 (UTC)
- I've rewritten the paragraph, taking out "all encryption", adding citations and adding mentions of CALEA, the Cyberspace Electronic Security Act, Bernstein v. United States, Skipjack (cipher) and the Clipper chip. Better, or worse? —rybec 19:43, 9 September 2013 (UTC)
- All encryption would be the goal, but the implementation is constrained by resources, and the limits of influence: biggest fish first, they don't actually get to sit on every committee, opensource is harder to backdoor. --Paulmd199 (talk) 22:53, 9 September 2013 (UTC)
Map graphic needs a key
editThe map of global NSA data collection is useless in its current form as there is no indication of what the colours mean.
Bullrun vs BULLRUN
editThere are different instances of capitalization throughout the article. The introduction begins with "Bullrun (stylized BULLRUN)", then proceeds to use both in various places. I don't know how to correct them, because I'm not sure if WP prefers one or the other. Besides the introductory explanation, they should maintain one format or another. — VoxLuna ☾ orbitland 18:14, 3 August 2015 (UTC)