Cryptographers Attack NSA's Secret Effort to Subvert Internet Security17/09/2013 19:25
Cryptographers are fighting back against efforts by spy agencies to secretly weaken the encryption standards designed to keep the Internet secure.
In an open letter posted online Monday, security experts from universities in the United Kingdom and Luxemburg blasted the National Security Agency and its British counterpart GCHQ for what they describe as the “systematic undermining of cryptographic solutions and standards.” The letter was written in response to a jointly reported scoop by the New York Times, ProPublica, and the Guardian that revealed earlier this month how the NSA and GCHQ were working to break and in some cases covertly subvert common forms of encryption. In at least one case, for instance, the NSA apparently planted vulnerabilities in an encryption standard adopted by the National Institute of Standards and Technology, the federal agency responsible for recommending cybersecurity standards, presumably so that it could exploit it for spying.
The academics’ strongly worded letter demands that the U.K. Parliament’s intelligence and security committee—which is tasked with conducting oversight of the country’s spy agencies—open an urgent investigation into the encryption subversion. They write:
By weakening cryptographic standards, in as yet undisclosed ways, and by inserting weaknesses into products which we all rely on to secure critical infrastructure, we believe that the agencies have been acting against the interests of the public that they are meant to serve. We find it shocking that agencies of both the U.S. and U.K. governments now stand accused of undermining the systems which protect us. By weakening all our security so that they can listen in to the communications of our enemies, they also weaken our security against our potential enemies.
In United States, too, there is also mounting anger over the spy agencies’ covert attempts to break encryption. The NSA’s clandestine conduct appears to be causing tension between government agencies, with the National Institute of Standards and Technology last week distancing itself from the NSA. NIST put out a statement that included a footnote recommending that people steer clear of an encryption standard reportedly targeted by the NSA, and it attempted to reassure people that it “would not deliberately weaken a cryptographic standard.” Johns Hopkins University cryptography researcher Matthew Green told the New York Times that he knew “from firsthand communications that a number of people at NIST feel betrayed by their colleagues at the NSA.”