Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Privacy Groups Call for NIST to Keep Development of Crypto Standards Independent of NSA Influence

The Electronic Frontier Foundation (EFF) and several privacy and civil liberties groups have joined forces to urge the National Institute of Standards and Technology (NIST) act strongly to keep encryption standards free of backdoors and known vulnerabilities.

The Electronic Frontier Foundation (EFF) and several privacy and civil liberties groups have joined forces to urge the National Institute of Standards and Technology (NIST) act strongly to keep encryption standards free of backdoors and known vulnerabilities.

In a letter, the EFF, Electronic Privacy Information Center (EPIC) and more than a dozen others pushed for NIST to “publicly and irrefutably commit itself to independence from the NSA’s signals intelligence mission and any government surveillance programs, activities, or authorities.”

“It’s looking like we might be on the brink of another crypto war,” blogged EFF’s Nadia Kayyali. “The first one, in the 90s, was a misguided attempt to limit the public’s access to strong, secure cryptography. And since then, the reasons we need the good security provided by strong crypto have only multiplied. That’s why EFF has joined 20 civil society organizations and companies in sending a letter to the National Institute of Standards and Technology (NIST) to “re-emphasize the importance of creating a process for establishing secure and resilient encryption standards, free from back doors or other known vulnerabilities.”

Currently, NIST is in the process of finalizing a document outlining the process for developing cryptographic standards and guidelines. The process began in the aftermath of allegations of efforts by the NSA to weaken crypto standards.

Advertisement. Scroll to continue reading.

“As the letter points out,” blogs Kayyali, “in September 2013, ProPublica, the Guardian, and the New York Times revealed that the NSA had systematically ‘circumvented or cracked much of the encryption, or digital scrambling’ that protects the Internet, ‘collaborating with technology companies in the United States and abroad to build entry points into their products’.”

These broken standards, she argues, appear to have had a serious impact of technology companies in the United States.

NIST should establish and facilitate an ongoing dialogue with members of advocacy groups and other experts who represent the interests of the general public and users, according to the letter.

“Civil society organizations bridge the gap between government agents and the public in order to provide important feedback for all parties involved,” the letter notes. “Other branches of NIST have recognized this and have involved civil society in public workshops to explore pressing topics and issues. NIST’s encryption standards impact the daily lives of users around the world on a frequent basis — civil society should be a central part of the conversations.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.