Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Privacy Groups Call for NIST to Keep Development of Crypto Standards Independent of NSA Influence

The Electronic Frontier Foundation (EFF) and several privacy and civil liberties groups have joined forces to urge the National Institute of Standards and Technology (NIST) act strongly to keep encryption standards free of backdoors and known vulnerabilities.

The Electronic Frontier Foundation (EFF) and several privacy and civil liberties groups have joined forces to urge the National Institute of Standards and Technology (NIST) act strongly to keep encryption standards free of backdoors and known vulnerabilities.

In a letter, the EFF, Electronic Privacy Information Center (EPIC) and more than a dozen others pushed for NIST to “publicly and irrefutably commit itself to independence from the NSA’s signals intelligence mission and any government surveillance programs, activities, or authorities.”

“It’s looking like we might be on the brink of another crypto war,” blogged EFF’s Nadia Kayyali. “The first one, in the 90s, was a misguided attempt to limit the public’s access to strong, secure cryptography. And since then, the reasons we need the good security provided by strong crypto have only multiplied. That’s why EFF has joined 20 civil society organizations and companies in sending a letter to the National Institute of Standards and Technology (NIST) to “re-emphasize the importance of creating a process for establishing secure and resilient encryption standards, free from back doors or other known vulnerabilities.”

Currently, NIST is in the process of finalizing a document outlining the process for developing cryptographic standards and guidelines. The process began in the aftermath of allegations of efforts by the NSA to weaken crypto standards.

Advertisement. Scroll to continue reading.

“As the letter points out,” blogs Kayyali, “in September 2013, ProPublica, the Guardian, and the New York Times revealed that the NSA had systematically ‘circumvented or cracked much of the encryption, or digital scrambling’ that protects the Internet, ‘collaborating with technology companies in the United States and abroad to build entry points into their products’.”

These broken standards, she argues, appear to have had a serious impact of technology companies in the United States.

NIST should establish and facilitate an ongoing dialogue with members of advocacy groups and other experts who represent the interests of the general public and users, according to the letter.

“Civil society organizations bridge the gap between government agents and the public in order to provide important feedback for all parties involved,” the letter notes. “Other branches of NIST have recognized this and have involved civil society in public workshops to explore pressing topics and issues. NIST’s encryption standards impact the daily lives of users around the world on a frequent basis — civil society should be a central part of the conversations.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

SpecterOps has appointed Tim Bender as CFO, Pat Sheridan as CRO, and Bryce Hein as CMO.

CISA has officially announced the appointment of Madhu Gottumukkala as its new deputy director.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.