The Electronic Frontier Foundation (EFF) and several privacy and civil liberties groups have joined forces to urge the National Institute of Standards and Technology (NIST) act strongly to keep encryption standards free of backdoors and known vulnerabilities.
In a letter, the EFF, Electronic Privacy Information Center (EPIC) and more than a dozen others pushed for NIST to “publicly and irrefutably commit itself to independence from the NSA’s signals intelligence mission and any government surveillance programs, activities, or authorities.”
“It’s looking like we might be on the brink of another crypto war,” blogged EFF’s Nadia Kayyali. “The first one, in the 90s, was a misguided attempt to limit the public’s access to strong, secure cryptography. And since then, the reasons we need the good security provided by strong crypto have only multiplied. That’s why EFF has joined 20 civil society organizations and companies in sending a letter to the National Institute of Standards and Technology (NIST) to “re-emphasize the importance of creating a process for establishing secure and resilient encryption standards, free from back doors or other known vulnerabilities.”
Currently, NIST is in the process of finalizing a document outlining the process for developing cryptographic standards and guidelines. The process began in the aftermath of allegations of efforts by the NSA to weaken crypto standards.
“As the letter points out,” blogs Kayyali, “in September 2013, ProPublica, the Guardian, and the New York Times revealed that the NSA had systematically ‘circumvented or cracked much of the encryption, or digital scrambling’ that protects the Internet, ‘collaborating with technology companies in the United States and abroad to build entry points into their products’.”
These broken standards, she argues, appear to have had a serious impact of technology companies in the United States.
NIST should establish and facilitate an ongoing dialogue with members of advocacy groups and other experts who represent the interests of the general public and users, according to the letter.
“Civil society organizations bridge the gap between government agents and the public in order to provide important feedback for all parties involved,” the letter notes. “Other branches of NIST have recognized this and have involved civil society in public workshops to explore pressing topics and issues. NIST’s encryption standards impact the daily lives of users around the world on a frequent basis — civil society should be a central part of the conversations.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- KeePass Update Patches Vulnerability Exposing Master Password
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Zoom Expands Privacy Options for European Customers
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Apple Unveils Upcoming Privacy and Security Features
