Security Experts:

Privacy Groups Call for NIST to Keep Development of Crypto Standards Independent of NSA Influence

The Electronic Frontier Foundation (EFF) and several privacy and civil liberties groups have joined forces to urge the National Institute of Standards and Technology (NIST) act strongly to keep encryption standards free of backdoors and known vulnerabilities.

In a letter, the EFF, Electronic Privacy Information Center (EPIC) and more than a dozen others pushed for NIST to "publicly and irrefutably commit itself to independence from the NSA’s signals intelligence mission and any government surveillance programs, activities, or authorities."

"It’s looking like we might be on the brink of another crypto war," blogged EFF's Nadia Kayyali. "The first one, in the 90s, was a misguided attempt to limit the public’s access to strong, secure cryptography. And since then, the reasons we need the good security provided by strong crypto have only multiplied. That’s why EFF has joined 20 civil society organizations and companies in sending a letter to the National Institute of Standards and Technology (NIST) to "re-emphasize the importance of creating a process for establishing secure and resilient encryption standards, free from back doors or other known vulnerabilities."

Currently, NIST is in the process of finalizing a document outlining the process for developing cryptographic standards and guidelines. The process began in the aftermath of allegations of efforts by the NSA to weaken crypto standards.

"As the letter points out," blogs Kayyali, "in September 2013, ProPublica, the Guardian, and the New York Times revealed that the NSA had systematically 'circumvented or cracked much of the encryption, or digital scrambling' that protects the Internet, 'collaborating with technology companies in the United States and abroad to build entry points into their products'."

These broken standards, she argues, appear to have had a serious impact of technology companies in the United States.

NIST should establish and facilitate an ongoing dialogue with members of advocacy groups and other experts who represent the interests of the general public and users, according to the letter.

"Civil society organizations bridge the gap between government agents and the public in order to provide important feedback for all parties involved," the letter notes. "Other branches of NIST have recognized this and have involved civil society in public workshops to explore pressing topics and issues. NIST’s encryption standards impact the daily lives of users around the world on a frequent basis — civil society should be a central part of the conversations."

view counter