Cybersecurity

Cryptography experts sign open letter against NSA surveillance

digital key

When President Barack Obama announced future changes to the government’s surveillance programs on Jan. 17, he mentioned nothing about the National Security Agency’s efforts to undermine worldwide encryption standards.

While the president focused most of his efforts on curbing the NSA’s bulk records collections on phone call metadata, a group of more than 50 leading cryptographers believes the NSA’s intentional weakening of Internet security standards is equally important and should be done away with, too.

The cryptographers, including several former federal officials, signed an open letter to the U.S. government Jan. 24 calling for an end to “the subversion of security technology,” referring to revelations from top-secret documents leaked by former NSA contractor Edward Snowden.

Those documents revealed the NSA deliberately weakened international encryption standards adopted and promoted by the National Institute of Standards and Technology, damaging NIST’s reputation and forcing it to publicly recommend against using its own adopted standard. 

“Media reports since last June have revealed that the US government conducts domestic and international surveillance on a massive scale, that it engages in deliberate and covert weakening of Internet security standards, and that it pressures US technology companies to deploy backdoors and other data-collection features. As leading members of the US cryptography and information-security research communities, we deplore these practices and urge that they be changed,” the open letter states.

“The choice is not whether to allow the NSA to spy," the signatories argue in the letter. "The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. ... We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.”

Among the many cryptographers to sign the letter were two former Federal Trade Commission chief technology officers: Steven Bellovin and Ed Felten, now professors at Columbia and Princeton universities, respectively.

The cryptographers are not alone in their concerns about the NSA’s subversion of Internet security standards. In December, the president’s own NSA review panel recommended the NSA be separated from the approval processes NIST uses to adopt encryption standards. Obama has yet to publicly address that recommendation.

About the Author

Frank Konkel is a former staff writer for FCW.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group