Cybersecurity

Cryptography experts sign open letter against NSA surveillance

When President Barack Obama announced future changes to the government’s surveillance programs on Jan. 17, he mentioned nothing about the National Security Agency’s efforts to undermine worldwide encryption standards.

While the president focused most of his efforts on curbing the NSA’s bulk records collections on phone call metadata, a group of more than 50 leading cryptographers believes the NSA’s intentional weakening of Internet security standards is equally important and should be done away with, too.

The cryptographers, including several former federal officials, signed an open letter to the U.S. government Jan. 24 calling for an end to “the subversion of security technology,” referring to revelations from top-secret documents leaked by former NSA contractor Edward Snowden.

Those documents revealed the NSA deliberately weakened international encryption standards adopted and promoted by the National Institute of Standards and Technology, damaging NIST’s reputation and forcing it to publicly recommend against using its own adopted standard.

“Media reports since last June have revealed that the US government conducts domestic and international surveillance on a massive scale, that it engages in deliberate and covert weakening of Internet security standards, and that it pressures US technology companies to deploy backdoors and other data-collection features. As leading members of the US cryptography and information-security research communities, we deplore these practices and urge that they be changed,” the open letter states.

“The choice is not whether to allow the NSA to spy," the signatories argue in the letter. "The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. ... We urge the US government to reject society-wide surveillance and the subversion of security technology, to adopt state-of-the-art, privacy-preserving technology, and to ensure that new policies, guided by enunciated principles, support human rights, trustworthy commerce, and technical innovation.”

Among the many cryptographers to sign the letter were two former Federal Trade Commission chief technology officers: Steven Bellovin and Ed Felten, now professors at Columbia and Princeton universities, respectively.

The cryptographers are not alone in their concerns about the NSA’s subversion of Internet security standards. In December, the president’s own NSA review panel recommended the NSA be separated from the approval processes NIST uses to adopt encryption standards. Obama has yet to publicly address that recommendation.