Cryptographers Attack NSA's Secret Effort to Subvert Internet Security

The Citizen's Guide to the Future
Sept. 16 2013 4:53 PM

Cryptographers Attack NSA's Secret Effort to Subvert Internet Security

96263974
The National Security Agency headquarters at Fort Meade, Md.

Photo by SAUL LOEB/AFP/Getty Images

Cryptographers are fighting back against efforts by spy agencies to secretly weaken the encryption standards designed to keep the Internet secure.

Ryan Gallagher Ryan Gallagher

Ryan Gallagher is a journalist who reports on surveillance, security, and civil liberties.

In an open letter posted online Monday, security experts from universities in the United Kingdom and Luxemburg blasted the National Security Agency and its British counterpart GCHQ for what they describe as the “systematic undermining of cryptographic solutions and standards.” The letter was written in response to a jointly reported scoop by the New York Times, ProPublica, and the Guardian that revealed earlier this month how the NSA and GCHQ were working to break and in some cases covertly subvert common forms of encryption. In at least one case, for instance, the NSA apparently planted vulnerabilities in an encryption standard adopted by the National Institute of Standards and Technology, the federal agency responsible for recommending cybersecurity standards, presumably so that it could exploit it for spying.

The academics’ strongly worded letter demands that the U.K. Parliament’s intelligence and security committee—which is tasked with conducting oversight of the country’s spy agencies—open an urgent investigation into the encryption subversion. They write:

By weakening cryptographic standards, in as yet undisclosed ways, and by inserting weaknesses into products which we all rely on to secure critical infrastructure, we believe that the agencies have been acting against the interests of the public that they are meant to serve. We find it shocking that agencies of both the U.S. and U.K. governments now stand accused of undermining the systems which protect us. By weakening all our security so that they can listen in to the communications of our enemies, they also weaken our security against our potential enemies. 
Advertisement

In United States, too, there is also mounting anger over the spy agencies’ covert attempts to break encryption. The NSA’s clandestine conduct appears to be causing tension between government agencies, with the National Institute of Standards and Technology last week distancing itself from the NSA. NIST put out a statement that included a footnote recommending that people steer clear of an encryption standard reportedly targeted by the NSA, and it attempted to reassure people that it “would not deliberately weaken a cryptographic standard.” Johns Hopkins University cryptography researcher Matthew Green told the New York Times that he knew “from firsthand communications that a number of people at NIST feel betrayed by their colleagues at the NSA.”

Spy agencies have historically devoted significant resources to analyzing and attempting to break forms of encryption so that they can read secret messages passed between countries. In June, leaked documents from former NSA contractor Edward Snowden showed how the agency had been granted authority to intercept and indefinitely store any encrypted communications for “cryptanalytic, traffic analysis, or signal exploitation purposes.” However, deliberately attempting to weaken encryption standards before they are used is a particularly controversial tactic because there is no guarantee that adversarial countries or criminal hackers could not also find and exploit these vulnerabilities.

On the flipside, it’s not all bad news. The revelation that the NSA and GCHQ have had to resort in some cases to sabotage and circumvention of encryption illustrate that uncompromised encryption tools still have a crucial role to play in helping thwart mass surveillance. As Snowden said during a June Q&A session: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”

Future Tense is a partnership of SlateNew America, and Arizona State University.

TODAY IN SLATE

Politics

Meet the New Bosses

How the Republicans would run the Senate.

The Government Is Giving Millions of Dollars in Electric-Car Subsidies to the Wrong Drivers

Scotland Is Just the Beginning. Expect More Political Earthquakes in Europe.

Cheez-Its. Ritz. Triscuits.

Why all cracker names sound alike.

Friends Was the Last Purely Pleasurable Sitcom

The Eye

This Whimsical Driverless Car Imagines Transportation in 2059

Medical Examiner

Did America Get Fat by Drinking Diet Soda?  

A high-profile study points the finger at artificial sweeteners.

The Afghan Town With a Legitimately Good Tourism Pitch

A Futurama Writer on How the Vietnam War Shaped the Series

  News & Politics
Photography
Sept. 21 2014 11:34 PM People’s Climate March in Photos Hundreds of thousands of marchers took to the streets of NYC in the largest climate rally in history.
  Business
Business Insider
Sept. 20 2014 6:30 AM The Man Making Bill Gates Richer
  Life
Quora
Sept. 20 2014 7:27 AM How Do Plants Grow Aboard the International Space Station?
  Double X
The XX Factor
Sept. 19 2014 4:58 PM Steubenville Gets the Lifetime Treatment (And a Cheerleader Erupts Into Flames)
  Slate Plus
Tv Club
Sept. 21 2014 1:15 PM The Slate Doctor Who Podcast: Episode 5  A spoiler-filled discussion of "Time Heist."
  Arts
Television
Sept. 21 2014 9:00 PM Attractive People Being Funny While Doing Amusing and Sometimes Romantic Things Don’t dismiss it. Friends was a truly great show.
  Technology
Future Tense
Sept. 21 2014 11:38 PM “Welcome to the War of Tomorrow” How Futurama’s writers depicted asymmetrical warfare.
  Health & Science
Bad Astronomy
Sept. 22 2014 5:30 AM MAVEN Arrives at Mars
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.