UK Cryptographers Call For Publication of Deliberately Weakened Protocols, Products | T... - 0 views
-
A group of cryptographers in the UK has published a letter that calls on authorities in that country and the United States to conduct an investigation to determine which security products, protocols and standards have been deliberately weakened by the countries’ intelligence services. The letter, signed by a number of researchers from the University of Bristol and other universities, said that the NSA and British GCHQ “have been acting against the interests of the public that they are meant to serve.” The appeal comes a couple of weeks after leaked documents from the NSA and its UK counterpart, Government Communications Headquarters, showed that the two agencies have been collaborating on projects that give them the ability to subvert encryption protocols and also have been working with unnamed security vendors to insert backdoors into hardware and software products. Security experts have been debating in recent weeks which products, standards and protocols may have been deliberately weakened, but so far no information has been forthcoming.
-
“By weakening cryptographic standards, in as yet undisclosed ways, and by inserting weaknesses into products which we all rely on to secure critical infrastructure, we believe that the agencies have been acting against the interests of the public that they are meant to serve. We find it shocking that agencies of both the US and UK governments now stand accused of undermining the systems which protect us. By weakening all our security so that they can listen in to the communications of our enemies, they also weaken our security against our potential enemies,” the letter says.
-
Published on Monday, the letter is signed by cryptographers from the University of Bristol, University of London, University of Birmingham, University of Luxembourg, University of Southampton, University of Surrey, University of Kent, Newcastle University and University College London. In it, the researchers call on the relevant authorities to publicly name the products and standards that have been weakened in order to inform users which systems they should avoid. “We call on the relevant parties to reveal what systems have been weakened so that they can be repaired, and to create a proper system of oversight with well-defined public rules that clearly forbid weakening the security of civilian systems and infrastructures. The statutory Intelligence and Security Committee of the House of Commons needs to investigate this issue as a matter of urgency. In the modern information age we all need to have complete trust in the basic infrastructure that we all use,” the letter says.
- ...1 more annotation...
-
In the weeks since the documents detailing the NSA’s cryptographic capabilities emerged, further details about exactly which protocols the agency can attack successfully and which standards it may have influenced have been scarce. NIST, the U.S. agency that develops technical standards for cryptography, among other things, as denied accusations that the NSA was able to weaken some of the NIST standards. However, at the same time, NIST officials have issued a recommendation that people no longer use one of the encryption standards it previously published.