Raising kids is an adventure filled with all sorts of imperfect decisions. A butterfly flapping its wings on your kid's iPad could initiate a cascade of events, leading to his/her eventual life of crime or triumph. Or maybe that butterfly has no effect whatsoever -- how did that unusual insect get into the house, anyway? Common core standards might be crushing young spirits with "new math" -- or just frustrating parents who don't remember how to do long division. Is there an optimal way to parent that leads to a society where every child is above average and no one graduates in the bottom half of the class? Maybe the best path is just to let kids figure it all out themselves. (But probably not.)
Update: While the article in question claimed that Dr. Wertheimer was the Director of Research for the NSA, an email from the NSA alerts us that Wertheimer left the NSA before writing the article.
As you may recall, one of the big Snowden revelations was the fact that the NSA "took control" over a key security standard allowing backdoors to be inserted (or, at least, a weakness that made it easy to crack). It didn't take long for people to realize that the standard in question was Dual_EC_DRBG, or the Dual Elliptic Curve Deterministic Random Bit Generator. It also came out that the NSA had given RSA $10 million to push this compromised random bit generator as the default. That said, as we noted, many had already suspected something was up and had refused to use Dual_EC_DRBG. In fact, all the way back in 2007, there was a widespread discussion about the possibility of the NSA putting a backdoor in Dual_EC_DRBG, which is why so few actually trusted it.
Still, to have the details come out in public was a pretty big deal, so it also seemed like a fairly big deal to see that the Director of Research at the NSA, Dr. Michael Wertheimer (also former Assistant Deputy Director and CTO in the Office of the Director of National Intelligence), had apparently written something of an apology in the latest Notices of the American Mathematical Society. In a piece entitled, "The Mathematics Community and the NSA," Wertheimer sort of apologizes, admitting that mistakes were made. After admitting that concerns were raised by Microsoft researchers in 2007, and again with the Snowden documents (though without saying why they were raised the second time), here's Wertheimer's "apology."
With hindsight, NSA should have ceased supporting the Dual_EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable. The costs to the Defense Department to deploy a new algorithm were not an adequate reason to sustain our support for a questionable algorithm. Indeed, we support NIST’s April 2014 decision to remove the algorithm. Furthermore, we realize that our advocacy for the Dual_EC_DRBG casts suspicion on the broader body of work NSA has done to promote secure standards. Indeed, some colleagues have extrapolated this single action to allege that NSA has a broader agenda to
“undermine Internet encryption.” A fair reading of our track record speaks otherwise. Nevertheless, we understand that NSA must be much more transparent in its standards work and act according to that transparency. That effort can begin with the AMS now.
However, as security researcher/professor Matthew Green quickly shot back, this is a bullshit apology, because he's really only apologizing for not dropping the standard when they got caught red handed back in 2007.
The trouble is that on closer examination, the letter doesn't express regret for the inclusion of Dual EC DRBG in national standards. The transgression Dr. Wertheimer identifies is simply the fact that NSA continued to support the algorithm after major questions were raised. That's bizarre.
Green also takes on Wertheimer's weak attempt to still defend pushing the compromised Dual_EC_DRBG as ridiculous. Here were Wertheimer's arguments for why it was still okay:
The Dual_EC_DRBG was one of four
random number generators in the NIST
standard; it is neither required nor the
The NSA-generated elliptic curve
points were necessary for accreditation
of the Dual_EC_DRBG but only had to
be implemented for actual use in certain DoD applications.
The trapdoor concerns were openly
studied by ANSI X9F1, NIST, and by the
public in 2007.
But, again, those don't make much sense and actually make Wertheimer's non-apology that much worse. As Green notes, even though there were other random number generators, the now infamous RSA deal did lead some to use it since it was the "default" in a popular software library and because NIST had declared the standard safe, meaning that people trusted it. Green also goes into great detail describing how the second point is also incredibly misleading. It's worth reading his full explanation, but the short version is that despite some people fearing the NSA's plan would have a backdoor, the details and the possible "alternatives" to avoid that were completely hidden away and more or less dropped.
And that final point, well... really? Again, that's basically saying, "Well, people thought we might have put in a backdoor, but couldn't prove it, but there, you guys had your chance to debate it." Nevermind the fact that there actually was a backdoor and it wasn't confirmed until years later. And, as Green notes, many of the concerns were actually raised earlier and swept under the rug. Also, the standard was pushed and adopted by RSA as a default long before some of these concerns were raised as well.
This might all be academic, but keep this in mind: we now know that RSA Security began using the Dual EC DRBG random number generator in BSAFE -- as the default, I remind you -- in 2004. That's three years during which concerns were not openly studied by the public.
To state that the trapdoor concerns were 'openly' studied in 2007 is absolutely true. It's just completely irrelevant.
In other words, this isn't an apology. It's an apology that the NSA got caught (and didn't stop pushing things the first time it got caught), and then a weak defense of why they still went ahead with a compromised offering.
Wertheimer complains that this one instance has resulted in distrust from the mathematics and cryptography community. If so, his weak response isn't going to help very much.
Given Netflix's rather vocal opposition to usage caps and support of Title II (pdf), the company is unsurprisingly public enemy number one for many major broadband and TV companies (and their various PR, lobbying and policy folk) at the moment. There's a pretty apparent attempt on some fronts to paint Netflix as the villain in the recent interconnection feuds, in which Netflix (and companies like Level 3 and Cogent) insist incumbent ISPs are intentionally letting interconnection points degrade to extract new fees from content and service companies.
This week, Netflix's supposed villainy was highlighted by FCC Commissioner Ajit Pai, who penned a letter (pdf) to the company complaining that Netflix had abandoned its net neutrality principles and had been hypocritically encouraging the creation of Internet "fast lanes":
"Netflix has been one of the principal advocates for subjecting Internet service providers (ISPs) to public utility regulation under Title II of the Communications Act, arguing that this step is necessary to prevent the development of so-called "fast lanes" on the Internet. "The basic argument," you have said, “is that we're big believers in the free and open Internet." For this reason, I was surprised to learn of allegations that Netflix has been working to effectively secure "fast lanes" for its own content on ISPs' networks at the expense of its competitors.
What is Pai's evidence that the company is being a hypocrite on neutrality? Exhibit A appears to be Netflix's refusal to join a new coalition called the Streaming Video Alliance, whose founding members include two of the biggest players in the cable and broadband industry: Comcast and Charter Communications. One of the group's other founding members is Frost and Sullivan analyst Dan Rayburn, who has spent much of the last year telling anyone who'll listen that incumbent ISPs with thirty years of anti-competitive behavior are just misunderstood, and it's Netflix that's to blame for most of the modern era's Internet video problems.
That Netflix didn't feel the overwhelming need to join this coalition of BFFs isn't particularly surprising.
Pai's other example of Netflix's fast lane hypocrisy appears to be simply the fact that Netflix runs its own content delivery network, Netflix Open Connect. Open Connect is a free-to-join CDN that involves ISPs hosting Netflix caching hardware on their network, something that reduces Netflix's costs, but also reduces overall ISP traffic load, improving video delivery efficiency all around. To hear Pai tell it however, Netflix's CDN is a big, bad bogeyman:
"Some have suggested that Netflix has taken these actions because the company is currently installing its own proprietary caching appliances throughout ISPs' networks as part of its Open Connect program. If ISPs were to install open caching appliances throughout their networks, all video content providers—including Netflix—could compete on a level playing field. If, however, ISPs were to install Netflix's proprietary caching appliance instead, Netflix's videos would run the equivalent of a 100-yard dash while its competitors' videos would have to run a marathon."
You might recall that AT&T, Verizon and Comcast refused to participate in Netflix's CDN, instead forcing Netflix to pay them new interconnection fees to keep streaming performance from foundering. Meanwhile, Netflix makes the company's peering locations, guidelines, hardware design and the open source software components largely open to inspection, so while you can't go build Netflix CDN hardware yourself, we're not exactly talking about state secrets. It's also worth noting that small and mid-sized ISPs (usually with much better track records on consumer issues than their larger brethren and no TV revenues to protect) have wholeheartedly supported Netflix's efforts. Dane Jasper, CEO of Sonic.net, for example called Netflix's Open Connect "brilliant." George Mitsopoulos, COO of independent ISP Ikanos/DSLExtreme, also similarly notes that Open Connect is of great benefit to ISPs.
None of this is to say Netflix is a saint. Everyone is running blindly toward the Internet video cash trough, and all of them want everyone using their preferred solutions, with meaningful transparency an ongoing problem. To be sure, Netflix's ISP rankings system is also a bit of a ham-handed attempt to name and shame ISPs that don't use its CDN (Open Connect partners unsurprisingly seeing better positioning), and the company's initial decision to restrict higher-quality "Super HD" streams to just these partners was thankfully reversed. That said, at some point you have to ask yourself based on history and experience: which do you trust more on consumer issues: Comcast or Netflix?
You also have to wonder why an FCC Commissioner that has no problems with rampant media consolidation, net neutrality violations or the lack of broadband competition is just so very concerned about such a curiously specific issue. Of all the pressing consumer issues facing the telecom and TV market (usage caps, neutrality, lack of competition, sneaky fees, cramming, etc.) Pai's greatest concern is Netflix's free, entirely voluntary content delivery network? If one didn't know any better, one might get the impression that the legacy TV industry and its loyal politicians and pundits are putting on a political dog and pony show to punish Netflix for standing up to companies with thirty years of anti-competitive behavior under their belts.
Public.Resource.Org, a non-profit that works on spreading knowledge on the Internet for the benefit of the general public, along with a few other concerned folks have petitioned the [Indian] Government to make the currently pay-walled "Indian Standards" available and accessible to the general public for free. As the petition points out, since these Standards govern the safety and reliability of several thousands of day to day products & processes, there are several unnecessary negative cascading effects that the current financial barrier to accessing them creates. As these Standards also serve as edicts of the Government, the petition submits that as is the case with legislation, the general public also has a right to be able to view these Standards. Aside from this, giving the general public access to these Standards would also be in line with the work of the Government's work on maintaining and improving these Standards. It is hoped that the Ministry revisits its Copyright policy which currently disallows the free promulgation of these Standards.
That comes from Swaraj Paul Barooah, on the excellent Spicy IP site. He's also one of the petitioners, and the rest of his post is an interesting discussion of the reasons why public standards should be freely available. It also explains why the petition has become necessary:
In June, 2013, Carl Malamud, on behalf of Public.Resource.Org procured a complete set of Indian Standards from BIS [the Bureau of Indian Standards] and not only made them available online for public non-commercial use, but also took great pains to retype and process many of the standards to make them more useful to people -- including redrawing 202 diagrams in in SVG vector format to allow for them to be resized and cut and pasted into documents by users, retyping and reformatting the entire National Building Code of India (as well as over 700 other Standards) into valid XHTML code so that it works in modern browsers and mobile platforms etc.
However, when he applied for a renewal in 2014, he received a reply stating that his efforts were against the copyright policy of BIS and was requested to remove all documents relating to the standards from his website, failing which legal action would be taken against him for violation of their copyright.
That, of course, is a story with which Malamud is all-toofamiliar. Luckily, that means he has plenty of experience in overcoming whatever objections the authorities have to allowing the public to read key documents without having to pay for them. Let's hope he and his fellow petitioners are successful -- not just for India's sake, but also as an example for many more countries around the world to follow.
While the details aren't entirely clear yet, there are reports that the company is likely to "open up" or "give away" some of its patents on its Supercharger system in an effort to create a standard that other electric car makers can use. Elon Musk has been hinting at doing something "fairly controversial" with the company's patents for a little while now. The really tragic thing is that this should not be controversial. Anyone who's studied the history of innovation knows how badly patents get in the way of standardization. There often is long and involved fights over how patents fit into standards, with debates about fees and "RAND" pricing. Fights break out over whose patents get included, and then giant bureaucracies spring up around who gets to manage various patent pools, and how money gets distributed. And all of it slows down the actual innovation process.
And this is a problem.
Hopefully, the rumors are accurate, and Tesla really is freeing up its patents, because Musk has always been a more visionary sort. He must realize that the business is selling the cars, and any advance that makes the cars themselves more useful makes them more valuable, and widespread infrastructure that helps his cars and which he doesn't have to pay for is only a good thing in the long run. For too long, the "typical" business wisdom from those who are too focused on permission-driven innovation is that you have to lock up everything. But toll booths create friction and slow down the opportunities for real innovation. It would be great to see Musk do "something controversial" like this, even if it's ridiculously depressing that this idea is considered even remotely controversial.
Monetizing each step of the process, even if it limits the overall market is what should be seen as controversial -- rather than sharing knowledge and encouraging others to build upon a shared standard that increases opportunities for the entire market.
Other entities, like air conditioning contractors and sheet metal manufacturers, have also gone to court to defend their "right" to keep rules and regulations that impact millions of Americans safely locked up behind high-priced paywalls. Malamud's response has been to point out that a) state laws shouldn't be locked up, even the annotated versions stocked by LexisNexis, and b) federally mandated standards that apply to contractors shouldn't be either, even if those creating the documents are commercial enterprises. In the latter case, federal mandates make these documents of public interest, seeing as they apply to millions of Americans, even if somewhat more indirectly.
Now, Malamud is being sued by the three organizations (two of which are all nonprofits) behind the "Standards for Educational and Psychological Testing." Here's what these standards are designed to do, according to the filing.
The Standards are designed to apply to professional test developers, sponsors, publishers, and users by providing criteria for the evaluation of tests, testing practices, and the effects of test use. The Standards have been used to develop testing guidelines for such activities as college admissions, personnel selection, test translations, test user qualifications, and computer-based testing.
In running down the facts of the case, the plaintiffs point to the lengthy process of maintaining and improving these standards, as well as income it generates at $40-50 a copy. (The lawsuit claims $35-40 for a price range, but the American Psychological Association's [one of the plaintiffs] own site sells it for $49.95.) These assertions are both likely true, but it doesn't change one of the most integral, underlying facts.
The Standards were not created in response to an expressed governmental or regulatory need, nor were they prepared in response to any legislative action or judicial decision. However, the Standards have been cited in judicial decisions related to the proper use and evidence for assessment, as well as by state and federal legislators.
This is the plaintiffs arguing that, unlike many other documents posted at Public Resource, this one isn't related to, and hasn't been adopted by the US government or any smaller state entity. The wording here seems to limit the plaintiffs' "exposure" to citations only. The plaintiffs do admit that government bodies have incorporated (although this word isn't used specifically) the standards, but surround it with verbiage that makes it sound as involuntary as possible.This is an attempt to head off Malamud's normal defense of his actions -- that government regulations, ones that potentially affect millions of people, shouldn't be withheld from the public.
Similar sentences are interspersed throughout the filing in the hopes of further separating the plaintiffs from previous entities that have sued Malamud.
There is no mechanism to enforce compliance with the Standards on the part of the test developer or test user…
None of the Plaintiff organizations has solicited any government agency to incorporate the Standards into the Code of Federal Regulations or other rules of Federal or State agencies…
§ 668.148 Additional criteria for the approval of certain tests.
(a) In addition to satisfying the criteria in § 668.146, to be approved by the Secretary, a test must meet the following criteria, if applicable:
(1) In the case of a test developed for a non-native speaker of English who is enrolled in a program that is taught in his or her native language, the test must be
(iv) Developed in accordance with guidelines provided in the 1999 edition of the “Testing Individuals of Diverse Linguistic Backgrounds” section of the Standards for Educational and Psychological Testing prepared by a joint committee of the American Educational Research Association, the American Psychological Association, and the National Council on Measurement in Education incorporated by reference in this section. Incorporation by reference of this document has been approved by the Director of the Office of the Federal Register pursuant to the Director's authority under 5 U.S.C. 552(a) and 1 CFR part 51.
(2) In the case of a test that is modified for use for individuals with disabilities, the test publisher or State must—
(i) Follow guidelines provided in the “Testing Individuals with Disabilities” section of the Standards for Educational and Psychological Testing; and
(3) In the case of a computer-based test, the test publisher or State, as applicable, must—
(i) Provide documentation to the Secretary that the test complies with the basic principles of test construction and standards of reliability and validity as promulgated in the Standards for Educational and Psychological Testing…
So, the Standards are very much a part of federal law. And yet the plaintiffs argue that because it had no active part in the government's decision to incorporate their standards, it should still be able to paywall documents that are used by the US government to determine the suitability of tests.
Locking up something that is part of federal regulations doesn't make sense, even if the regulations wording helpfully includes a (very indirect) link to AERA's cash register. That these organizations didn't approach the government and lobby for inclusion of the standards hardly matters. The standards have been adopted by the Department of Education, which makes them of public interest, rather than solely the property of the rights holders.
The lawsuit also makes this puzzling claim.
In front of the unauthorized copy of the 1999 Standards that Defendant published to its https://law.resource.org/pub/us/cfr/ibr/001/aera.standards.1999.pdf website, Defendant placed a cover sheet or “Certificate,” falsely implying that the publication of Plaintiffs’ Standards to Defendants’ website was somehow authorized or sanctioned by U.S. law.
The added cover sheet simply points to the law governing public records and public records requests, while somewhat dramatically stating that the document below has been "incorporated by reference" into federal law, therefore making it "legally binding." The problem with this claim is that the above federal regulation points to the same part of the US Code that Public Resource's "cover sheet" does.
Incorporation by reference of this document has been approved by the Director of the Office of the Federal Register pursuant to the Director's authority under 5 U.S.C. 552(a) and 1 CFR part 51.
The public records law states that the government must make available any outside document that it incorporates into federal standards. The US holds up its end of the bargain (but not even barely) with this:
The incorporated document is on file at the Department of Education, Federal Student Aid, room 113E2, 830 First Street, NE., Washington, DC 20002, phone (202) 377-4026, and at the National Archives and Records Administration (NARA)... The document also may be obtained from the American Educational Research Association at: http://www.aera.net…
Once again, the public is left out in the cold. If you don't happen to live in the DC area or don't have the $36-50 AERA is asking, then the document incorporated into federal law may as well not exist. But it does, and Public Resource is making it available. (So is the Internet Archive.)
Through no fault of their own (at least according to the filing), the plaintiffs have had their standards placed into the public domain by the US government in what has to be one of the most oblique instances of asset forfeiture. But that doesn't change the fact that the incorporation of the standards put them under the jurisdiction of public records laws, something they'll likely find themselves arguing against once Malamud responds.
Even as major NSA reform appears to have become a cruel joke, there are still some small wins happening elsewhere. As noted by Access, the House Science and Technology Committee adopted an amendment to the FIRST Act (Frontiers in Innovation, Research, Science, and Technology -- which is supposed to be about increasing funding in science and technology) that says the National Institute for Standards and Technology (NIST) no longer has to consult with the NSA on encryption standards.
As you may recall, the NSA secretly took over an encryption standard, purposely weakened it, paid RSA to make it a "default" in one of its products and basically weakened everyone's security. NIST has been dealing with the consequences ever since.
The Amendment, authored by Rep. Alan Grayson, would mean that NIST can skip dealing with the NSA altogether. As Grayson noted in a statement:
These are serious allegations. NIST, which falls solely under the jurisdiction of the Science, Space, and Technology Committee, has been given "the mission of developing standards, guidelines, and associated methods and techniques for information systems". To violate that charge in a manner that would deliberately lessen encryption standards, and willfully diminish American citizens' and business' cyber-security, is appalling and warrants a stern response by this Committee. Many businesses, from Facebook to Google, have lamented the NSA's actions in the cyber world; and some, such as Lavabit, have consciously decided to shut their doors rather than continue to comply with the wishes of the NSA. Changes need to be made at NIST to protect its work in the encryption arena.
On Friday, a very big story broke on Reuters, saying that the NSA had paid RSA $10 million in order to promote Dual EC DRBG encryption as the default in its BSAFE product. It had been suspected for a few years, and more or less confirmed earlier this year, that the NSA had effectively taken over the standards process for this standard, allowing it to hide a weakness, making it significantly easier for the NSA to crack any encrypted content using it.
As plenty of people noted, the news that RSA took $10 million to promote a compromised crypto standard pretty much destroys RSA's credibility. The company, now owned by EMC, has now put out a statement in response to all of this, which some claim is the RSA denying the story. In fact, RSA itself states: "we categorically deny this allegation." But, as you read the details, that doesn't appear to be the case at all. They more or less say that they don't reveal details of contracts, so won't confirm or deny any particular contract, and that while they did promote Dual EC DRBG, and knew that the NSA was involved, they never knew that it was compromised.
In short: yes, RSA did exactly what the Reuters article claimed, but its best defense is that it didn't know that Dual EC DRBG was compromised, so they didn't take money to weaken crypto... on purpose. Even if that's what happened.
We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.
Right, but that raises questions of why RSA trusted NSA to be a good player here, rather than trying to insert compromises or backdoors into key standards.
This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs.
Yes, but it was the default. And, as everyone knows, a very large percentage of folks just use the default.
We continued using the algorithm as an option within BSAFE toolkits as it gained acceptance as a NIST standard and because of its value in FIPS compliance. When concern surfaced around the algorithm in 2007, we continued to rely upon NIST as the arbiter of that discussion.
Again, this doesn't make RSA look good. As has now become clear, the NSA had basically sneakily taken over the whole standardization process. RSA more or less trusting NIST without looking into the matter themselves raises questions. Especially if there was a $10 million contract that incentivized them not to dig too deeply. RSA promoted this standard as the default in BSAFE. You would hope that a company with the stature in the space like RSA would be more careful than just to rely on someone else's say so that a particular standard is secure.
RSA claiming it didn't know the standard the NSA paid them $10 million to make default was suspect is hardly convincing. Why else would the NSA suddenly pay them $10 million to promote that standard? Furthermore, it appears that news of this $10 million contract was known a bit more widely. Chris Soghoian points to an email from cypherpunk Lucky Green, from back in September, to a cryptography mailing list in which he more or less reveals the same info that Reuters reported on Friday, though without naming the company.
According to published reports that I saw, NSA/DoD pays $250M (per
year?) to backdoor cryptographic implementations. I have knowledge of
only one such effort. That effort involved DoD/NSA paying $10M to a
leading cryptographic library provider to both implement and set as
the default the obviously backdoored Dual_EC_DRBG as the default RNG.
This was $10M wasted. While this vendor may have had a dominating
position in the market place before certain patents expired, by the
time DoD/NSA paid the $10M, few customers used that vendor's
While this describes the right amount, if the NSA is really spending $250 million, it's certainly possible that it has quite a few other $10 million contracts out there to promote or avoid certain other encryption standards depending on what it desires. Hopefully, some reporters are currently reaching out to all the companies on this list to see if they've got any contracts with the NSA concerning Dual EC DRBG.
Companies taking money from NSA, but claiming that they didn't realize the encryption the contract pushed them to promote was compromised, aren't going to find a very sympathetic audience outside of the NSA. The RSA's "categorical denial" here misses the point. It certainly doesn't suggest that the Reuters story was wrong -- just that the RSA was so blinded by a mere $10 million that it didn't bother to make sure the standard wasn't compromised.
The review, announced late Friday afternoon by the National Institute for Standards and Technology, will also include an assessment of how the institute creates encryption standards.
The institute sets national standards for everything from laboratory safety to high-precision timekeeping. NIST's cryptographic standards are used by software developers around the world to protect confidential data. They are crucial ingredients for privacy on the Internet, and are designed to keep Internet users safe from being eavesdropped on when they make purchases online, pay bills or visit secure websites.
But as the investigation by ProPublica, The Guardian and The New York Times in September revealed, the National Security Agency spends $250 million a year on a project called "SIGINT Enabling" to secretly undermine encryption. One of the key goals, documents said, was to use the agency's influence to weaken the encryption standards that NIST and other standards bodies publish.
"Trust is crucial to the adoption of strong cryptographic algorithms," the institute said in a statement on their website. "We will be reviewing our existing body of cryptographic work, looking at both our documented process and the specific procedures used to develop each of these standards and guidelines."
The NSA is no stranger to NIST's standards-development process. Under current law, the institute is required to consult with the NSA when drafting standards. NIST also relies on the NSA for help with public standards because the institute doesn't have as many cryptographers as the agency, which is reported to be the largest employer of mathematicians in the country.
"Unlike NSA, NIST doesn't have a huge cryptography staff," said Thomas Ptacek, the founder of Matasano Security, "NIST is not the direct author of many of most of its important standards."
Matthew Scholl, the deputy chief at the Computer Security Division of the institute, echoed that statement, "As NIST Director Pat Gallagher has said in several public settings, NIST is designed to collaborate and the NSA has some of the world's best minds in cryptography." He continued, "We also have parallel missions to protect federal IT systems, so we will continue to work with the NSA."
Some of these standards are products of public competitions among academic cryptography researchers, while others are the result of NSA recommendations. An important standard, known as SHA2, was designed by the NSA and is still trusted by independent cryptographers and software developers worldwide.
NIST withdrew one cryptographic standard, called Dual EC DRGB, after documents provided to news organizations by the former intelligence contractor Edward Snowden raised the possibility that the standard had been covertly weakened by the NSA.
Soon after, a leading cryptography company, RSA, told software writers to stop using the algorithm in a product it sells. The company promised to remove the algorithm in future releases.
Many cryptographers have expressed doubt about NIST standards since the initial revelations were published. One popular encryption library changed its webpage to boast that it did not include NIST-standard cryptography. Silent Circle, a company that makes encryption apps for smartphones, promised to replace the encryption routines in its products with algorithms not published by NIST.
If the NIST review prompts significant changes to existing encryption standards, consumers will not see the benefit immediately. "If the recommendations change, lots of code will need to change," said Tanja Lange, a cryptographer at the University of Technology at Eindhoven, in the Netherlands. "I think that implementers will embrace such a new challenge, but I can also imagine that vendors will be reluctant to invest the extra time."
In Friday's announcement, NIST pointed to its long history of creating standards, including the role it had in creating the first national encryption standard in the 1970s — the Data Encryption Standard, known as DES. "NIST has a proud history in open cryptographic standards, beginning in the 1970s with the Data Encryption Standard," the bulletin said. But even that early standard was influenced by the NSA.
During the development of DES, the agency insisted that the algorithm use weaker keys than originally intended — keys more susceptible to being broken by super computers. At the time, Whitfield Diffie, a digital cryptography pioneer, raised serious concerns about the keys. "The standard will have to be replaced in as few as five years," he wrote.
The weakened keys in the standard were not changed. DES was formally withdrawn by the institute in 2005.
The announcement is the latest effort by NIST to restore the confidence of cryptographers. A representative from NIST announced in a public mailing list, also on Friday, that the institute would restore the original version of a new encryption standard, known as SHA3, that had won a recent design competition but altered by the institute after the competition ended. Cryptographers charged that NIST's changes to the algorithm had weakened it.
The SHA3 announcement referred directly to cryptographers' concerns. "We were and are comfortable with that version on technical grounds, but the feedback we've gotten indicates that a lot of the crypto community is not comfortable with it," wrote John Kelsey, NIST's representative. There is no evidence the NSA was involved in the decision to change the algorithm.
The reversal took Matthew Green, a cryptographer at Johns Hopkins University, by surprise. "NIST backed down! I'm not sure they would have done that a year ago," he said.
from the that's-not-going-to-calm-anyone-down dept
One of the key revelations from last week, of course, was the fact that the NSA surreptitiously took over the standards making process on certain encryption standards. Here was the key revelation:
Independent security experts have long suspected that the NSA has been introducing weaknesses into security standards, a fact confirmed for the first time by another secret document. It shows the agency worked covertly to get its own version of a draft security standard issued by the US National Institute of Standards and Technology approved for worldwide use in 2006.
"Eventually, NSA became the sole editor," the document states.
It took NIST a few days to figure out a response to this, but it's now been posted, and it says... basically nothing at all. Let's go through it piece by piece.
Recent news reports have questioned the cryptographic standards development process at NIST. We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place.
Um, except that as the leaks revealed, that's not actually true. The NSA was the "sole editor" of the standard. So claiming that the standards are rigorously vetted is simply false. Furthermore, as John Gilmore recently revealed, concerning IPSec, the NSA made sure that the standards were so complicated that no one could actually vet the security.
NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large.
That's not a response to the charges at all.
NIST has a long history of extensive collaboration with the world’s cryptography experts to support robust encryption. The National Security Agency (NSA) participates in the NIST cryptography development process because of its recognized expertise. NIST is also required by statute to consult with the NSA.
In other words, yes, the NSA is involved -- which was not a secret. But what was a secret, and what NIST does not even begin to address, is the idea that the NSA took control of the standard and became its "sole editor."
Recognizing community concern regarding some specific standards, we reopened the public comment period for Special Publication 800-90A and draft Special Publications 800-90B and 800-90C to give the public a second opportunity to view and comment on the standards.
Again, that does little to address the specific questions raised. If the standards are designed by the NSA in a manner that makes the security aspect inscrutable to even the most experienced cryptographers without simplifying the standard, then that's not doing any good.
If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible.
Yes, but the "cryptographic community" seems to include the NSA... sometimes in key positions.
Basically this is a total non-response to the revelations from last week. It's just NIST saying "yes, we work with the NSA, but you have nothing to fear" without giving any basis to support the end of that claim.